[CGamesPlay]

AFL can fuzz ruby by running ruby on arbitrary inputs. This tests that paths through the ruby interpreter are being stressed.

AFL cannot fuzz ruby code using the same mechanism, because it does not have the right level of insight. AFL can't detect if a branch in my ruby code was tested, only that the code for `if` in the core ruby interpreter has been tested both ways. For this reason, in order to properly test interpreted code, you need to add the AFL instrumentation at the ruby layer, not the native layer.

I don't think AFL currently supports this, and I don't think this project actually enables it. But I would be happy to be corrected!

[lunixbochs]

AFL usually requires you to write a "driver" for the program you want to fuzz. The driver does two main things:

1. Take a binary blob of input and pass it to the program somehow.

2. Record execution path traces into a shared memory section.

You could likely modify the Ruby VM to record path traces, and handle the binary blob in Ruby code.

[stevekemp]

> AFL can fuzz ruby by running ruby on arbitrary inputs.

If you're brave (consider "system rm -rf /home") this is worth doing. I recently ran such a fuzzing test against GNU Awk.

Unfortunately the bugs I reported are still unfixed, but it didn't take too long to find them, and it was a good learning exercise:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816271

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816277

I'm sure passing "random" input to Perl, Python, Ruby, and many other languages will lead to similar results.

[mytummyhertz]

i've actually used AFL to find some input parsing bugs in Perl, Python, and Ruby.

Perl was the team who fixed them the fastest.

none of the teams (rightly) considered these particularly high impact.