Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

Re: libFuzzer fork mode and reload from corpus

176 views
Skip to first unread message

Matt Morehouse

unread,
Nov 1, 2021, 10:10:15 AM11/1/21
to vishnya, libfuzzer, Andrey Fedotov

On Sun, Oct 31, 2021 at 6:58 AM vishnya <vis...@ispras.ru> wrote:
Hi!

We are experimenting with libFuzzer fork mode and trying to integrate it with our dynamic symbolic execution tool. We are copying new inputs to libFuzzer corpus directory during its operation which works fine in workers/jobs mode. However, we encounter some problems with fork mode. Seems like it doesn't reload inputs copied to the corpus directory. So, does libFuzzer use new inputs copied to its corpus directory during fuzzing? If not, is there a way to make it use inputs from DSE? Also, can we get inputs that were reloaded by libFuzzer similar to workers/jobs mode (in fork mode logs seem to be deleted after execution)? [1] We are welcome to patch if necessary.

Konstantin Serebryany

unread,
Nov 1, 2021, 1:23:19 PM11/1/21
to Matt Morehouse, vishnya, libfuzzer, Andrey Fedotov
Hi, 
My preference would be to not change anything in libFuzzer here. 
The tool has already become much heavier than it was initially intended. 
In your case, I would rather just restart libFuzzer periodically to take advantage of the new seeds. 

--kcc 

--
You received this message because you are subscribed to the Google Groups "libfuzzer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to libfuzzer+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/libfuzzer/CAHkmTt6WLRr%2Bsropq4-B2PXU9XjyQUYFTJnpG7-z6NT48WxeRg%40mail.gmail.com.

Alexey Vishnyakov

unread,
Nov 2, 2021, 1:12:13 PM11/2/21
to Konstantin Serebryany, Matt Morehouse, libfuzzer, Andrey Fedotov

Hi!

Thank you for the advice. We'll try restarting libFuzzer first. The idea is following:

1) Use libFuzzer -merge to detect whether there are new inputs increasing cov from DSE.

2) If so, restart libFuzzer from time to time to get those inputs.

However, we have a plan B:

1) Support libFuzzer option for specifying directory to gather new inputs (like in AFL++).

2) If option is defined, lookup for new inputs from this directory in RunOneMergeJob [1].

Anyway, we will try the restarting solution first.

[1] https://github.com/llvm/llvm-project/blob/main/compiler-rt/lib/fuzzer/FuzzerFork.cpp#L199

Reply all
Reply to author
Forward
0 new messages