metzman (Jonathan Metzman)
User

Projects

User does not belong to any projects.

User Details

User Since
Jun 8 2016, 8:15 AM (110 w, 4 d)

Recent Activity

Fri, Jul 20

metzman requested changes to D49578: [libFuzzer] Handle unstable edges by poisoning unstable edges.

I don't think this will work. This just subtracts the number of unstable edges without actually removing those features? Or do i misunderstand how this actually works?

I think that was sort of an advantage of the algorithm. We do not remove unstable features, so that any new inputs triggering them won't be considered as new at all, but we don't add such inputs to the corpus to prevent its explosion.

Fri, Jul 20, 5:49 PM
metzman added a comment to D49621: [libFuzzer] Initial implementation of weighted mutation leveraging during runtime..

Left a few comments with high level concerns and some less important ones as well.
Did you use clang-format on this? If not I may have to start using vscode myself since clang-format had no suggested changes to this. Good job.

Fri, Jul 20, 5:34 PM
metzman added a comment to D49578: [libFuzzer] Handle unstable edges by poisoning unstable edges.

I don't think this will work. This just subtracts the number of unstable edges without actually removing those features? Or do i misunderstand how this actually works?

This is Max's method of handling edges described before. (In the chromium bug website.)

Fri, Jul 20, 6:44 AM

Thu, Jul 19

metzman added a comment to D49578: [libFuzzer] Handle unstable edges by poisoning unstable edges.

I don't think this will work. This just subtracts the number of unstable edges without actually removing those features? Or do i misunderstand how this actually works?

Thu, Jul 19, 6:18 PM
metzman added inline comments to D49525: [libFuzzer] Handle unstable edges by using minimum hit counts.
Thu, Jul 19, 8:24 AM

Tue, Jul 17

metzman accepted D49453: [libFuzzer] Create single template for visiting Inline8bitCounters.

LGTM with Max's suggestions

Tue, Jul 17, 2:50 PM

Fri, Jul 13

metzman accepted D49212: [libFuzzer] Implement stat::stability_rate based on the percentage of unstable edges..

Commit message needs tweaking.

Fri, Jul 13, 1:54 PM

Thu, Jul 12

metzman requested changes to D49212: [libFuzzer] Implement stat::stability_rate based on the percentage of unstable edges..

Please run clang-format as you agreed to do, it's giving me some small formatting changes for this patch.

Thu, Jul 12, 1:45 PM
metzman added a comment to D49212: [libFuzzer] Implement stat::stability_rate based on the percentage of unstable edges..

Just one question

Thu, Jul 12, 1:15 PM

Wed, Jul 11

metzman added inline comments to D49212: [libFuzzer] Implement stat::stability_rate based on the percentage of unstable edges..
Wed, Jul 11, 8:20 PM
metzman updated subscribers of D49212: [libFuzzer] Implement stat::stability_rate based on the percentage of unstable edges..

Also, you should add @Dor1s as a reviewer.

Wed, Jul 11, 8:18 PM
metzman added a comment to D49212: [libFuzzer] Implement stat::stability_rate based on the percentage of unstable edges..

Just some minor suggestions.

Wed, Jul 11, 8:17 PM
metzman added inline comments to D48054: [libFuzzer] Mutation tracking and logging implemented..
Wed, Jul 11, 2:12 PM

Tue, Jul 10

metzman added a comment to D48150: [libFuzzer] Create Unstable Edge Check.
In D48150#1158252, @kcc wrote:

@kcc @morehouse It doesn't look like a coverage report with new instrumentation will be feasible.

I don't understand why.

Tue, Jul 10, 8:35 PM
metzman added a comment to D48150: [libFuzzer] Create Unstable Edge Check.

@kcc @morehouse It doesn't look like a coverage report with new instrumentation will be feasible. What do you think of changing this CL to report stability as a stat, like AFL does, instead?

Tue, Jul 10, 7:21 PM
metzman added a comment to D47880: [Fuzzer] Afl driver changing iterations handling.

Reposting my comments here from https://reviews.llvm.org/D49141

Tue, Jul 10, 12:57 PM
metzman added a comment to D49141: Revert "[Fuzzer] Afl driver changing iterations handling".

@kcc @morehouse
Please land this revert as soon as possible since the initial revision breaks afl_driver's command line interface, which is used by ClusterFuzz to reproduce crashes.
AFL on OSS-Fuzz has been broken since the initial revision landed.

Tue, Jul 10, 9:13 AM
metzman added a comment to rL334510: [Fuzzer] Afl driver changing iterations handling.

I think this patch should be reverted.
It breaks afl_driver's command line interface by causing invocations such as ./fuzzer inputfile to fail.
I don't think this breakage was intentional since ./fuzzer inputfile1 inputfile2 still works and I don't think there is a reason to break this.
I've created a revert here: https://reviews.llvm.org/D49141

Tue, Jul 10, 9:10 AM
metzman updated the summary of D49141: Revert "[Fuzzer] Afl driver changing iterations handling".
Tue, Jul 10, 9:05 AM
metzman created D49141: Revert "[Fuzzer] Afl driver changing iterations handling".
Tue, Jul 10, 9:03 AM
metzman added a comment to D48054: [libFuzzer] Mutation tracking and logging implemented..

@kodewilliams have you rerun the tests to find the failing one?

Tue, Jul 10, 8:28 AM

Mon, Jul 9

metzman added a comment to D48901: [libFuzzer] Unstable Edge Handling.

This code seems like an improvement over last time, but I'll make another pass tomorrow morning just to be sure =)
It might be easier to review this if it were diffed against https://reviews.llvm.org/D48150 so that I don't need to see changes that aren't relevant. But don't spend too much time figuring out how to do this.

Mon, Jul 9, 7:49 PM

Tue, Jun 26

metzman added inline comments to D48054: [libFuzzer] Mutation tracking and logging implemented..
Tue, Jun 26, 12:50 PM

Mon, Jun 25

metzman added inline comments to D48054: [libFuzzer] Mutation tracking and logging implemented..
Mon, Jun 25, 10:15 AM

Jun 22 2018

metzman added a comment to D48054: [libFuzzer] Mutation tracking and logging implemented..

It looks like the line numbers on my last comments were messed up, trying again.

Jun 22 2018, 4:23 PM
metzman added inline comments to D48054: [libFuzzer] Mutation tracking and logging implemented..
Jun 22 2018, 4:20 PM

Jun 20 2018

metzman added inline comments to D48150: [libFuzzer] Create Unstable Edge Check.
Jun 20 2018, 10:56 AM

Jun 19 2018

metzman added a comment to D48150: [libFuzzer] Create Unstable Edge Check.

LGTM

Jun 19 2018, 6:05 PM
metzman added a comment to D48054: [libFuzzer] Mutation tracking and logging implemented..

I still think using a map that contains string -> count makes most sense.

I meant unordered_map

Jun 19 2018, 4:19 PM
metzman added a comment to D48150: [libFuzzer] Create Unstable Edge Check.

I don't seem to have any other comments except of the naming (e.g. Idx) and the CL description. Jonathan, once you're also satisfied, I think we should ask @morehouse to take a look later this week. WDYT?

+1, after the language in the commit is updated and [libFuzzer] is added to the title.

Jun 19 2018, 3:37 PM
metzman added a comment to D48054: [libFuzzer] Mutation tracking and logging implemented..

@Dor1s I still think using a map that contains string -> count makes most sense.
What is the advantage of using an array? I don't consider the performance benefits worth it since that cost is paid instead when printing the name of a mutation (ie: when this option is not being used).
Additionally this approach is simpler, we only need 2 data structures instead of 3.

Jun 19 2018, 3:35 PM
metzman added a comment to D48336: [libFuzzer] Initial implementation of mutation usefulness percentages..

I assumed I was supposed to review this. +1 to Max's comment about saying "PTAL"
I don't really think this should be its own option. I'd just print the percentages, but I think this is for Max to decide since he has in mind what will be done with the stats better than I.

Jun 19 2018, 2:55 PM
metzman added a comment to D48150: [libFuzzer] Create Unstable Edge Check.

let's update the language in the commit message too, when you get a chance.

Jun 19 2018, 10:33 AM

Jun 18 2018

metzman added a comment to D48054: [libFuzzer] Mutation tracking and logging implemented..

Is the whole patch uploaded? I can only see one file.

Jun 18 2018, 5:16 PM

Jun 17 2018

metzman added a comment to D48150: [libFuzzer] Create Unstable Edge Check.

I have two comments that I didn't think should be put in any particular place.

Jun 17 2018, 2:24 PM

Jun 15 2018

metzman added inline comments to D48150: [libFuzzer] Create Unstable Edge Check.
Jun 15 2018, 7:33 PM
metzman added inline comments to D48150: [libFuzzer] Create Unstable Edge Check.
Jun 15 2018, 3:06 PM
metzman added inline comments to D48054: [libFuzzer] Mutation tracking and logging implemented..
Jun 15 2018, 2:07 PM

Jun 14 2018

metzman added inline comments to D48054: [libFuzzer] Mutation tracking and logging implemented..
Jun 14 2018, 9:39 AM

Jun 13 2018

metzman added a comment to D48150: [libFuzzer] Create Unstable Edge Check.

Thanks for the changes.
Left some cosmetic suggestions, I don't think this needs any important changes to functionality.

Jun 13 2018, 9:07 PM
metzman added a comment to D48150: [libFuzzer] Create Unstable Edge Check.

Did a first pass. Looks pretty good!

Jun 13 2018, 2:24 PM

Jun 11 2018

metzman added inline comments to D48054: [libFuzzer] Mutation tracking and logging implemented..
Jun 11 2018, 4:06 PM
metzman added a comment to D48054: [libFuzzer] Mutation tracking and logging implemented..

Clarified a comment and left two more.

Jun 11 2018, 4:02 PM
metzman added a comment to D48054: [libFuzzer] Mutation tracking and logging implemented..

Thanks. Looks good so far.
Left a few minor suggestions.

Jun 11 2018, 3:45 PM

Apr 20 2018

metzman added a comment to D45744: [libFuzzer] Add experimental feature to not use AFL's deferred forkserver..

I don't believe it is without AFL.

Apr 20 2018, 10:11 AM

Apr 18 2018

metzman abandoned D42325: [AFL] Allow opting out of defered forkserver mode..

Replaced by https://reviews.llvm.org/D45744

Apr 18 2018, 5:24 PM
metzman added a comment to D45744: [libFuzzer] Add experimental feature to not use AFL's deferred forkserver..

Oh, I see. It still looks like the process is only forked every 1000 inputs by default. So LLVMFuzzerInitialize will only run every 1000 inputs, or less if a higher N is specified on the command line.

Right (unless the process is restarted because it OOMs or times out).

This patch seems reasonable to me, but let Kostya comment on it.

If the Chromium fuzzers are currently using the default N, you may want to bump it up so you're not calling LLVMFuzzerInitialize multiple times a second.

Apr 18 2018, 10:00 AM

Apr 17 2018

metzman updated the summary of D45744: [libFuzzer] Add experimental feature to not use AFL's deferred forkserver..
Apr 17 2018, 6:57 PM
metzman added a comment to D45744: [libFuzzer] Add experimental feature to not use AFL's deferred forkserver..

Won't this cause LLVMFuzzerInitialize to run every time AFL tries an input?

Apr 17 2018, 6:53 PM
metzman updated the diff for D45744: [libFuzzer] Add experimental feature to not use AFL's deferred forkserver..
  • Don't manually init the forkserver if we are not using the deferred one.
Apr 17 2018, 6:45 PM
metzman added a reviewer for D45744: [libFuzzer] Add experimental feature to not use AFL's deferred forkserver.: morehouse.
Apr 17 2018, 4:01 PM
metzman created D45744: [libFuzzer] Add experimental feature to not use AFL's deferred forkserver..
Apr 17 2018, 4:01 PM

Jan 19 2018

metzman created D42325: [AFL] Allow opting out of defered forkserver mode..
Jan 19 2018, 4:36 PM

Dec 13 2017

metzman updated the diff for D41193: [libFuzzer] Add dummy call of LLVMFuzzerTestOneInput to afl_driver..
  • Don't do dummy execution when executing files one-by-one.
Dec 13 2017, 12:46 PM
metzman added a reviewer for D41193: [libFuzzer] Add dummy call of LLVMFuzzerTestOneInput to afl_driver.: kcc.
Dec 13 2017, 12:20 PM
metzman created D41193: [libFuzzer] Add dummy call of LLVMFuzzerTestOneInput to afl_driver..
Dec 13 2017, 12:19 PM

Jun 30 2016

metzman accepted D21742: [libFuzzer] Let user specify extra stats file..
Jun 30 2016, 11:34 AM
metzman planned changes to D21742: [libFuzzer] Let user specify extra stats file..
Jun 30 2016, 11:33 AM

Jun 28 2016

metzman retitled D21742: [libFuzzer] Let user specify extra stats file. from [libFuzzer] Let user specify max_len and extra stats file. to [libFuzzer] Let user specify extra stats file..
Jun 28 2016, 1:41 PM
metzman updated D21742: [libFuzzer] Let user specify extra stats file..
Jun 28 2016, 1:40 PM
metzman updated the diff for D21742: [libFuzzer] Let user specify extra stats file..

Breakup afl-driver.test, remove max_len feature and fix extra stats test.

Jun 28 2016, 1:40 PM

Jun 26 2016

metzman updated the diff for D21742: [libFuzzer] Let user specify extra stats file..

Remove unneded unsetting of ASAN_OPTIONS in test.

Jun 26 2016, 7:47 PM
metzman updated the diff for D21742: [libFuzzer] Let user specify extra stats file..

Remove unneeded unset of AFL_MAX_LEN in test and undo unnecessary comment change.

Jun 26 2016, 7:43 PM
metzman updated D21742: [libFuzzer] Let user specify extra stats file..
Jun 26 2016, 7:29 PM
metzman retitled D21742: [libFuzzer] Let user specify extra stats file. from to [libFuzzer] Let user specify max_len and extra stats file..
Jun 26 2016, 7:24 PM

Jun 17 2016

metzman updated subscribers of D21487: [libFuzzer] Add standard license info and comment header to AFLDriverTest.cpp.
Jun 17 2016, 5:51 PM
metzman retitled D21487: [libFuzzer] Add standard license info and comment header to AFLDriverTest.cpp from to [libFuzzer] Add standard license info and comment header to AFLDriverTest.cpp.
Jun 17 2016, 5:49 PM

Jun 14 2016

metzman updated the diff for D21194: Enable libFuzzer's afl_driver to append stderr to a file..

Replace assertion and fix test case.

  1. Replace assertion with print to stderr and abort().
  2. Remove call to unset() environmental variable in test case.
Jun 14 2016, 12:58 PM
metzman updated the diff for D21194: Enable libFuzzer's afl_driver to append stderr to a file..

Rename duplicate_stderr to maybe_duplicate_stderr().

Jun 14 2016, 10:04 AM
metzman updated the diff for D21194: Enable libFuzzer's afl_driver to append stderr to a file..

Build the test binary using cmake and remove use of a hardcoded path.

Jun 14 2016, 9:58 AM
metzman abandoned D21327: Add option for afl_driver.cpp to duplicate stderr to the file that the environmental variable AFL_DRIVER_STDERR_DUPLICATE_FILENAME is set to..
Jun 14 2016, 9:53 AM
metzman retitled D21327: Add option for afl_driver.cpp to duplicate stderr to the file that the environmental variable AFL_DRIVER_STDERR_DUPLICATE_FILENAME is set to. from to Add option for afl_driver.cpp to duplicate stderr to the file that the environmental variable AFL_DRIVER_STDERR_DUPLICATE_FILENAME is set to..
Jun 14 2016, 9:48 AM

Jun 10 2016

metzman updated the diff for D21194: Enable libFuzzer's afl_driver to append stderr to a file..

Remove afl_driver.h, move tests to afl-driver.test

Jun 10 2016, 8:20 AM

Jun 9 2016

metzman retitled D21194: Enable libFuzzer's afl_driver to append stderr to a file. from to Enable libFuzzer's afl_driver to append stderr to a file..
Jun 9 2016, 11:41 AM