Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

internal/fuzz: deduplicate interesting inputs #48303

Open
jayconrod opened this issue Sep 9, 2021 · 1 comment
Open

internal/fuzz: deduplicate interesting inputs #48303

jayconrod opened this issue Sep 9, 2021 · 1 comment
Labels
fuzz Issues related to native fuzzing support NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Backlog

Comments

@jayconrod
Copy link
Contributor

When the fuzzing engine starts, it runs inputs in the seed corpus and cached inputs to gather baseline coverage.

If two inputs provide the same coverage, we should prioritize one and ignore or deprioritize the other, perhaps deleting it if it was cached.

The AFL whitepaper explains how they deduplicate inputs based on coverage. We might use a similar algorithm. We could also use size and duration as metrics: smaller, faster inputs are better.
@jayconrod jayconrod added NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. fuzz Issues related to native fuzzing support labels Sep 9, 2021
@jayconrod jayconrod added this to the Backlog milestone Sep 9, 2021
@rsc rsc changed the title [dev.fuzz] internal/fuzz: deduplicate interesting inputs internal/fuzz: deduplicate interesting inputs Sep 21, 2021
@capnspacehook
Copy link

Is this a duplicate of #49290?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
fuzz Issues related to native fuzzing support NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
Go Security
Status: No status
Milestone
Backlog
Development

No branches or pull requests
2 participants
@jayconrod @capnspacehook