Florian Hahn via llvm-dev
2021-Mar-08 21:34 UTC
[llvm-dev] Applying for GSoC 2021(Fuzzing LLVM-IR Passes)
> On Mar 8, 2021, at 20:26, John Regehr via llvm-dev <llvm-dev at lists.llvm.org> wrote: > > Hi folks, an angle related to IR fuzzing that I would be happy to help out with is using Alive2 as a test oracle. > > Using Alive2 incurs a set of problems (not all IR features supported, can be very slow) but has corresponding advantages (considers all inputs at once, handles UB gracefully). >If anyone’s interested in combing LLVM’s libFuzzer & Alive2, I’ve put up https://reviews.llvm.org/D96654 which uses Alive2 to verify candidates generated by fuzzing. It works out quite well, but I think there’s lots of potential to improve the ‘interestingness’ of the IR generated by libFuzzer. Cheers, Florian
Johannes Doerfert via llvm-dev
2021-Mar-08 23:17 UTC
[llvm-dev] Applying for GSoC 2021(Fuzzing LLVM-IR Passes)
Having Alive2 as oracle would certainly be great. Some rough ideas that can be worked on in parallel if we have multiple GSoC students: - mutation rules we know are sound, e.g., remove guarantees, add 1 iteration loops, etc. - input generation, equivalence checking (alive, partial evaluation, ...) - fragment extraction from larger codes + input tracking -> reproducer splitting, faster equivalence checking, ... We certainly can come up with more things. Would either or both of your (or anyone else) be interested in co-mentoring students? We have multiple interested ones already, even though my project description is lacking any detail. ~ Johannes On 3/8/21 3:34 PM, Florian Hahn wrote:> >> On Mar 8, 2021, at 20:26, John Regehr via llvm-dev <llvm-dev at lists.llvm.org> wrote: >> >> Hi folks, an angle related to IR fuzzing that I would be happy to help out with is using Alive2 as a test oracle. >> >> Using Alive2 incurs a set of problems (not all IR features supported, can be very slow) but has corresponding advantages (considers all inputs at once, handles UB gracefully). >> > If anyone’s interested in combing LLVM’s libFuzzer & Alive2, I’ve put up https://reviews.llvm.org/D96654 which uses Alive2 to verify candidates generated by fuzzing. It works out quite well, but I think there’s lots of potential to improve the ‘interestingness’ of the IR generated by libFuzzer. > > Cheers, > Florian >