From: Darren Kenny <darren.kenny@oracle.com>
To: Alexander Bulekov <alxndr@bu.edu>, qemu-devel@nongnu.org
Cc: Alexander Bulekov <alxndr@bu.edu>,
Stefan Hajnoczi <stefanha@redhat.com>,
Bandan Das <bsd@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>,
Thomas Huth <thuth@redhat.com>, Qiuhao Li <Qiuhao.Li@outlook.com>
Subject: Re: [PATCH 10/10] docs/fuzz: remove mentions of fork-based fuzzing
Date: Mon, 13 Feb 2023 14:48:37 +0000 [thread overview]
Message-ID: <m24jrpr58a.fsf@oracle.com> (raw)
In-Reply-To: <20230205042951.3570008-11-alxndr@bu.edu>
On Saturday, 2023-02-04 at 23:29:51 -05, Alexander Bulekov wrote:
> Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Thanks,
Darren.
> ---
> docs/devel/fuzzing.rst | 22 ++--------------------
> 1 file changed, 2 insertions(+), 20 deletions(-)
>
> diff --git a/docs/devel/fuzzing.rst b/docs/devel/fuzzing.rst
> index 715330c856..3bfcb33fc4 100644
> --- a/docs/devel/fuzzing.rst
> +++ b/docs/devel/fuzzing.rst
> @@ -19,11 +19,6 @@ responsibility to ensure that state is reset between fuzzing-runs.
> Building the fuzzers
> --------------------
>
> -*NOTE*: If possible, build a 32-bit binary. When forking, the 32-bit fuzzer is
> -much faster, since the page-map has a smaller size. This is due to the fact that
> -AddressSanitizer maps ~20TB of memory, as part of its detection. This results
> -in a large page-map, and a much slower ``fork()``.
> -
> To build the fuzzers, install a recent version of clang:
> Configure with (substitute the clang binaries with the version you installed).
> Here, enable-sanitizers, is optional but it allows us to reliably detect bugs
> @@ -296,10 +291,9 @@ input. It is also responsible for manually calling ``main_loop_wait`` to ensure
> that bottom halves are executed and any cleanup required before the next input.
>
> Since the same process is reused for many fuzzing runs, QEMU state needs to
> -be reset at the end of each run. There are currently two implemented
> -options for resetting state:
> +be reset at the end of each run. For example, this can be done by rebooting the
> +VM, after each run.
>
> -- Reboot the guest between runs.
> - *Pros*: Straightforward and fast for simple fuzz targets.
>
> - *Cons*: Depending on the device, does not reset all device state. If the
> @@ -308,15 +302,3 @@ options for resetting state:
> reboot.
>
> - *Example target*: ``i440fx-qtest-reboot-fuzz``
> -
> -- Run each test case in a separate forked process and copy the coverage
> - information back to the parent. This is fairly similar to AFL's "deferred"
> - fork-server mode [3]
> -
> - - *Pros*: Relatively fast. Devices only need to be initialized once. No need to
> - do slow reboots or vmloads.
> -
> - - *Cons*: Not officially supported by libfuzzer. Does not work well for
> - devices that rely on dedicated threads.
> -
> - - *Example target*: ``virtio-net-fork-fuzz``
> --
> 2.39.0
next prev parent reply other threads:[~2023-02-13 14:49 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-05 4:29 [PATCH 00/10] Retire Fork-Based Fuzzing Alexander Bulekov
2023-02-05 4:29 ` [PATCH 01/10] hw/sparse-mem: clear memory on reset Alexander Bulekov
2023-02-05 10:40 ` Philippe Mathieu-Daudé
2023-02-13 14:15 ` Darren Kenny
2023-02-05 4:29 ` [PATCH 02/10] fuzz: add fuzz_reboot API Alexander Bulekov
2023-02-05 10:50 ` Philippe Mathieu-Daudé
2023-02-13 14:19 ` Darren Kenny
2023-02-05 4:29 ` [PATCH 03/10] fuzz/generic-fuzz: use reboots instead of forks to reset state Alexander Bulekov
2023-02-13 14:26 ` Darren Kenny
2023-02-17 4:01 ` Alexander Bulekov
2023-02-05 4:29 ` [PATCH 04/10] fuzz/generic-fuzz: add a limit on DMA bytes written Alexander Bulekov
2023-02-05 10:42 ` Philippe Mathieu-Daudé
2023-02-13 14:38 ` Darren Kenny
2023-02-17 3:59 ` Alexander Bulekov
2023-02-05 4:29 ` [PATCH 05/10] fuzz/virtio-scsi: remove fork-based fuzzer Alexander Bulekov
2023-02-13 14:42 ` Darren Kenny
2023-02-05 4:29 ` [PATCH 06/10] fuzz/virtio-net: " Alexander Bulekov
2023-02-13 14:44 ` Darren Kenny
2023-02-05 4:29 ` [PATCH 07/10] fuzz/virtio-blk: " Alexander Bulekov
2023-02-13 14:45 ` Darren Kenny
2023-02-05 4:29 ` [PATCH 08/10] fuzz/i440fx: " Alexander Bulekov
2023-02-13 14:46 ` Darren Kenny
2023-02-05 4:29 ` [PATCH 09/10] fuzz: remove fork-fuzzing scaffolding Alexander Bulekov
2023-02-13 14:47 ` Darren Kenny
2023-02-05 4:29 ` [PATCH 10/10] docs/fuzz: remove mentions of fork-based fuzzing Alexander Bulekov
2023-02-13 14:48 ` Darren Kenny [this message]
2023-02-05 10:39 ` [PATCH 00/10] Retire Fork-Based Fuzzing Philippe Mathieu-Daudé
2023-02-06 14:09 ` Alexander Bulekov
2023-02-13 2:11 ` Alexander Bulekov
2023-02-14 15:38 ` Stefan Hajnoczi
2023-02-14 16:08 ` Philippe Mathieu-Daudé
2023-02-14 17:58 ` Laurent Vivier
2023-02-14 18:46 ` Stefan Hajnoczi
2023-02-14 19:09 ` Thomas Huth
2023-02-14 19:14 ` Alexander Bulekov
2023-02-14 21:08 ` Thomas Huth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m24jrpr58a.fsf@oracle.com \
--to=darren.kenny@oracle.com \
--cc=Qiuhao.Li@outlook.com \
--cc=alxndr@bu.edu \
--cc=bsd@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).