Page MenuHomePhabricator

[FuzzMutate] Don't crash when mutator is unable to find operation
ClosedPublic

Authored by igor-laevsky on Dec 8 2017, 7:27 AM.

Details

Summary

Currently we expect to find suitable operation for any source we may choose. This works well if we only try to mutate code which was build from scratch by the fuzzer itself. However if we try to mutate pre-existing llvm ir we may encounter any possible operation.

I believe it's not practical to demand support for all of them. Instead we can apply same logic as we did when running deleter on empty function. By knowing that mutation attempt will be repeated many times we can bail from the single run and try to do it next time by choosing different operation source.

Diff Detail

Repository
rL LLVM

Event Timeline

igor-laevsky created this revision.Dec 8 2017, 7:27 AM
igor-laevsky edited the summary of this revision. (Show Details)Dec 8 2017, 7:29 AM

Hi. Any comments on this?

bogner accepted this revision.Dec 18 2017, 1:08 PM

I'm a little worried that this makes us more likely to get into the "unable to make forward progress" case of the fuzzer loop, which could waste time and make it harder to tell that we're hitting something we can't handle. That said, it does re-try for these cases, so I suppose it's good to make as much progress as we can until we do get stuck.

Let's go ahead and do this, but please keep an eye out for any problems due to letting the fuzzers get stuck instead of bailing on cases we don't handle.

This revision is now accepted and ready to land.Dec 18 2017, 1:08 PM
This revision was automatically updated to reflect the committed changes.