[PATCH] D70738: [libFuzzer] Add custom output function
Manish Goregaokar via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Thu Dec 5 22:43:32 PST 2019
Manishearth added a comment.
> I can totally see how this is helpful in some cases when running libFuzzer manually, but it can also be very annoying when the reproducer is large.
> In any kind of automated scenario, it should be easy to add a separate binary that prints the inputs in human readable form.
This requires parsing the human-readable libfuzzer output though, which could change, and is also brittle
I think this is still useful for automated runs.
> I am still not convinced that this functionality deserves an extension to public API.
As fitzgen said this is pretty much something that would go hand in hand with a custom mutation function, which is functionality that you already have. Furthermore, it's useful even when you don't need custom mutators (which is true for most cargo-fuzz use cases).
> But if I were convinced, I would ask to change it to
>
> size_t LLVMFuzzerHumanReadableDump(const uint8_t *Data, size_t Size, uint8_t *Output, size_t MaxOutputSize)
>
> (with a better name and with a description of what happens if the output is > MaxOutputSize )
>
> And then there will need to be a run-time flag (generalized from kMaxUnitSizeToPrint)
> to set the maximal size of printed output.
This could work. I was trying to avoid having to do some kind of allocation dance, but this makes sense.
> When fuzzing with text protos we don't need this because text protos are human readable.
> But we also sometimes fuzz with binary protos.
We're fuzzing with arbitrary structured data, not just protobufs. The arbitrary data is derived from the bits in a quickcheck-esque way.
I don't think there's an equivalent structured fuzzing library for C++, but it could be written with some work, and it would find this useful too. The goal here is to make the job of fuzzing very easy: if the fuzzer can produce structured data, then you don't need to do the work of constructing that structured data from the binary yourself.
Repository:
rCRT Compiler Runtime
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D70738/new/
https://reviews.llvm.org/D70738
More information about the llvm-commits
mailing list