kcc (Kostya Serebryany)
User

Projects

User does not belong to any projects.

User Details

User Since
Oct 3 2012, 4:55 AM (301 w, 6 d)

Recent Activity

Yesterday

kcc accepted D49404: [libFuzzer] Avoid STL in MSan test..

LGTM

Mon, Jul 16, 4:05 PM
kcc added a comment to D49404: [libFuzzer] Avoid STL in MSan test..

err... partially taking my word back.. I do want to keep this test to use STL.
Instead of this change, please create another test, e.g. SimpleTestStdio.cpp, that won't use STL, and use the new test in msan runs.

Mon, Jul 16, 3:54 PM
kcc added a comment to D40349: [LSan] New experimental flag for background leak checking before exit..

I'd prefer to not have this functionality in lsan -- it already has __lsan_do_recoverable_leak_check which should be sufficient for a user to implement this functionality on their side.
(If not, that may need to be fixed).

Mon, Jul 16, 12:50 PM
kcc accepted D48800: libFuzzer: prevent irrelevant strings from leaking into auto-dictionary.

Matt, please test locally and land.

Mon, Jul 16, 12:27 PM
kcc added a comment to D48891: [libFuzzer] Make -fsanitize=memory,fuzzer work..

Maybe just change the msan-ish test to not use STL

Mon, Jul 16, 12:20 PM

Thu, Jul 12

kcc accepted D49277: [fuzzer] [tests] Increase the number of iterations for three-bytes.test.

LGTM

Thu, Jul 12, 6:25 PM
kcc edited reviewers for D49249: [libFuzzer] Use separate test directory for each config, added: morehouse; removed: samsonov.
Thu, Jul 12, 6:18 PM

Tue, Jul 10

kcc added a comment to D48150: [libFuzzer] Create Unstable Edge Check.
In D48150#1158252, @kcc wrote:

@kcc @morehouse It doesn't look like a coverage report with new instrumentation will be feasible.

I don't understand why.

I don't think sancov reports are possible using the new instrumentation. Not 100% about this, but it doesn't seem to work like it did for the old instrumentation.

Tue, Jul 10, 8:42 PM
kcc added a comment to D48150: [libFuzzer] Create Unstable Edge Check.

@kcc @morehouse It doesn't look like a coverage report with new instrumentation will be feasible.

Tue, Jul 10, 8:30 PM
kcc accepted D49150: [libFuzzer] Disable dataflow.test on AArch64..

It it bothers someone, we can turn this function into a non-recursive by implementing a fixed-size queue (array of 2^16 shorts).
Or you can run the ExplodeDFSanLabelsTestDF with a large value of "ulimit -s".

Tue, Jul 10, 1:10 PM

Mon, Jul 9

kcc added a reviewer for D48800: libFuzzer: prevent irrelevant strings from leaking into auto-dictionary: morehouse.

yea, you are right, you can't directly use F->RunningCB if you don't have F visible.
But I don't want to have two copies of this flag, one in Fuzzer and one in TracePC.

Mon, Jul 9, 6:05 PM
kcc added a comment to D48891: [libFuzzer] Make -fsanitize=memory,fuzzer work..
In D48891#1156587, @kcc wrote:

LGTM

Please also update the docs (http://llvm.org/docs/LibFuzzer.html) once we are confident that msan+libfuzzer works out of the box

Mon, Jul 9, 3:30 PM
kcc accepted D48891: [libFuzzer] Make -fsanitize=memory,fuzzer work..

Please also update the docs (http://llvm.org/docs/LibFuzzer.html) once we are confident that msan+libfuzzer works out of the box

Mon, Jul 9, 3:29 PM
kcc added a comment to D48054: [libFuzzer] Mutation tracking and logging implemented..

Matt, please land it

Mon, Jul 9, 1:13 PM

Fri, Jul 6

kcc added a comment to D48800: libFuzzer: prevent irrelevant strings from leaking into auto-dictionary.
In D48800#1151316, @kcc wrote:

Why do you need the new variable InCB?
Will the existing RunningCB not work?

To be honest, my C++ knowledge becomes wobbly here. I don't think the hooks can access Fuzzer (and its RunningCB).

Fri, Jul 6, 1:24 PM
kcc added a comment to D48799: libFuzzer: always print line-break for NEW_FUNC/PC output.

sure, I can commit (done). thanks!

Fri, Jul 6, 12:52 PM
kcc committed rL336461: libFuzzer: always print line-break for NEW_FUNC/PC output.
libFuzzer: always print line-break for NEW_FUNC/PC output
Fri, Jul 6, 12:51 PM
kcc committed rCRT336461: libFuzzer: always print line-break for NEW_FUNC/PC output.
libFuzzer: always print line-break for NEW_FUNC/PC output
Fri, Jul 6, 12:51 PM
kcc closed D48799: libFuzzer: always print line-break for NEW_FUNC/PC output.
Fri, Jul 6, 12:51 PM

Tue, Jul 3

kcc accepted D48906: [libFuzzer] [NFC] Inline static local variable to avoid linker warning.

lgtm

Tue, Jul 3, 5:26 PM
kcc added a comment to D48906: [libFuzzer] [NFC] Inline static local variable to avoid linker warning.

whatever :)
even just having the literal constant "-ignore_remaining_args=1" in two places is fine.

Tue, Jul 3, 5:21 PM
kcc added a comment to D48906: [libFuzzer] [NFC] Inline static local variable to avoid linker warning.

option two or some flavor of it would be much more preferable.
Maybe just declare a global constant kIgnoreRemaining above the definition of 'class Command' (inside the fuzzer namespace)

Tue, Jul 3, 5:15 PM
kcc added a comment to D48906: [libFuzzer] [NFC] Inline static local variable to avoid linker warning.

errr... I'd prefer not to...
do you know why this happens?

Tue, Jul 3, 5:07 PM
kcc added inline comments to D48891: [libFuzzer] Make -fsanitize=memory,fuzzer work..
Tue, Jul 3, 4:15 PM
kcc accepted D48054: [libFuzzer] Mutation tracking and logging implemented..

LGTM

Tue, Jul 3, 3:56 PM
kcc committed rL336234: [libFuzzer] add one more value profile metric, under a flag (experimental).
[libFuzzer] add one more value profile metric, under a flag (experimental)
Tue, Jul 3, 3:38 PM
kcc committed rCRT336234: [libFuzzer] add one more value profile metric, under a flag (experimental).
[libFuzzer] add one more value profile metric, under a flag (experimental)
Tue, Jul 3, 3:37 PM
kcc added inline comments to D48891: [libFuzzer] Make -fsanitize=memory,fuzzer work..
Tue, Jul 3, 2:54 PM
kcc added a comment to D48800: libFuzzer: prevent irrelevant strings from leaking into auto-dictionary.
In D48800#1150324, @kcc wrote:

Why is it safe to remove ScopedDoingMyOwnMemOrStr from the places you've removed it from?

Note that this removes ScopedDoingMyOwnMemOrStr completely. It's safe because the functions using it run outside the callback. MakeDictionaryEntryFromCMP before, operator== (used in ContainsWord) after, and operator< appears unused.

It'd be different if the functions (TPC.AddValueForMemcmp, TPC.MMT.Add) used inside the hooks (recursively) triggered the hooks, but that's not the case.

Tue, Jul 3, 2:29 PM
kcc committed rCRT336230: [libFuzzer] remove stale code, as suggested in https://reviews.llvm.org/D48800.
[libFuzzer] remove stale code, as suggested in https://reviews.llvm.org/D48800
Tue, Jul 3, 2:27 PM
kcc committed rL336230: [libFuzzer] remove stale code, as suggested in https://reviews.llvm.org/D48800.
[libFuzzer] remove stale code, as suggested in https://reviews.llvm.org/D48800
Tue, Jul 3, 2:27 PM
kcc committed rL336229: [libFuzzer] add a tiny and surprisingly hard puzzle.
[libFuzzer] add a tiny and surprisingly hard puzzle
Tue, Jul 3, 2:23 PM
kcc committed rCRT336229: [libFuzzer] add a tiny and surprisingly hard puzzle.
[libFuzzer] add a tiny and surprisingly hard puzzle
Tue, Jul 3, 2:22 PM
kcc added inline comments to D48891: [libFuzzer] Make -fsanitize=memory,fuzzer work..
Tue, Jul 3, 1:23 PM

Mon, Jul 2

kcc added a comment to D48054: [libFuzzer] Mutation tracking and logging implemented..

a couple of nits, then good to go.

Mon, Jul 2, 6:04 PM
kcc added a comment to D48800: libFuzzer: prevent irrelevant strings from leaking into auto-dictionary.

Why is it safe to remove ScopedDoingMyOwnMemOrStr from the places you've removed it from?

Mon, Jul 2, 4:56 PM
kcc accepted D48799: libFuzzer: always print line-break for NEW_FUNC/PC output.

LGTM

Mon, Jul 2, 4:53 PM
kcc added a comment to D48150: [libFuzzer] Create Unstable Edge Check.

You may try projects/compiler-rt/lib/sanitizer_common/scripts/sancov.py instead of sancov, this tool is less restrictive.
pipe the output of sancov.py through llvm-symbolizer

Mon, Jul 2, 11:08 AM
kcc added a comment to D48150: [libFuzzer] Create Unstable Edge Check.

"ERROR: Coverage points in binary and .sancov file do not match." is what I am getting which I am assuming I am sending the wrong PC. But then which PC should be sent?

Is this coming from sancov? I think it might only support trace-pc-guard...

@kcc: How can we test this with inline counters?

Mon, Jul 2, 10:53 AM

Fri, Jun 29

kcc added a comment to D48054: [libFuzzer] Mutation tracking and logging implemented..

add a .lit test, please

Fri, Jun 29, 1:18 PM
kcc added a comment to D48054: [libFuzzer] Mutation tracking and logging implemented..

the current patch is hard to review as it contains tons of formatting (or otherwise unrelated) fixed.
Plz don't mix formatting/refactoring with meaningful changes in one patch.

Fri, Jun 29, 11:38 AM

Wed, Jun 27

kcc added a comment to D48695: [libFuzzer] [NFC] [Tests] Drop -O2 from configuration.

Hm... I thought this is intentional -- I do want to test libFuzzer with O2 by default.
Matt?

Wed, Jun 27, 6:24 PM
kcc added inline comments to D48054: [libFuzzer] Mutation tracking and logging implemented..
Wed, Jun 27, 6:17 PM
kcc added a comment to D48686: [libFuzzer] [Tests] [NFC] Change seed for reduce_inputs.test.

same with ShrinkControlFlowTest. I've run it 10000 times.

Wed, Jun 27, 6:03 PM
kcc added a comment to D48686: [libFuzzer] [Tests] [NFC] Change seed for reduce_inputs.test.

also:

>> 10^6 iterations already take ~20 seconds, would be hesitant to bump it more.
Wed, Jun 27, 5:54 PM
kcc added a comment to D48686: [libFuzzer] [Tests] [NFC] Change seed for reduce_inputs.test.
Any sources of non-determinism you suspect?
Wed, Jun 27, 5:52 PM
kcc added a comment to D48686: [libFuzzer] [Tests] [NFC] Change seed for reduce_inputs.test.

oh, anything could be different. I wouldn't expect seed=1 to behave the same on different platforms.
Need to check why this test is flaky (too few iterations?)

Wed, Jun 27, 5:36 PM

Tue, Jun 26

kcc added inline comments to D48054: [libFuzzer] Mutation tracking and logging implemented..
Tue, Jun 26, 5:23 PM
kcc added inline comments to D48150: [libFuzzer] Create Unstable Edge Check.
Tue, Jun 26, 5:07 PM

Mon, Jun 25

kcc accepted D48200: [CMake] Run libFuzzer tests with check-all..

LGTM
Please watch the bots -- I can imagine it can fail in lots of ways.

Mon, Jun 25, 11:09 AM

Jun 7 2018

kcc added inline comments to D47880: [Fuzzer] Afl driver changing iterations handling.
Jun 7 2018, 3:20 PM
kcc added a comment to D47666: Refactored clang-fuzzer and added new (copy) files.

Some feedback on the generated code:

Jun 7 2018, 3:08 PM
kcc added a comment to D47880: [Fuzzer] Afl driver changing iterations handling.

is this testable (somewhere in test/fuzzer/afl-driver*)?

Jun 7 2018, 2:40 PM
kcc accepted D47798: [HWASan] Report proper error on allocator failures instead of CHECK(0)-ing.

LGTM

Jun 7 2018, 2:26 PM
kcc added a comment to D47837: [libFuzzer] When printing NEW_FUNC, use 1-base indexing..

what's the process for getting this landed from here?

Jun 7 2018, 2:23 PM
kcc committed rCRT334234: [libFuzzer] When printing NEW_FUNC, use 1-base indexing..
[libFuzzer] When printing NEW_FUNC, use 1-base indexing.
Jun 7 2018, 2:19 PM
kcc committed rL334234: [libFuzzer] When printing NEW_FUNC, use 1-base indexing..
[libFuzzer] When printing NEW_FUNC, use 1-base indexing.
Jun 7 2018, 2:19 PM
kcc closed D47837: [libFuzzer] When printing NEW_FUNC, use 1-base indexing..
Jun 7 2018, 2:19 PM

Jun 6 2018

kcc committed rL334158: [libFuzzer] make the corpus elements aware of their data flow traces.
[libFuzzer] make the corpus elements aware of their data flow traces
Jun 6 2018, 6:44 PM
kcc committed rCRT334158: [libFuzzer] make the corpus elements aware of their data flow traces.
[libFuzzer] make the corpus elements aware of their data flow traces
Jun 6 2018, 6:44 PM
kcc committed rL334156: [libFuzzer] simplify a test, hopefully to fix the bot.
[libFuzzer] simplify a test, hopefully to fix the bot
Jun 6 2018, 6:25 PM
kcc committed rCRT334156: [libFuzzer] simplify a test, hopefully to fix the bot.
[libFuzzer] simplify a test, hopefully to fix the bot
Jun 6 2018, 6:24 PM
kcc committed rL334146: [libFuzzer] remove an experimental flag -use_feature_frequency.
[libFuzzer] remove an experimental flag -use_feature_frequency
Jun 6 2018, 4:29 PM
kcc committed rCRT334146: [libFuzzer] remove an experimental flag -use_feature_frequency.
[libFuzzer] remove an experimental flag -use_feature_frequency
Jun 6 2018, 4:28 PM
kcc added a reviewer for D47798: [HWASan] Report proper error on allocator failures instead of CHECK(0)-ing: morehouse.

Matt, please make the first pass.

Jun 6 2018, 11:41 AM
kcc accepted D47837: [libFuzzer] When printing NEW_FUNC, use 1-base indexing..

LGTM

Jun 6 2018, 10:36 AM

Jun 5 2018

kcc added a comment to D47798: [HWASan] Report proper error on allocator failures instead of CHECK(0)-ing.

are tests possible here?

Jun 5 2018, 6:48 PM
kcc committed rL334058: [libFuzzer] initial implementation of -data_flow_trace. It parses the data flow….
[libFuzzer] initial implementation of -data_flow_trace. It parses the data flow…
Jun 5 2018, 6:28 PM
kcc committed rCRT334058: [libFuzzer] initial implementation of -data_flow_trace. It parses the data flow….
[libFuzzer] initial implementation of -data_flow_trace. It parses the data flow…
Jun 5 2018, 6:28 PM

Jun 1 2018

kcc committed rL333796: Add weak definitions of trace-cmp hooks to dfsan.
Add weak definitions of trace-cmp hooks to dfsan
Jun 1 2018, 3:03 PM
kcc committed rCRT333796: Add weak definitions of trace-cmp hooks to dfsan.
Add weak definitions of trace-cmp hooks to dfsan
Jun 1 2018, 3:03 PM
kcc closed D47605: Add weak definitions of trace-cmp hooks to dfsan.
Jun 1 2018, 3:03 PM

May 31 2018

kcc created D47605: Add weak definitions of trace-cmp hooks to dfsan.
May 31 2018, 1:28 PM

May 30 2018

kcc committed rL333616: [libFuzzer] add collect_data_flow.py that allows to run the data-flow tracer….
[libFuzzer] add collect_data_flow.py that allows to run the data-flow tracer…
May 30 2018, 6:32 PM
kcc committed rCRT333616: [libFuzzer] add collect_data_flow.py that allows to run the data-flow tracer….
[libFuzzer] add collect_data_flow.py that allows to run the data-flow tracer…
May 30 2018, 6:32 PM

May 23 2018

kcc committed rL333149: [libFuzzer] DataFlow tracer now tags a subset of the input. A separate script….
[libFuzzer] DataFlow tracer now tags a subset of the input. A separate script…
May 23 2018, 6:47 PM
kcc committed rCRT333149: [libFuzzer] DataFlow tracer now tags a subset of the input. A separate script….
[libFuzzer] DataFlow tracer now tags a subset of the input. A separate script…
May 23 2018, 6:47 PM
kcc committed rL333142: [libFuzzer] fix two off-by-ones (!!) in the data flow tracer.
[libFuzzer] fix two off-by-ones (!!) in the data flow tracer
May 23 2018, 5:00 PM
kcc committed rCRT333142: [libFuzzer] fix two off-by-ones (!!) in the data flow tracer.
[libFuzzer] fix two off-by-ones (!!) in the data flow tracer
May 23 2018, 5:00 PM
kcc accepted D47281: sanitizer: Use pre-computed size of struct ustat for Linux.

LGTM, thanks!

May 23 2018, 2:06 PM
kcc committed rCRT333122: [libFuzzer] change the output format for the DataFlow tracer.
[libFuzzer] change the output format for the DataFlow tracer
May 23 2018, 2:01 PM
kcc committed rL333122: [libFuzzer] change the output format for the DataFlow tracer.
[libFuzzer] change the output format for the DataFlow tracer
May 23 2018, 2:01 PM
kcc committed rCRT333119: [libFuzzer] add a stress test for the DataFlow tracer.
[libFuzzer] add a stress test for the DataFlow tracer
May 23 2018, 1:27 PM
kcc committed rL333119: [libFuzzer] add a stress test for the DataFlow tracer.
[libFuzzer] add a stress test for the DataFlow tracer
May 23 2018, 1:27 PM
kcc accepted D47271: [libFuzzer] Don't complain about lack of interesting inputs when -runs=0..

For data flow test, make sure to rebuild dfsan (ninja check-dfsan)

May 23 2018, 11:18 AM
kcc added a comment to D47165: sanitizer: Don't intercept ustat for Linux.

Yes, I think a much safer fix would be to add

unsigned struct_ustat_sz = <SOMETHING>;  // glibc >= 2.28 doesn't have <sys/ustat.h> so we can't include it and use  sizeof(struct ustat);
May 23 2018, 9:19 AM
kcc added a reviewer for D47165: sanitizer: Don't intercept ustat for Linux: eugenis.

the ustat interceptor has been added in 2013, probably as part of the work on msan.

May 23 2018, 8:52 AM

May 22 2018

kcc committed rCRT333048: [libFuzzer] modify -print_corpus_stats to print whether the input reaches the….
[libFuzzer] modify -print_corpus_stats to print whether the input reaches the…
May 22 2018, 6:46 PM
kcc committed rL333048: [libFuzzer] modify -print_corpus_stats to print whether the input reaches the….
[libFuzzer] modify -print_corpus_stats to print whether the input reaches the…
May 22 2018, 6:46 PM

May 21 2018

kcc added a comment to D44623: [ASAN] Fix crash on i?86-linux (32-bit) against glibc 2.27 and later.

Is this code review stuck?

May 21 2018, 6:15 PM · Restricted Project
kcc committed rL332876: [libFuzzer] reinstate -dump_coverage, which is still in use (reverts r332036).
[libFuzzer] reinstate -dump_coverage, which is still in use (reverts r332036)
May 21 2018, 12:51 PM
kcc committed rCRT332876: [libFuzzer] reinstate -dump_coverage, which is still in use (reverts r332036).
[libFuzzer] reinstate -dump_coverage, which is still in use (reverts r332036)
May 21 2018, 12:50 PM

May 18 2018

kcc accepted D47085: [msan] Don't check divisor shadow in fdiv..

LGTM

May 18 2018, 1:22 PM

May 16 2018

kcc committed rCRT332558: [libFuzzer] rename a test from .c to .cpp.
[libFuzzer] rename a test from .c to .cpp
May 16 2018, 4:42 PM
kcc committed rL332558: [libFuzzer] rename a test from .c to .cpp.
[libFuzzer] rename a test from .c to .cpp
May 16 2018, 4:42 PM
kcc committed rL332554: [libFuzzer] add an experimental flag -focus_function: libFuzzer will try to….
[libFuzzer] add an experimental flag -focus_function: libFuzzer will try to…
May 16 2018, 4:30 PM
kcc committed rCRT332554: [libFuzzer] add an experimental flag -focus_function: libFuzzer will try to….
[libFuzzer] add an experimental flag -focus_function: libFuzzer will try to…
May 16 2018, 4:30 PM
kcc accepted D46924: [libFuzzer] add a symbolic execution puzzle (difficult for today's libFuzzer)..

Looking forward to trying to attack it.
But indeed, for examples like this, KLEE (or other symexec) is clearly more powerful... today.

May 16 2018, 11:04 AM

May 15 2018

kcc accepted D46785: [msan] Instrument masked.store, masked.load intrinsics..

LGTM

May 15 2018, 2:15 PM

May 14 2018

kcc committed rL332316: [libFuzzer] deprecate equivalence_server.
[libFuzzer] deprecate equivalence_server
May 14 2018, 6:19 PM