Closed samuel-rufi closed 3 years ago
fitzgen
commented
3 years ago The answer is the same as https://github.com/rust-fuzz/cargo-fuzz/issues/283
Can you explain more how
I would like to split in two corpuses, the ones that end in error and the one that end successfully.
is different from the default behavior where crashes go into artifacts and inputs that lead to new coverage go into corpus?
thibault-martinez
commented
3 years ago Hi @fitzgen, what was meant by error is a parsing error meaning that the bytes do not represent a valid model but it didn't crash. Since it doesn't crash, everything goes into the corpus but we would like a way to dynamically split this corpus into valid and invalid models. Does that make sense ?
fitzgen
commented
3 years ago libfuzzer does not support this kind of thing at runtime. E.g. https://www.llvm.org/docs/LibFuzzer.html#options says
To run the fuzzer, pass zero or more corpus directories as command line arguments. The fuzzer will read test inputs from each of these corpus directories, and any new test inputs that are generated will be written back to the first corpus directory
Should be easy enough to script yourself in a post-processing step, however, if you wanted to go down that route.
Going to close this issue since it is out of our control because, as libfuzzer doesn't support the functionality, we can't expose it.
Hi, is there a way to dynamically have more than one corpus folder? I would like to split in two corpuses, the ones that end in error and the one that end successfully. Is there a way to do this? With error I mean it shouldn't crash. Many thanks for the help.