[llvm-bugs] [Bug 32159] New: libFuzzer inputs are too repetetive
via llvm-bugs
llvm-bugs at lists.llvm.org
Mon Mar 6 14:12:31 PST 2017
https://bugs.llvm.org/show_bug.cgi?id=32159
Bug ID: 32159
Summary: libFuzzer inputs are too repetetive
Product: new-bugs
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: new bugs
Assignee: unassignedbugs at nondot.org
Reporter: vitalybuka at google.com
CC: llvm-bugs at lists.llvm.org
LLVMFuzzerTestOneInput 20%-50% of times receives input exactly like one in
previous call.
Also unique inputs are less that 50% (example below is 43%)
We should understand why this happens (maybe some week mutation) and fix it or
create filter/hash table to prevent testing such inputs.
Should be cheaper that running instrumented code.
Simple fuzzer:
#include <string>
#include <set>
#include <map>
std::map<string, int> h;
std::map<int, int> d;
int total;
int same_as_prev;
string prev_input;
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
string input(reinterpret_cast<const char*>(data), size);
++total;
auto r = h.insert({input, total});
if (!r.second) {
++d[(total - r.first->second)];
r.first->second = total;
}
if (prev_input == input)
++same_as_prev;
prev_input = input;
if (total >= 100000-30) {
for (auto c : input) {
fprintf(stderr, "%02hhX", c);
}
fprintf(stderr, "\n\n");
}
if (total == 100000) {
fprintf(stderr, "Unique inputs: %zu of %d\n", h.size(), total);
fprintf(stderr, "Same the one before: %d of %d\n", same_as_prev, total);
int sum = 0;
fprintf(stderr, "Percent of inputs seen at most N inputs before: %d of
%d\n", same_as_prev, total);
for (auto dd : d) {
sum = dd.second;
fprintf(stderr, "%f\t%d\n", 100.0*sum/total, dd.first);
if (dd.second < 2)
break;
}
abort();
}
if (std::hash<string>()(input) == 111000)
abort();
return 0;
}
Output:
53179 NEW cov: 1452 ft: 481 corp: 66/3129b exec/s: 53179 rss: 70Mb L: 63
MS: 3 ShuffleBytes-InsertRepeatedBytes-ChangeByte-
000000000000000000000000000000000000000000000000000000000000000000000000000000000000D2D2D2D2000000003B000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000000D2D2D2D20000003B00000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000000D2D2D2D20000003B00000000000000000000000000
000000000000000000310000000000000000000000000000000000000000000000000000000000000000D2D2D2D20000003B00000000000000000000000000
000000000000000000310000000000000000000000000000000000000000000000000000000000000000D2D2D2D20000003B00000000000000000000000000
0A00000100000000000000000000000000004A0000000000000000000020000A0A0A0A00000000000000000000000000000000000000000000000000000000
0A00000100000000000000000000000000004A0000000000000000000020000A0A0A0A00000000000000000000000000000000000000000000000000000000
0A00000100000000000000000000000000004A0000000000000000000020000A00000A0A000A00000000000000000000000000000000000000000000000000
0A00000100000000000000000000000000004A0000000000000000000020000A00000A0A000A00000000000000000000000000000000000000000000000000
0A00000100000000000000000000000000004A0000000000000000000020000A00000A0A000A00000000000000000000000000000000000000000000000000
0A00000100000000000000000000210000004A0000000000000000000020000A00000A0A000A00000000000000000000000000000000000000000000000000
0A00000100000000000000000000210000004A0000000000000000000020000A00000A0A000A00000000000000000000000000000000000000000000000000
0800000100000000000000000000210000004A0000000000000000000020000A00000A0A000A00000000000000000000000000000000000000000000000000
0800000100000000000000000000210000004A0000000000000000000020000A00000A0A000A00000000000000000000000000000000000000000000000000
0A00000000000018FF0827FFFFF300
#53187 NEW cov: 1452 ft: 486 corp: 67/3144b exec/s: 53187 rss: 70Mb L: 15
MS: 1 InsertByte-
0A00000000000018FF0827FFFFF300
0A0000FFFFFFFD18FF0827FFFFF300
0A0000FFFFFFFD18FF0827FFFFF300
0A0000FFFFFFFD0818FF27FFFFF300
0A0000FFFFFFFD0818FF27FFFFF300
0A000F0000000000000000FFFFFFFD0818FF27FFFFF300
#53190 NEW cov: 1452 ft: 489 corp: 68/3167b exec/s: 53190 rss: 70Mb L: 23
MS: 4 InsertByte-ChangeBinInt-ShuffleBytes-CMP- DE:
"\x0f\x00\x00\x00\x00\x00\x00\x00"-
0A000F0000000000000000FFFFFFFD0818FF27FFFFF300
0A000F000000000000FFFFFFFD0818FF27FFFFF300
0A000F000000000000FFFFFFFD0818FF27FFFFF300
0A0A00000A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000A0A000000000000000000000000
0A0A00000A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000A0A000000000000000000000000
0A0A00000A0000280000000000000000000000000000000000000000000000000000000000000000000000000000000000000A0A000000000000000000000000
0A0A00000A0000280000000000000000000000000000000000000000000000000000000000000000000000000000000000000A0A000000000000000000000000
0A0A00000A0000286C00000000000000000000000000000000000000000000000000000000000000000000000000000000000A0A000000000000000000000000
Unique inputs: 42828 of 100000
Same the one before: 51663 of 100000
Percent of inputs seen at most N inputs before: 51663 of 100000
51.662000 1
0.005000 2
0.127000 3
0.018000 4
0.047000 5
0.015000 6
0.046000 7
0.017000 8
0.037000 9
0.018000 10
0.023000 11
0.008000 12
0.027000 13
0.017000 14
0.016000 15
0.014000 16
0.017000 17
0.025000 18
0.015000 19
0.007000 20
0.014000 21
0.006000 22
0.012000 23
0.008000 24
0.010000 25
0.015000 26
0.014000 27
0.013000 28
0.005000 29
0.002000 30
0.002000 31
0.006000 32
0.008000 33
0.004000 34
0.006000 35
0.008000 36
0.005000 37
0.009000 38
0.003000 39
0.006000 40
0.003000 41
0.006000 42
0.005000 43
0.006000 44
0.008000 45
0.006000 46
0.001000 47
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20170306/be0e8469/attachment-0001.html>
More information about the llvm-bugs
mailing list