| <html devsite> |
| <head> |
| <title>Fuzzing and sanitizers</title> |
| <meta name="project_path" value="/_project.yaml" /> |
| <meta name="book_path" value="/_book.yaml" /> |
| </head> |
| <body> |
| <!-- |
| Copyright 2017 The Android Open Source Project |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| //www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <p> |
| Fuzzing, which is simply providing potentially invalid, unexpected, or random |
| data as an input to a program, is an extremely effective way of finding bugs in |
| large software systems, and is an important part of the software development |
| lifecycle. |
| </p> |
| <p> |
| LLVM, the compiler infrastructure used to build Android, contains multiple |
| components that perform static and dynamic analysis. Of these components, the |
| sanitizers can be used to push out bugs and make Android better. |
| </p> |
| <p> |
| While Android has supported fuzzing tools for many releases, Android 8.0 |
| includes more fuzzing support, tighter fuzzing tool integration in the Android |
| build system, and greater dynamic analysis support on the Android kernels. |
| </p> |
| <p> |
| This section includes information on how to set up and use various fuzzing and |
| sanitizing tools. |
| </p> |
| </body></html> |