[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 10/10] docs/fuzz: remove mentions of fork-based fuzzing
From: |
Alexander Bulekov |
Subject: |
[PULL 10/10] docs/fuzz: remove mentions of fork-based fuzzing |
Date: |
Thu, 16 Feb 2023 23:08:55 -0500 |
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
---
docs/devel/fuzzing.rst | 22 ++--------------------
1 file changed, 2 insertions(+), 20 deletions(-)
diff --git a/docs/devel/fuzzing.rst b/docs/devel/fuzzing.rst
index 715330c856..3bfcb33fc4 100644
--- a/docs/devel/fuzzing.rst
+++ b/docs/devel/fuzzing.rst
@@ -19,11 +19,6 @@ responsibility to ensure that state is reset between
fuzzing-runs.
Building the fuzzers
--------------------
-*NOTE*: If possible, build a 32-bit binary. When forking, the 32-bit fuzzer is
-much faster, since the page-map has a smaller size. This is due to the fact
that
-AddressSanitizer maps ~20TB of memory, as part of its detection. This results
-in a large page-map, and a much slower ``fork()``.
-
To build the fuzzers, install a recent version of clang:
Configure with (substitute the clang binaries with the version you installed).
Here, enable-sanitizers, is optional but it allows us to reliably detect bugs
@@ -296,10 +291,9 @@ input. It is also responsible for manually calling
``main_loop_wait`` to ensure
that bottom halves are executed and any cleanup required before the next input.
Since the same process is reused for many fuzzing runs, QEMU state needs to
-be reset at the end of each run. There are currently two implemented
-options for resetting state:
+be reset at the end of each run. For example, this can be done by rebooting the
+VM, after each run.
-- Reboot the guest between runs.
- *Pros*: Straightforward and fast for simple fuzz targets.
- *Cons*: Depending on the device, does not reset all device state. If the
@@ -308,15 +302,3 @@ options for resetting state:
reboot.
- *Example target*: ``i440fx-qtest-reboot-fuzz``
-
-- Run each test case in a separate forked process and copy the coverage
- information back to the parent. This is fairly similar to AFL's "deferred"
- fork-server mode [3]
-
- - *Pros*: Relatively fast. Devices only need to be initialized once. No need
to
- do slow reboots or vmloads.
-
- - *Cons*: Not officially supported by libfuzzer. Does not work well for
- devices that rely on dedicated threads.
-
- - *Example target*: ``virtio-net-fork-fuzz``
--
2.39.0
- [PULL 02/10] fuzz: add fuzz_reset API, (continued)
- [PULL 02/10] fuzz: add fuzz_reset API, Alexander Bulekov, 2023/02/16
- [PULL 03/10] fuzz/generic-fuzz: use reboots instead of forks to reset state, Alexander Bulekov, 2023/02/16
- [PULL 04/10] fuzz/generic-fuzz: add a limit on DMA bytes written, Alexander Bulekov, 2023/02/16
- [PULL 05/10] fuzz/virtio-scsi: remove fork-based fuzzer, Alexander Bulekov, 2023/02/16
- [PULL 06/10] fuzz/virtio-net: remove fork-based fuzzer, Alexander Bulekov, 2023/02/16
- [PULL 07/10] fuzz/virtio-blk: remove fork-based fuzzer, Alexander Bulekov, 2023/02/16
- [PULL 09/10] fuzz: remove fork-fuzzing scaffolding, Alexander Bulekov, 2023/02/16
- [PULL 08/10] fuzz/i440fx: remove fork-based fuzzer, Alexander Bulekov, 2023/02/16
- [PULL 10/10] docs/fuzz: remove mentions of fork-based fuzzing,
Alexander Bulekov <=
- Re: [PULL 00/10] Replace fork-based fuzzing with reboots, Peter Maydell, 2023/02/21