Interaction of --keep_going and -ignore_crashes=1

[mschessler]

While using Libfuzzers fork mode Jazzers --keep_going is naturally not enough and crashes the fuzzing after a while. Using -ignore_crashes=1 seems to work fine. But both together lead to Jazzer dealing with the crash without Libfuzzer noticing it. Currently I only see the minor issue of the number of crashes not getting counted and staying at zero in the command line output, but not sure if there are no other consequences.

[fmeum]

Do you happen to know whether libFuzzer's fork mode reports ASan halt_on_error=1 findings? That option served as the motivation for Jazzer's --keep_going mode and if it isn't well supported by libFuzzer, I'm inclined to say we should improve the upstream handling of such findings instead of doing something Jazzer-specific.

[mschessler]

Sorry I'm not sure.

[David-Merian-CI]

Hi @SyrasX - Thanks for raising this issue! Looks like we never really got back to you... I'm following up on how you're using Jazzer and what your goals are. Lots of folks start off using Jazzer then pivot to our flagship fuzzing suite because it's easier to use. Ping me if you want to discuss? david[dot]merian [at] code-intelligence[dot]com