[cfe-dev] Introducing clang-triage: A bot to test clang with fuzzed inputs
Sami Liedes
sami.liedes at iki.fi
Mon Jan 5 17:24:46 PST 2015
On Mon, Jan 05, 2015 at 04:55:53PM -0800, Sean Silva wrote:
> >> The first thing that comes to mind to hack around that would be write a
> >> quick tool that uses clang as a library and have afl-fuzz just send it IPC
> >> messages asking it to parse files; the server then forks off a child to
> >> parse, avoiding all the startup overhead and option parsing and stuff
> >> inside clang.
> >>
> > afl does this automatically:
> > http://lcamtuf.blogspot.com/2014/10/fuzzing-binaries-without-execve.html
> >
> Wow neat! Then maybe the overhead is in clang's driver or frontend. From
> the ballpark calculation above, it looks like there are orders of magnitude
> of performance being left on the table.
What afl-fuzz does, I believe, is fork at the beginning of main() or
somewhere near that point. As far as I understand there's probably no
really good reason why it couldn't fork at the first read from stdin,
but that's just not implemented yet.
Even the 300/s or something like that comes from running clang -cc1
directly; if I run clang without -cc1, I seem to remember that I get
something like 30/s instead.
Sami
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20150106/49a2d6df/attachment.sig>
More information about the cfe-dev
mailing list