Gerrit Bot has uploaded this change for review.
doc/go1.19: add release note for fuzzing CLs
This includes CLs 387334, 387335, and 387336
Change-Id: I59e16a1a5068207d15b0aba02274f7cf6c36c207
GitHub-Last-Rev: c19f374df1a1c5c260db14f1224c33a4cbf9e07c
GitHub-Pull-Request: golang/go#53268
---
M doc/go1.19.html
1 file changed, 61 insertions(+), 0 deletions(-)
diff --git a/doc/go1.19.html b/doc/go1.19.html
index 512db39..41a91a4 100644
--- a/doc/go1.19.html
+++ b/doc/go1.19.html
@@ -187,6 +187,54 @@
pass this flag as well.
<p>
+ This release includes the following improvements to the libFuzzer build mode:
+<ul>
+ <li><!-- CL 387334 -->
+ Use libFuzzer 8-bit instead of extra counters:
+ this improves the coverage instrumentation in libFuzzer mode in three ways:
+ First, 8-bit counters are supported on all platforms, including macOS and
+ Windows, with all relevant versions of libFuzzer, whereas extra
+ counters are a Linux-only feature that only recently received
+ support on Windows.
+ Second, newly covered blocks are now properly reported as new coverage by
+ libFuzzer, not only as new features.
+ Third, the NeverZero strategy is used to ensure that coverage counters
+ never become 0 again after having been positive once. This resolves
+ issues encountered when fuzzing loops with iteration counts that
+ are multiples of 256 (e.g., larger powers of two).
+ </li>
+ <li><!-- CL 387335 -->
+ Intercept string compares:
+ IR string compares as well as calls to string comparison functions such
+ as <code>strings.EqualFold</code> are intercepted and the corresponding libFuzzer
+ callbacks are invoked with the corresponding arguments. As a result, the
+ compared strings will be added to libFuzzer’s table of recent compares,
+ which feeds future mutations performed by the fuzzer and thus allow it
+ to reach into branches guarded by string comparisons.
+ </li>
+ <li><!-- CL 387336 -->
+ Support libFuzzer value profiling mode for integer compares:
+ libFuzzer provides a special mode known as “value profiling” in which it
+ tracks the bit-wise progress made by the fuzzer in satisfying tracked
+ comparisons. Furthermore, libFuzzer uses the value of the return address
+ in its hooks to distinguish the progress for different comparisons.
+
+ The original implementation of the interception for integer comparisons
+ in Go simply called the libFuzzer hooks from a function written in Go
+ assembly. The libFuzzer hooks thus always see the same return address
+ (i.e., the address of the call instruction in the assembly snippet) and
+ thus can’t distinguish individual comparisons anymore. This drastically
+ reduces the usefulness of value profiling.
+
+ This is fixed by using an assembly trampoline that injects synthetic but
+ valid return addresses on the stack before calling the libFuzzer hook,
+ otherwise preserving the calling convention of the respective platform.
+ These fake PCs are generated deterministically based on the location
+ of the compare instruction in the IR representation.
+ </li>
+</ul>
+
+<p>
TODO: complete this section, or delete if not needed
</p>
<h2 id="linker">Linker</h2>
To view, visit change 410874. To unsubscribe, or for help writing mail filters, visit settings.
Gerrit Bot uploaded patch set #2 to this change.
doc/go1.19: add release note for fuzzing CLs
This includes CLs 387334, 387335, and 387336
Change-Id: I59e16a1a5068207d15b0aba02274f7cf6c36c207
GitHub-Last-Rev: 5a05a4d5abce7829e0569430005af43076000925
GitHub-Pull-Request: golang/go#53268
---
M doc/go1.19.html
1 file changed, 19 insertions(+), 0 deletions(-)
To view, visit change 410874. To unsubscribe, or for help writing mail filters, visit settings.
Attention is currently required from: Russ Cox.
2 comments:
Patchset:
File doc/go1.19.html:
Patch Set #1, Line 190: This release includes the following improvements to the libFuzzer build mode:
"libFuzzer build mode" should link to more information about what this means. […]
libFuzzer build mode is where a static archive with libFuzzer'scoverage instrumentation is created. This archive can then be linked with libFuzzer's runtime to create the final fuzzer. I've shortened the release note and removed the technical details. Does it look better now, or should it be further shortened?
To view, visit change 410874. To unsubscribe, or for help writing mail filters, visit settings.
Attention is currently required from: Russ Cox.
Gerrit Bot uploaded patch set #3 to this change.
doc/go1.19: add release note for fuzzing CLs
This includes CLs 387334, 387335, and 387336
Change-Id: I59e16a1a5068207d15b0aba02274f7cf6c36c207
GitHub-Last-Rev: 7b88ec3df3bd5b902c58e88d7655361cca30f7e7
GitHub-Pull-Request: golang/go#53268
---
M doc/go1.19.html
1 file changed, 22 insertions(+), 0 deletions(-)
To view, visit change 410874. To unsubscribe, or for help writing mail filters, visit settings.
Attention is currently required from: Russ Cox.
Gerrit Bot uploaded patch set #4 to this change.
doc/go1.19: add release note for fuzzing CLs
This includes CLs 387334, 387335, and 387336
Change-Id: I59e16a1a5068207d15b0aba02274f7cf6c36c207
GitHub-Last-Rev: 110e80881402d295d66633661adcd7e66e467988
GitHub-Pull-Request: golang/go#53268
---
M doc/go1.19.html
1 file changed, 22 insertions(+), 0 deletions(-)
To view, visit change 410874. To unsubscribe, or for help writing mail filters, visit settings.
Attention is currently required from: Russ Cox.
1 comment:
File doc/go1.19.html:
Patch Set #1, Line 190: This release includes the following improvements to the libFuzzer build mode:
As I understand it, "libFuzzer build mode" means using -tags libfuzzer, which is an undocumented fea […]
Fuzzing support with the libfuzzer build mode is mentioned in the release notes of version 1.14 (https://go.dev/doc/go1.14#compiler). It's your call if you think this change should be mentioned in the release notes or not ;-).
To view, visit change 410874. To unsubscribe, or for help writing mail filters, visit settings.
Attention is currently required from: Russ Cox.
Gerrit Bot uploaded patch set #5 to this change.
doc/go1.19: add release note for fuzzing CLs
This includes CLs 387334, 387335, and 387336
Change-Id: I59e16a1a5068207d15b0aba02274f7cf6c36c207
GitHub-Last-Rev: f3022dced0045b616540c696274638f18479d1ba
GitHub-Pull-Request: golang/go#53268
---
M doc/go1.19.html
1 file changed, 23 insertions(+), 0 deletions(-)
To view, visit change 410874. To unsubscribe, or for help writing mail filters, visit settings.
Attention is currently required from: Russ Cox.
Gerrit Bot uploaded patch set #6 to this change.
doc/go1.19: add release note for fuzzing CLs
This includes CLs 387334, 387335, and 387336
Change-Id: I59e16a1a5068207d15b0aba02274f7cf6c36c207
GitHub-Last-Rev: 95dbbc4f5e7fa38f0ded70e2815cd0254660f7d1
GitHub-Pull-Request: golang/go#53268
---
M doc/go1.19.html
1 file changed, 26 insertions(+), 0 deletions(-)
To view, visit change 410874. To unsubscribe, or for help writing mail filters, visit settings.