s1341
commented
3 years ago Note that we will have to return an appropriate ExitKind to cause the executor/stage to save the test case into the objective corpus. Is this currently possible @andreafioraldi?
Instead of crashing the target after reporting an ASAN error, we should (optionally) restore the process state to that before the erroring test case, and then simply continue fuzzing.
This will allow us to avoid the high cost of signaling the target to kill it and respawning the fuzzer client.
We currently have full control of the heap, and know how to reset it. We just need to be able to reset the stack. This can be achieved by pivoting from the original fuzzer thread stack just before running the test case, and pivoting back on return/crash.