Closed NikLeberg closed 2 years ago
NikLeberg
commented
2 years ago Hey @hgarrereyn, I now sometimes (around 50% of the time) have a doubled output when I run the writer. It seems as if libFuzzer is running the crash twice. Have you noticed something similar somehow?
hgarrereyn
commented
2 years ago Yeah I noticed the double output as well. I'm pretty sure this is a libFuzzer thing and not a GraphFuzz thing. I spent some time looking into it a while ago but wasn't able to identify the underlying issue. It might be worth invoking LLVMFuzzerTestOneInput directly for the fuzz_write harness at some point.
NikLeberg
commented
2 years ago I played around a bit with a debug libFuzzer build. The second call to LLVMFuzzerTestOneInput comes from an invocation of TryDetectingAMemoryLeak. Under some circumstances libFuzzer thinks a leak happened and tries to check this. With an additional command line flag -detect_leaks=0 this mechanism is disabled. Maybe GraphFuzz could set this flag automatically for a fuzz_write harness?
As stated in #8 output while converting the graph representation of a crash to code is interleaved with informal output from GraphFuzz.
This change aims to separate the output by letting GraphFuzz only output to
std::cerr. This together with the fact that also libFuzzer only ever prints tostderr(see: here) allows for redirecting thestdoutto a file that only has the code for reproducing the crash. For example with:I'm going to test this in my own projects. Because of that this is a draft.Seems to work. :)