Displaying 20 results from an estimated 4000 matches similar to: "Some feedback on Libfuzzer"
2015 Sep 05
3
Some feedback on Libfuzzer
Greg,
This is lots of useful feedback!
I'll reply to individual bullets when time permits (mostly after the
holidays).
If you find a bug in Postgres with libFuzzer, please let us know so that we
can add it to http://llvm.org/docs/LibFuzzer.html#trophies
On Sat, Sep 5, 2015 at 8:40 AM, Greg Stark via llvm-dev <
llvm-dev at lists.llvm.org> wrote:
> On Sat, Sep 5, 2015 at 1:50 PM,
2015 Aug 11
3
libfuzzer questions
First off, thanks -- this is a pretty great library and it feels like I'm
learning a lot. I'm getting some more experience with libfuzzer and
finding that I have a couple of questions:
- How does libfuzzer decide to write a new test file? What distinguishes
this one from all the other cases for which new test inputs were not
written? Must be something about the path taken through the
2015 Aug 11
3
libfuzzer questions
On Mon, Aug 10, 2015 at 8:08 PM, Kostya Serebryany <kcc at google.com> wrote:
>
>
> On Mon, Aug 10, 2015 at 5:53 PM, Brian Cain via llvm-dev <
> llvm-dev at lists.llvm.org> wrote:
>
>>
>> First off, thanks -- this is a pretty great library and it feels like I'm
>> learning a lot.
>>
>
> Thanks!
>
>
>> I'm getting some
2015 Sep 08
2
Some feedback on Libfuzzer
On Sat, Sep 5, 2015 at 11:50 AM, Greg Stark <stark at mit.edu> wrote:
> On Sat, Sep 5, 2015 at 6:38 PM, Kostya Serebryany <kcc at google.com> wrote:
> >
> > This is more like a limitation of asan, not libFuzzer.
> > By design, asan does not recover from the first crash.
> > This feature has been criticized quite a lot, but I am still convinced
> this
>
2015 Aug 30
4
Fuzzing complex programs
I have a project I want to do based on Libfuzzer. Is there a separate
list for it or should I bring up any ideas for it here?
What I have in mind is to fuzz Postgres. Trying to fuzz the SQL
interpreter in general
is not very productive because traditional fuzzers try to execute the
entire program repeatedly and it has a fairly high startup and
shutdown cost. Also the instrumentation-guided
2015 Aug 12
2
libfuzzer questions
On Tue, Aug 11, 2015 at 7:25 PM, Kostya Serebryany <kcc at google.com> wrote:
> ...
>> So if I'm seeing tens of thousands of distinct test files, that
>> represents tens of thousands of distinct edges?
>>
>
> In the extreme case -- yes.
> However usually a single file covers more than one unique edge.
> Also, if you are running the fuzzer in parallel
2019 Nov 02
2
[PATCH nbdkit 0/2] Implement fuzzing using Clang's libFuzzer.
libFuzzer is Clang's fuzzer, and alternative to using AFL:
https://llvm.org/docs/LibFuzzer.html
I implemented an alternative method of fuzzing for libnbd earlier
today and it's pretty simple:
https://github.com/libguestfs/libnbd/commit/c19a6fbae9a21a7d4693418706c59e81ed256875
However it's considerably more difficult to use libFuzzer with
non-library code -- in this case nbdkit.
2015 Aug 30
2
Fuzzing complex programs
On Sun, Aug 30, 2015 at 9:11 AM, Brian Cain via llvm-dev <
llvm-dev at lists.llvm.org> wrote:
>
>
> On Sun, Aug 30, 2015 at 9:30 AM, Greg Stark via llvm-dev <
> llvm-dev at lists.llvm.org> wrote:
>
>> I have a project I want to do based on Libfuzzer. Is there a separate
>> list for it or should I bring up any ideas for it here?
>>
>> No separate
2019 Nov 04
3
[PATCH nbdkit v2 0/2] Implement fuzzing using Clang's libFuzzer.
v1 was here:
https://www.redhat.com/archives/libguestfs/2019-November/msg00003.html
This version depends on:
https://www.redhat.com/archives/libguestfs/2019-November/msg00004.html
and this series:
https://www.redhat.com/archives/libguestfs/2019-November/msg00009.html
The delta has been reduced slightly because of changes made possible
by cleaning up and fixing the quit path in nbdkit. It's
2017 Feb 10
2
Adding a decoder fuzz target
Thanks for your comments, Ralph and Jean-Marc.
Please find attached the amended patch:
- decodes a sequence of input packets rather than just one (I'm planning on
using the Opus test vectors as the seed corpus)
- decides on decoder setup and FEC independently of the packet data
- uses Opus functions to parse ToC
Cheers,
Felicia
On Sun, Jan 29, 2017 at 9:48 PM Jean-Marc Valin <jmvalin at
2019 Nov 12
2
Using Libfuzzer on a library - linking the library to the fuzz target
Hi Mitch,
Thank you for the response.
1. You don't need to build the library with `-fsanitize-coverage=...`,
using `-fsanitize=fuzzer-no-link,address` should be sufficient. -
Acknowledged
2. (although you can actually build object files/shared libraries with
-fsanitize=fuzzer, and the libFuzzer main won't be linked, if this makes
your build process easier). - with just the *fuzzer
2019 Nov 12
2
Using Libfuzzer on a library - linking the library to the fuzz target
I am working of using libfuzzer and asan to test out a third-party library.
As demonstrated in the tutorial, I wrote a fuzz target to fuzz a specific
function in the library. The fuzz target is then linked to the library and
compiles clean and I do see some tests generated by the fuzzer. However, I
have some questions regarding the "right" way to go about doing this. I
have doubts that
2017 Feb 01
2
Fuzzing bitcode reader
On Wed, Feb 1, 2017 at 8:45 AM, Mehdi Amini <mehdi.amini at apple.com> wrote:
>
> > On Feb 1, 2017, at 8:34 AM, Michael Kruse via llvm-dev <
> llvm-dev at lists.llvm.org> wrote:
> >
> > Hi all,
> >
> > The blog entry [1] suggest that one of the buildbots constantly fuzzes
> > clang and clang-format. However, the actual bot [2] only tests the
2016 May 28
2
[LibFuzzer] Recent performance regression due to r270942
Hi,
This started as an off hand comment in [1] but this appears to be a
real issue so I'm moving the discussion to the mailing list.
In r270942 the time taken to run LibFuzzer's test became noticeably
longer. I am building on
* Arch Linux (4.5.4-1-ARCH #1 SMP PREEMPT Wed May 11 22:21:28 CEST
2016 x86_64 GNU/Linux)
* I am building libFuzzer and running its tests like so
```
2017 Aug 02
2
libFuzzer: add an option to always null-terminate?
Hi all,
While playing with libFuzzer, it's a little cumbersome to having to copy
the buffer just in order to null-terminate it.
Is a null-terminated buffer an often-enough usage scenario to warrant a
libFuzzer commandline configuration switch to always generate a
null-terminated test case?
Thanks,
Johan
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
2017 Feb 01
3
Fuzzing bitcode reader
Hi all,
The blog entry [1] suggest that one of the buildbots constantly fuzzes
clang and clang-format. However, the actual bot [2] only tests the
fuzzer itself over a well-known set of bugs in standard software (eg.
Heartbleed [3] seems to be among them). Has there actually ever been a
buildbot that fuzzes clang/LLVM itself?
Another (obvious?) fuzzing candidate would be the LLVM's bitcode
2016 May 28
0
[LibFuzzer] Recent performance regression due to r270942
Reproduced, should be easy to fix. Will do it.
And thanks for noticing, on my machine this fails very fast and the test
passes because it sees everything it wants to see.
--kcc
On Fri, May 27, 2016 at 6:18 PM, Dan Liew <dan at su-root.co.uk> wrote:
> Hi,
>
> This started as an off hand comment in [1] but this appears to be a
> real issue so I'm moving the discussion to the
2017 Feb 01
3
Fuzzing bitcode reader
On Wed, Feb 1, 2017 at 9:19 AM, Michael Kruse <llvmdev at meinersbur.de> wrote:
> 2017-02-01 18:07 GMT+01:00 Kostya Serebryany <kcc at google.com>:
> > Yes, I used to run clang-fuzzer and clang-format-fuzzer on this bot, but
> not
> > any more.
> > The reason is simple -- the bot was always red (well, orange) and the
> bugs
> > were never fixed.
>
2018 Aug 15
3
How is llvm-opt-fuzzer supposed to be built and used with a pass pipeline?
Hello List,
I'm currently writing my own little optimization pass (on LLVM 6.0) and
considered it a neat idea to fuzz it using llvm-opt-fuzzer, which in
theory should be a ready-made tool for such jobs as far as I can tell,
potentially helping me to find UB and Address issues in my pass.
So I went ahead and followed the instructions in the build manual [1] to
build LLVM's llvm-opt-fuzzer
2016 Sep 20
2
-sanitizer-coverage-prune-blocks=true and LibFuzzer
Hello LLVM devs,
I'm running lots of experiments with LibFuzzer these days -- it's an
amazing tool!
I've noticed something weird while examining the effect of various coverage
options: for one of my benchmarks, the fuzzer was achieving a higher total
coverage before April 2016, when -sanitizer-coverage-prune-blocks became
true by default (commit