Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

libFuzzer status related question

73 views
Skip to first unread message

Kyriakos Georgiou

unread,
Jul 11, 2023, 1:52:44 PM7/11/23
to libfuzzer

Hi,


In regards to the status update of the libFuzzer: 


"The original authors of libFuzzer have stopped active work on it and switched to working on another fuzzing engine, Centipede. LibFuzzer is still fully supported in a sense that important bugs will get fixed. However please do not expect major new features or code reviews, other than for bug fixes."


Will libFuzzer keep being updated to support every new version of LLVM, or will it be frozen to one specific old LLVM version?


For long-term projects, would you advise using FuzzTest instead of libFuzzer? 


Thank you,

Kyriakos

Konstantin Serebryany

unread,
Jul 11, 2023, 6:08:31 PM7/11/23
to Kyriakos Georgiou, libfuzzer
Hi Kyriakos, 

On Tue, Jul 11, 2023 at 10:52 AM Kyriakos Georgiou <geor...@adacore.com> wrote:

Hi,


In regards to the status update of the libFuzzer: 


"The original authors of libFuzzer have stopped active work on it and switched to working on another fuzzing engine, Centipede. LibFuzzer is still fully supported in a sense that important bugs will get fixed. However please do not expect major new features or code reviews, other than for bug fixes."


Will libFuzzer keep being updated to support every new version of LLVM, or will it be frozen to one specific old LLVM version?


libFuzzer is part of LLVM, it is covered by unitetests that remain green. 
It's hard to imagine LLVM changes that will require major changes in libFuzzer - and we will update libFuzzer to address minor changes. 
So, we expect libFuzzer to continue to work with LLVM going forward for some time (years).
 

For long-term projects, would you advise using FuzzTest instead of libFuzzer? 


FuzzTest+Centipede is where you already have more functionality and where new functionality will be appearing. 
Today it may not cover everything that libFuzzer offers. 
The most obvious part, is that -fsanitize=fuzzer is available once you've installed clang+llvm, 
while FuzzTest+Centipede will require installing more things (currently). 

--kcc 
 



Thank you,

Kyriakos

--
You received this message because you are subscribed to the Google Groups "libfuzzer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to libfuzzer+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/libfuzzer/1f7c2a28-dc19-4187-8e47-dc5a0beb9cb9n%40googlegroups.com.

Kyriakos Georgiou

unread,
Jul 12, 2023, 11:47:07 AM7/12/23
to Konstantin Serebryany, libfuzzer
Hi Konstantin,

Thank you for your answer. I guess it is safe to use libfuzzer for now and then keep an eye on FuzzTest+Centipede updates.

Kind regards,
Kyriakos 
Reply all
Reply to author
Forward
0 new messages