[PATCH] D11072: Implement tool to convert bitcode to text.

[Rafael Espíndola]

If it doesn't create files, why do you need a text representation? If
you don't need the text representation, than it is llvm-bcconv that
should be deleted and this library merged into a tools/llvm-bc-fuzzer.

The summary is that this is a lot of code with unproven value. So far
filcab has found more bugs with just afl.


On 5 August 2015 at 14:38, Karl Schimpf <kschimpf at google.com> wrote:
> kschimpf added a comment.
>
> Rafael wrote:
>
>> Why can't the fuzzer write a file?
>
>
> lib/Fuzzer runs the fuzzing in the same process as the test. It doesn't create an intermediate file. Even if it did, the conversion must still take place.
>
> The reason for this is that the what the LLVM bitstream is modeled, it is not conducive to fuzzing. That is, values are variable-rate bit encoded, based on the value. This implies that mutating a couple of bits will (almost always) make the rest of the input bitstream unreadable. The point of the fuzzed mutations is to change small portions of the input, and leave the rest alone. This is not possible with the binary form of bitcode.
>
> Hence (as mentioned in the comments for include/llvm/Bitcode/BitcodeConvert.h), this CL defines two alternative forms: simplified and textual. Both are essentially the same, except that the textual form is human readable, by using textual digits rather than binary bytes to define numbers. These alternative forms are specifically designed to all small mutations to only effect the bitcode record (and possibly the immediately surrounding records), when the contents of a bitcode record is mutated. This makes the mutations of bitcode tractable.
>
>
> http://reviews.llvm.org/D11072
>
>
>