[llvm] [libfuzzer][docs] Update and clarify Output section (PR #125075)
Paweł Bylica via llvm-commits
llvm-commits at lists.llvm.org
Thu Jan 30 07:39:14 PST 2025
https://github.com/chfast created https://github.com/llvm/llvm-project/pull/125075
In the documentation page for the libfuzzer update the example snippets of outputs. They are now slightly different than what is documented.
Improve the documentation of the output section `L:`. It now shows two numbers.
Closes https://github.com/llvm/llvm-project/issues/42571.
>From 58422975e1d9ae0da816e325759be09ff20729b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pawe=C5=82=20Bylica?= <pawel at ethereum.org>
Date: Thu, 30 Jan 2025 16:28:28 +0100
Subject: [PATCH] [libfuzzer][docs] Update and clarify Output section
In the documentation page for the libfuzzer update the example snippets
of outputs. They are now slightly different than what is documented.
Improve the documentation of the output section `L:`. It now shows two
numbers.
Closes https://github.com/llvm/llvm-project/issues/42571.
---
llvm/docs/LibFuzzer.rst | 54 ++++++++++++++++++++++++-----------------
1 file changed, 32 insertions(+), 22 deletions(-)
diff --git a/llvm/docs/LibFuzzer.rst b/llvm/docs/LibFuzzer.rst
index 9e34530e7e3e78..2137740896ddb2 100644
--- a/llvm/docs/LibFuzzer.rst
+++ b/llvm/docs/LibFuzzer.rst
@@ -354,16 +354,18 @@ Output
During operation the fuzzer prints information to ``stderr``, for example::
- INFO: Seed: 1523017872
- INFO: Loaded 1 modules (16 guards): [0x744e60, 0x744ea0),
- INFO: -max_len is not provided, using 64
+ INFO: Running with entropic power schedule (0xFF, 100).
+ INFO: Seed: 1434179311
+ INFO: Loaded 1 modules (8 inline 8-bit counters): 8 [0x5f03d189be90, 0x5f03d189be98),
+ INFO: Loaded 1 PC tables (8 PCs): 8 [0x5f03d189be98,0x5f03d189bf18),
+ INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
INFO: A corpus is not provided, starting from an empty corpus
- #0 READ units: 1
- #1 INITED cov: 3 ft: 2 corp: 1/1b exec/s: 0 rss: 24Mb
- #3811 NEW cov: 4 ft: 3 corp: 2/2b exec/s: 0 rss: 25Mb L: 1 MS: 5 ChangeBit-ChangeByte-ChangeBit-ShuffleBytes-ChangeByte-
- #3827 NEW cov: 5 ft: 4 corp: 3/4b exec/s: 0 rss: 25Mb L: 2 MS: 1 CopyPart-
- #3963 NEW cov: 6 ft: 5 corp: 4/6b exec/s: 0 rss: 25Mb L: 2 MS: 2 ShuffleBytes-ChangeBit-
- #4167 NEW cov: 7 ft: 6 corp: 5/9b exec/s: 0 rss: 25Mb L: 3 MS: 1 InsertByte-
+ #2 INITED cov: 2 ft: 2 corp: 1/1b exec/s: 0 rss: 31Mb
+ #144 NEW cov: 3 ft: 3 corp: 2/2b lim: 4 exec/s: 0 rss: 31Mb L: 1/1 MS: 2 ChangeByte-ChangeByte-
+ #157 NEW cov: 4 ft: 4 corp: 3/4b lim: 4 exec/s: 0 rss: 31Mb L: 2/2 MS: 3 CrossOver-ChangeBit-CrossOver-
+ #1345 NEW cov: 5 ft: 5 corp: 4/8b lim: 14 exec/s: 0 rss: 32Mb L: 4/4 MS: 3 InsertByte-ChangeBit-CrossOver-
+ #1696 NEW cov: 6 ft: 6 corp: 5/10b lim: 17 exec/s: 0 rss: 32Mb L: 2/4 MS: 1 EraseBytes-
+ #1832 REDUCE cov: 6 ft: 6 corp: 5/9b lim: 17 exec/s: 0 rss: 32Mb L: 3/3 MS: 1 EraseBytes-
...
The early parts of the output include information about the fuzzer options and
@@ -407,7 +409,7 @@ Each output line also reports the following statistics (when non-zero):
``corp:``
Number of entries in the current in-memory test corpus and its size in bytes.
``lim:``
- Current limit on the length of new entries in the corpus. Increases over time
+ Current limit on the length of new entries in the corpus. Increases over time
until the max length (``-max_len``) is reached.
``exec/s:``
Number of fuzzer iterations per second.
@@ -418,7 +420,8 @@ For ``NEW`` and ``REDUCE`` events, the output line also includes information
about the mutation operation that produced the new input:
``L:``
- Size of the new input in bytes.
+ Size of the new/reduced input in bytes and the size of the largest input
+ in current in-memory test corpus.
``MS: <n> <operations>``
Count and list of the mutation operations used to generate the input.
@@ -453,19 +456,26 @@ A simple function that does something interesting if it receives the input
You should get an error pretty quickly::
- INFO: Seed: 1523017872
- INFO: Loaded 1 modules (16 guards): [0x744e60, 0x744ea0),
- INFO: -max_len is not provided, using 64
+ INFO: Running with entropic power schedule (0xFF, 100).
+ INFO: Seed: 1434179311
+ INFO: Loaded 1 modules (8 inline 8-bit counters): 8 [0x5f03d189be90, 0x5f03d189be98),
+ INFO: Loaded 1 PC tables (8 PCs): 8 [0x5f03d189be98,0x5f03d189bf18),
+ INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
INFO: A corpus is not provided, starting from an empty corpus
- #0 READ units: 1
- #1 INITED cov: 3 ft: 2 corp: 1/1b exec/s: 0 rss: 24Mb
- #3811 NEW cov: 4 ft: 3 corp: 2/2b exec/s: 0 rss: 25Mb L: 1 MS: 5 ChangeBit-ChangeByte-ChangeBit-ShuffleBytes-ChangeByte-
- #3827 NEW cov: 5 ft: 4 corp: 3/4b exec/s: 0 rss: 25Mb L: 2 MS: 1 CopyPart-
- #3963 NEW cov: 6 ft: 5 corp: 4/6b exec/s: 0 rss: 25Mb L: 2 MS: 2 ShuffleBytes-ChangeBit-
- #4167 NEW cov: 7 ft: 6 corp: 5/9b exec/s: 0 rss: 25Mb L: 3 MS: 1 InsertByte-
- ==31511== ERROR: libFuzzer: deadly signal
+ #2 INITED cov: 2 ft: 2 corp: 1/1b exec/s: 0 rss: 31Mb
+ #144 NEW cov: 3 ft: 3 corp: 2/2b lim: 4 exec/s: 0 rss: 31Mb L: 1/1 MS: 2 ChangeByte-ChangeByte-
+ #157 NEW cov: 4 ft: 4 corp: 3/4b lim: 4 exec/s: 0 rss: 31Mb L: 2/2 MS: 3 CrossOver-ChangeBit-CrossOver-
+ #1345 NEW cov: 5 ft: 5 corp: 4/8b lim: 14 exec/s: 0 rss: 32Mb L: 4/4 MS: 3 InsertByte-ChangeBit-CrossOver-
+ #1696 NEW cov: 6 ft: 6 corp: 5/10b lim: 17 exec/s: 0 rss: 32Mb L: 2/4 MS: 1 EraseBytes-
+ #1832 REDUCE cov: 6 ft: 6 corp: 5/9b lim: 17 exec/s: 0 rss: 32Mb L: 3/3 MS: 1 EraseBytes-
+ ==840148== ERROR: libFuzzer: deadly signal
...
- artifact_prefix='./'; Test unit written to ./crash-b13e8756b13a00cf168300179061fb4b91fefbed
+ SUMMARY: libFuzzer: deadly signal
+ MS: 2 CopyPart-ChangeByte-; base unit: dbee5f8c7a5da845446e75b4a5708e74428b520a
+ 0x48,0x49,0x21,
+ HI!
+ artifact_prefix='./'; Test unit written to ./crash-7a8dc3985d2a90fb6e62e94910fc11d31949c348
+ Base64: SEkh
More examples
More information about the llvm-commits
mailing list