internal/fuzz: ensure coordinator can reconstruct input during minimization #48165
Labels
FrozenDueToAge
fuzz
Issues related to native fuzzing support
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
release-blocker
Milestone
Comments
jayconrod
added
NeedsInvestigation
rsc
changed the title
|
Checking in on this issue as it's labeled a release blocker for Go 1.18. Is there any update? |
|
Closing as duplicate of #48165. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Currently, I think there's a scenario where the fuzzing engine finds a value that causes a crash but can't reconstruct or record it.
During normal fuzzing, if a worker terminates unexpectedly, the coordinator can reconstruct the entry that caused the crash using the initial entry and the execution count and PRNG state in shared memory. That process is deterministic.
That won't work during minimization since the worker makes many small decisions along the way. For example, after removing a byte from a string, the worker might proceed with the shorter string or revert the change depending on whether the shorter string triggered the same coverage.
One possible solution is to log these minimization decisions in shared memory so the coordinator can reconstruct the minimized input after a crash.
The text was updated successfully, but these errors were encountered: