Simonas Kazlauskas

`libfuzzer` needs the memory to store the knowledge it has gathered about the program. Fuzzing extremely branchy code is prone to using extreme amounts of memory. The only way I...

You will want to try and run the fuzzer with a debugger and then look at the stack trace to understand if the signal 11 (SIGSEGV) is coming from your...

(Ideally we wouldn't crash without retaining the test case, but the issue report is not super clear whether that's actually true)

Actually now that I’m thinking… since we do not really have any supported versions of rustc other than the most recent nightly, there’s no benefit in packaging the Cargo.lock. The...

IIRC this issue predates the `--release` flag.

It is likely that instrumenting libstd itself is counterproductive. Instrumenting libstd and all dependent libraries will increase the workload of sanitizer greatly and may take longer than necessary to yield...

Some clarification to my comment above: `libstd` does not need to be instrumented for panics to be understood by the fuzzer. With that out of the way… By only instrumenting...

@emk consider providing at least one starter file to the fuzzer (put into fuzz/corpus). --- > Well, yeah, but the branches in libstd will be opaque to the fuzzer, no?...

The sanitizer(s) are (or were in the past, at least) required for fuzzing to work at all, as the instrumentation from sanitizers was how libfuzzer would gather information from the...

I'd be happy to see `-Zbuild-std` integrated somehow as well. Personally, I think extra 30 seconds to build the standard library are probably inconsequential when the fuzz target will be...