[PATCH] D49578: [libFuzzer] Handle unstable edges by poisoning unstable edges
Kyungtak Woo via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Thu Jul 26 10:57:53 PDT 2018
kevinwkt added a comment.
In https://reviews.llvm.org/D49578#1177033, @morehouse wrote:
> Right. The biggest differences I see are
>
> 1. If a new input exercises an edge stably while a previous input exercised that edge unstably, ZeroUnstable will add the new input while PoisonUnstable may not.
> 2. If an input sometimes exercises an edge twice and sometimes not at all, ZeroUnstable won't add that input while PoisonUnstable will. This is because we record additional features for inputs that hit the same edge multiple times, but PoisonUnstable only subtracts one of those features from the total.
>
> Do we expect this to perform better in some scenarios?
This is a way to handle unstableness at a small extent, by accepting unstable edges at certain scenarios.
We believe that this "handles unstableness" compared to normal libfuzzer, but its not as extreme as ZeroUnstable.
Since this is slightly faster than ZeroUnstable and we use poison the unstable which we assume will cause less inputs to be added to the corpus in the long run, we think this might produce an interesting result.
https://reviews.llvm.org/D49578
More information about the llvm-commits
mailing list