Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Heuristics to filter / prioritize crashes #168

Open
oliverchang opened this issue Mar 18, 2024 · 1 comment
Open

Heuristics to filter / prioritize crashes #168

oliverchang opened this issue Mar 18, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@oliverchang
Copy link
Collaborator

oliverchang commented Mar 18, 2024
edited
Loading

To aid in filtering down the number of potential false positive crashes reported to maintainers, we can applying the following prioritization rules:

  • Crash with LLVMFuzzerTestOneInput as the top frame: Most likely false positive.
  • Crash discovered without any / much coverage growth: likely false positive. Note though, there can be exceptions here if there is a particular low hanging fruit in the function being fuzzed that's very easy to find.
  • Crash discovered with zero coverage diff or edge coverage: most likely false positive.
  • Use after frees where the free happens in LLVMFuzzerTestOneInput.
  • null derefs, FPEs, aborts, C++ exceptions, are likely uninteresting to report.

Additionally, we need a way to detect cases of #164 and #7.
@oliverchang oliverchang added the enhancement New feature or request label Mar 18, 2024
@DonggeLiu
Copy link
Collaborator

The first one is addressed:

Will address the others soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@oliverchang @DonggeLiu