| [Coke] | is "anything with nativecall" cheating? | 00:10 | |
| and or helpful | 00:11 | ||
| timo | that will be a bit more work | 00:27 | |
| AFL would really prefer things to be statically linked | |||
| but since you already basically have to compile a custom rakudo if you want to do fuzzing, may as well just link the parts of the .so in as well. also, depends on whether you want coverage from inside the called native code to influence what AFL thinks is interesting or not | 00:28 | ||
| if you want that, you'll have to recompile with the right flags anyway | |||
| fuzzing json tiny and json fast is, at least i hope, a good test to see how well the coverage feedback allows the input state space to be explored already with no changes to the code-under-test | 00:30 | ||
|
04:13
gfldex left
04:52
gfldex joined
09:15
lizmat left,
lizmat joined
09:30
gfldex left
10:49
lizmat left
10:50
lizmat joined
|
|||
| timo | the fuzzer found a hang in rakudo when a quote language with some kind of balancable parenthesis is used and the end-of-file comes before any matching closer. looks to me like a backtracking explosion | 11:27 | |
| do_nibbling looks roughly like <starter> <nibbler> <stopper> || <escape> || . | 11:37 | ||
| so my thinking is since . can also match <starter> in the case of something like '<' or '(' we get it trying to match starter at every place and looks for the stopper, can't find one, goes back into one nibbler and switches starter for ., then tries going forward again etc etc | 11:38 | ||
| classic backtracking explosion methinks | |||
| lizmat | looks like :-) | 12:09 | |
| timo | finally built a version of the rakudo fuzz target binary thingie with asan turned on so that anything in "stage parse" that somehow causes memory trouble it'll be saved as a crash :) | 12:33 | |
| I now have an env var that lets me filter out entire compunits by part-of-filename or frames if any of the filenames in line number annotations match | 12:44 | ||
| that lets me more easily exclude dispatchers from coverage, because they are very unstable between consecutive runs in the same process, and I want to add more stuff to my blacklists as well | |||