[PATCH] D12723: llvm-mc-fuzzer: A fuzzing tool for the MC layer.
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Mon Sep 14 09:20:01 PDT 2015
kcc added a comment.
> One feature that would be helpful from the Fuzzer is the ability for the callback to be able to classify inputs into various bins. For example, "this input is invalid", "this input disassembled but failed to complete the round trip", "this input completed a round trip but the encodings don't match", etc. At the moment, we need to determine this when converting inputs into test cases which seems redundant when the callback already knew what happened.
Yes, I've seen similar requests already.
goFuzz does it this way:
> > The function must return 1 if the input is interesting in some way (for example, it was parsed successfully, that is, it is lexically correct, go-fuzz will give more priority to such inputs); -1 if the input must not be added to corpus even if gives new coverage; and 0 otherwise; other values are reserved for future use.
>
So, I'll probably add some similar functionality (probably not in the nearest two weeks though).
http://reviews.llvm.org/D12723
More information about the llvm-commits
mailing list