Max Moroz

41 projects which we should try DFT-based fuzzing on: ``` aosp brotli bzip2 capstone cmark giflib harfbuzz hoextdown lcms libchewing libexif libgit2 libidn2 libldac libpcap libplist libteken libtsm libwebp libyaml...

Ack. I've just got a null deref in libFuzzer locally, but I think it has something to do with the way things are getting built now (i.e. `-fsanitize=fuzzer` uses LLVM...

In dataflow builds `LIB_FUZZING_ENGINE` is pointing to `DataFlow.o` -- it doesn't use libFuzzer. I need to hack `--engine libfuzzer` build. Others may need to do it as well from time...

For now, bumped LLVM to r361579 locally. The crash reproduced anyway, probably because I didn't use `-fork=` mode: ```cpp if (Flags.collect_data_flow && !Flags.fork && !Flags.merge) { if (RunIndividualFiles) return CollectDataFlow(Flags.collect_data_flow,...

zlib_uncompress_fuzzer, `-fork=1`, 1 hour: ``` $ asan/zlib_uncompress_fuzzer -use_value_profile=1 -collect_data_flow=dfsan/zlib_uncompress_fuzzer -print_final_stats=1 -max_total_time=3600 -fork=1 -timeout=25 corpus/df_ new corpus/new/ corpus/cf/ INFO: Seed: 1493609206 INFO: Loaded 1 modules (664 inline 8-bit counters): 664 [0x7e5af0,...

@kcc, another question for you: how do I see how much time is spent on collecting DFT? I'm just worried that if I enable it in current CF configuration, we'll...

@mbouaziz I'm not going to add it myself :)

Yeah, it looks like I got it running locally, will see if that succeeds. I assume that adding support for a new build system is pretty straightforward. Is it so?

+1 to have it

@mbarbella-chromium Marty do you want to own this? Once GradientFuzz starts working, it might make sense to figure out a good solution for adding any new models in future.