clusterfuzz
clusterfuzz copied to clipboard
google
About Clustefuzz corpus assign strategy
In the clusterfuzz corpus strategy, can all seeds be arranged in libfuzzer_corpus according to size, and each bot only takes one copy from it for execution?
The initial strategy is to take out all the seeds each time. I think this large number of seeds will cause pressure within a single bot, and the use of the same initial corpus by each bot with the same engine will lead to a certain degree of repetitive work.
Here's a job to simply evaluate the advantages of this strategy.apply to libFuzzer
Since I don't know how to evaluate the performance of this improvement, can you guide me where the code changes are accurate? @jonathanmetzman @inferno-chromium @oliverchang @mbarbella-chromium Huge thanks for your helps!
It automatically just works, just define the libfuzzer, honggfuzz, afl job types containing fuzz binaries with same names and then they just share the same corpora automatically, see "CORPUS_FUZZER_NAME_OVERRIDE = libFuzzer" in afl and honggfuzz templates here - https://github.com/google/clusterfuzz/blob/master/src/local/butler/scripts/setup.py#L57
Is it possible to sort seeds in this shared corpus to find more effective seeds? This has been proven to be very effective in libFuzzer-FORK. Although this is shared under different engines.
My simple method is: first sort the seeds in the corpus according to the size of the seeds, and then divide them into multiple groups evenly. Each bot takes out a copy as its own initial corpus without repetition, and loops in turn. Can anyone give me some advice? Thanks!
@jonathanmetzman @oliverchang, Sorry to bother you, looking forward to your reply and email.