[PATCH] D65661: [compiler-rt] Move FDP to include/fuzzer/FuzzedDataProvider.h for easier use.

Fri Aug 2 08:54:31 PDT 2019

lebedev.ri added a comment.

In D65661#1612413 <https://reviews.llvm.org/D65661#1612413>, @Dor1s wrote:

> > I'm not opposing, but i have a question - this is not fuzzer specific at all, right?
>
> Yes, see the summary above.

>> This is just `Span` on steroids - knows it's size and byte position within the buffer,
>>  and has methods to change the position by consuming bytes; nothing more?
> 
> No, `span` is harmful for fuzzing, as its boundaries are not instrumented (i.e. we can miss some buffer under-/overflows). The FDP takes care of that by allocating dedicated buffers for separate inputs.

The word that is throwing me off here is "inputs".
If fuzzer gave us a buffer of 8 bytes, and we consume it as 2 consecutive 4-byte integers,
the terminology here means those are 2 separate inputs, right?
And while span would act like a light-weight view with no extra allocations,
this would allocate a *separate* buffer for each of these "inputs"?
That's it? I think this should be documented better, if it's not already.

> Plus, it provides various other helpers like `ConsumeBool` or `PickValueInArray` to save people from writing custom tricks like  `data++[0] % something` again and again.
> 
> It has evolved from a similar classes invented in Chrome and some other Google projects, and it did prove to be useful.
> 
> I should probably add some documentation in LLVM. As of now there is a short documentation for FDP in `google/fuzzing` repo: https://github.com/google/fuzzing/blob/master/docs/split-inputs.md#fuzzed-data-provider

Repository:
  rCRT Compiler Runtime

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D65661/new/

https://reviews.llvm.org/D65661