[PATCH] D70738: [libFuzzer] Add custom output function

Manish Goregaokar via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Thu Dec 5 22:43:32 PST 2019 

Manishearth added a comment.

> I can totally see how this is helpful in some cases when running libFuzzer manually, but it can also be very annoying when the reproducer is large. 
>  In any kind of automated scenario, it should be easy to add a separate binary that prints the inputs in human readable form.

This requires parsing the human-readable libfuzzer output though, which could change, and is also brittle

I think this is still useful for automated runs.

> I am still not convinced that this functionality deserves an extension to public API.

As fitzgen said this is pretty much something that would go hand in hand with a custom mutation function, which is functionality that you already have. Furthermore, it's useful even when you don't need custom mutators (which is true for most cargo-fuzz use cases).

> But if I were convinced, I would ask to change it to
> 
>   size_t LLVMFuzzerHumanReadableDump(const uint8_t *Data, size_t Size, uint8_t *Output, size_t MaxOutputSize)
> 
> (with a better name and with a description of what happens if the output is > MaxOutputSize )
> 
> And then there will need to be a run-time flag (generalized from kMaxUnitSizeToPrint)
>  to set the maximal size of printed output.

This could work. I was trying to avoid having to do some kind of allocation dance, but this makes sense.

> When fuzzing with text protos we don't need this because text protos are human readable.
>  But we also sometimes fuzz with binary protos.

We're fuzzing with arbitrary structured data, not just protobufs. The arbitrary data is derived from the bits in a quickcheck-esque way.

I don't think there's an equivalent structured fuzzing library for C++, but it could be written with some work, and it would find this useful too. The goal here is to make the job of fuzzing very easy: if the fuzzer can produce structured data, then you don't need to do the work of constructing that structured data from the binary yourself.


Repository:
  rCRT Compiler Runtime

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D70738/new/

https://reviews.llvm.org/D70738

More information about the llvm-commits mailing list