You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On a recent GitHub Actions Ubuntu instance with 4 cores, cifuzz passes -jobs=4 to libFuzzer.
libFuzzer limits the number of active workers to half the available cores, resulting in 2 workers.
In this configuration, libFuzzer often times out even if it successfully detects crashes, as it does not timeout only when both workers identify at least one crash. However, cifuzz does not report crashes if the libFuzzer driver times out, even when crashes are detected. This behavior can be observed in the cifuzz implementation: source code.
Consequently, when parallel fuzzing is enabled, cifuzz rarely reports crashes under these conditions.
Example of a live case where crashes were detected but not reported:
When parallel-fuzzing is enabled, libFuzzer tries to find multiple crashes.
For instance:
In this configuration, libFuzzer often times out even if it successfully detects crashes, as it does not timeout only when both workers identify at least one crash. However, cifuzz does not report crashes if the libFuzzer driver times out, even when crashes are detected. This behavior can be observed in the cifuzz implementation: source code.
Consequently, when parallel fuzzing is enabled, cifuzz rarely reports crashes under these conditions.
Example of a live case where crashes were detected but not reported:
The text was updated successfully, but these errors were encountered: