[llvm-dev] Fuzzing complex programs

Greg Stark via llvm-dev llvm-dev at lists.llvm.org
Thu Sep 3 11:33:25 PDT 2015


On Thu, Sep 3, 2015 at 7:19 PM, Kostya Serebryany <kcc at google.com> wrote:
> On Thu, Sep 3, 2015 at 11:16 AM, Greg Stark <stark at mit.edu> wrote:
>>
>> On Thu, Sep 3, 2015 at 7:15 PM, Kostya Serebryany <kcc at google.com> wrote:
>> > Ok, so now you are at least getting the coverage feedback.
>>
>> Yes. Is it intentional that the fuzzer calls the function with Data=NULL
>> once?
>>
> Mmm. I don't think so.

It was certainly a surprise for me. I wonder if it's related to
anything I've done that's unusual.

For what it's worth the above crash was because I wasn't resetting the
state good enough between calls. It's a bit of a tradeoff though --
the higher level I reset the state the more memory allocations will do
and other global state the server will set to save state between calls
to do so and it'll be slower too. It looks like I'll have to start a
new transaction (or subtransaction) for each call which I was hoping
to avoid but I had a feeling was going to be necessary. Certainly
it'll be necessary if the function being fuzzed does any database
access but I in this case that wasn't going on so I thought I might be
able to get away without it.


-- 
greg


More information about the llvm-dev mailing list