[llvm-dev] -sanitizer-coverage-prune-blocks=true and LibFuzzer

Jonas Wagner via llvm-dev llvm-dev at lists.llvm.org
Wed Sep 21 06:00:18 PDT 2016


Is this reproducible?
> Fuzzing is a probabilistic business and one or even two runs don't prove
> much.

I've reproduced the behavior on two different machines. Attached is a
script to do so. To use the script,

- create an empty folder and copy both prune-blocks.sh and
ff-http-parser.sh in there
- ensure clang and clang++ are in your $PATH
- cd /path/to/prune-blocks.sh
- ./prune-blocks.sh

Let me know how it goes.

> Note that I am going to change all of these coverage options soon.
> The new thing will be
> http://clang.llvm.org/docs/SanitizerCoverage.html#tracing-pcs-with-guards
> It will replace regular (boolean) and 8-bit-counters coverage.

Yay, sounds exciting! I've done a couple experiments to measure the
performance and effect of the different coverage options in the recent
past. If you're interested, I'd be happy to discuss off-list; simply send
me an email.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20160921/78453676/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ff-http-parser.c
Type: text/x-csrc
Size: 1836 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20160921/78453676/attachment.c>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: prune-blocks.sh
Type: application/x-shellscript
Size: 5154 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20160921/78453676/attachment.bin>

More information about the llvm-dev mailing list