<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Sep 11, 2015 at 10:07 AM, Alexei Starovoitov <span dir="ltr"><<a href="mailto:alexei.starovoitov@gmail.com" target="_blank" onclick="window.open('https://mail.google.com/mail/?view=cm&tf=1&to=alexei.starovoitov@gmail.com&cc=&bcc=&su=&body=','_blank');return false;">alexei.starovoitov@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Fri, Sep 11, 2015 at 9:34 AM, Kostya Serebryany via llvm-commits<br>
<<a href="mailto:llvm-commits@lists.llvm.org" onclick="window.open('https://mail.google.com/mail/?view=cm&tf=1&to=llvm-commits@lists.llvm.org&cc=&bcc=&su=&body=','_blank');return false;">llvm-commits@lists.llvm.org</a>> wrote:<br>
> +<br>
> +* Linux Kernel's BPF verifier: <a href="https://github.com/iovisor/bpf-fuzzer" rel="noreferrer" target="_blank">https://github.com/iovisor/bpf-fuzzer</a><br>
<br>
</span>yep :)<br>
It found one bug so far, but looks like we need custom<br>
instruction generation. Pure random fuzzing cannot generate<br>
long enough instruction sequences to stress all pieces of verifier.<br></blockquote><div><br></div><div>Did you fuzz starting from an empty corpus, or you gave it something to start with? </div></div><br></div></div>