[PATCH] Add a Fuzzer library
kcc at google.com
Tue Jan 27 10:21:10 PST 2015
In http://reviews.llvm.org/D7184#114061, @ygribov wrote:
> > Well, asserts are not for users, they are for developers.
> Still, you don't verify inputs in main() so user will face an assert if she passes invalid arguments.
The inputs are truncated in Fuzzer::ShuffleAndMinimize
If Mutate gets inputs of unexpected length this is a bug => assertion should fail.
> > How do you know that coverage keeps increasing?
> Does not __sanitizer_get_total_unique_coverage tell you this?
But how do you know that you are not going to discover new coverage after 100000000 iterations?
The only way you may be certain of that is if you've already covered *all* basic blocks. In practice this never happens.
> > And generally, no. Even if the coverage is steady fuzzing is still interesting (it finds bugs :))
> Hm, interesting.
edge and bb coverage is a rather weak signal.
Even if you have a full edge coverage you still may find lots of funny stuff with simple mutations.
More information about the llvm-commits