[llvm-dev] libfuzzer questions

[David Blaikie via llvm-dev]

+Kostya, Fuzzer of Sanity

On Mon, Aug 10, 2015 at 5:53 PM, Brian Cain via llvm-dev <
llvm-dev at lists.llvm.org> wrote:

>
> First off, thanks -- this is a pretty great library and it feels like I'm
> learning a lot.  I'm getting some more experience with libfuzzer and
> finding that I have a couple of questions:
>
> - How does libfuzzer decide to write a new test file?  What distinguishes
> this one from all the other cases for which new test inputs were not
> written?  Must be something about the path taken through the code?
>
> - Can I use afl-cmin or is there something similar for libFuzzer?  I find
> that sometimes I get an enormous amount of tests and it becomes
> unmanageable.
>
> - sometimes my process being tested appears to deadlock.  A common feature
> seems to be that AlarmCallback is allocating memory and as a consequence
> the ASan code is pending on a lock.  I'll speculate that this is because
> the alarm expired while the lock was already held.  Is this expected?  I
> can share specific call stacks if it helps.  I can just extend the timeout
> but I think it's probably appropriate.
>
> - AFL has a curses based display where a bunch of different stats are
> shown.  I'll be honest, I don't know how to read those yet. ;)  But I'd
> like to find some way to determine whether I'm seeing diminishing returns
> with libfuzzer.  Is there a good strategy?
>
> - Can anyone share tips for how libFuzzer has been used with some success
> -- anything beyond what's already available in
> http://llvm.org/docs/LibFuzzer.html ?
>
> --
> -Brian
>
> _______________________________________________
> LLVM Developers mailing list
> llvm-dev at lists.llvm.org         http://llvm.cs.uiuc.edu
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150810/244e3acc/attachment.html>