[PATCH] D36275: Implement llvm-isel-fuzzer for fuzzing instruction selection

[Justin Bogner via Phabricator via llvm-commits]

bogner added inline comments.


================
Comment at: tools/llvm-isel-fuzzer/llvm-isel-fuzzer.cpp:99
+  std::unique_ptr<Module> M;
+  if (Size == 0 || (Size == 1 && *Data == '\n'))
+    // We get bogus data given an empty corpus - just create a new module.
----------------
kcc wrote:
> Will it be simpler and better to just assume that Size <= 1 is uninteresting and means a new module? 
Makes sense, I'll do that.


================
Comment at: tools/llvm-isel-fuzzer/llvm-isel-fuzzer.cpp:117
+    errs() << "Mutator failed to make progress.\n";
+    return 1;
+  }
----------------
kcc wrote:
> currently the non-zero return value for LLVMFuzzerTestOneInput will call an error in libFuzzer.
> Also, an ideal fuzz target must tolerate any kind of input, even if we never expect to see it. 
Calling an error is kind of the point here. We get here when the mutator can't do any work (due to MutateImpl giving up and returning ' ', which is also not part of the contract), but to return 0 would mean we just spin forever doing nothing rather than alert the user that there's a problem.

That said, this is much less of a problem now that the default max_len was bumped to 4096. When it was 64 you'd hit this very quickly if you forgot to override that. I'm fairly comfortable just returning zero here now, I think.


https://reviews.llvm.org/D36275