Awesome

rb_tree_demo adapted for DeepState

This was originally code accompanying a blog post about fuzzing a red-black tree implementation:

http://blog.regehr.org/archives/896

John Regehr posted it on GitHub:

The original code is still there, but this adds a new file, deepstate_harness.cpp, that uses DeepState instead of a C random number generator, to perform (I think) the same testing as John's harness.

The easiest way to use this is with the DeepState docker.

The Makefile will build three DeepState executables, ds_rb, ds_rb_lf, ds_rb_afl, the first of which is for symbolic execution, test replay, Eclipser fuzzing, the second of which is for libFuzzer fuzzing, and the third of which is for AFL fuzzing.

To fuzz this, you will want to do something like:

$ deepstate-afl ./ds_rb_afl -o fuzz_afl --fuzzer_out

The leak detection disabling is because when the test terminates early due to violated assumes in ranges, etc., this will leak memory.

Much more information is available in a pair of blog posts. Some of the instructions on how to run things may have changed a bit since then, but it should be easy to figure out how.