| 10 Oct 2025 |
 fzakaria | on recent versions that was fixed...
I think your test harness might be too broad in what it's caatching | 00:10:25 |
| fzakaria | /nix/store/9d3ypgdl7h4i7xr4ld7bl745f7fwkz66-nix-2.32.0pre20251006_dirty/bin/nix eval -f id:000000,sig:11,src:000064,time:13566614,execs:193156749,op:havoc,rep:2
error:
… while evaluating the file '/home/fmzakari/Downloads/nix-eval-crashes/id:000000,sig:11,src:000064,time:13566614,execs:193156749,op:havoc,rep:2':
… in the argument of the not operator
at /home/fmzakari/Downloads/nix-eval-crashes/id:000000,sig:11,src:000064,time:13566614,execs:193156749,op:havoc,rep:2:1:5287:
| 00:10:38 |
| fzakaria | That seems like an acceptable error in eval | 00:10:58 |
 lovesegfault | hmmm | 00:21:29 |
| lovesegfault | maybe the harness is borked somehow? | 00:21:36 |
| fzakaria | I think i remember reviewing and you are catching Error or std::exception | 00:21:50 |
| fzakaria | maybe those are normal ?
I thought fuzzing is only looking for things that cause SIGSEGV | 00:22:39 |
| fzakaria | unless you set AFL_CRASH_EXITCODE='-1' | 00:23:23 |
| fzakaria | (or something) | 00:23:27 |
| fzakaria | (or special catching for MSAN/ASAN) | 00:24:12 |
| fzakaria |
Note that in nearly all cases you can never reach full coverage. A lot of functionality is usually dependent on exclusive options that would need individual fuzzing campaigns each with one of these options set. E.g., if you fuzz a library to convert image formats and your target is the png to tiff API, then you will not touch any of the other library APIs and features.
| 00:25:11 |
| lovesegfault | yeah. i've seen coverage go up to ~35% so maybe it's good? | 00:26:02 |
| lovesegfault | honggfuzz seemed to do better, maybe I should rescue that work | 00:26:17 |
| lovesegfault | I had another branch that used honggfuzz instead of afl++ | 00:26:30 |
| lovesegfault | the UI was much nicer | 00:26:34 |
| fzakaria | hmm | 01:40:55 |
| fzakaria | ¯\_(ツ)_/¯ don't know enough to comment on which is better | 01:41:04 |
| fzakaria | I see LLVM also has one included | 01:41:08 |
| lovesegfault | Another little bit of the curl-s3 work is up: https://github.com/NixOS/nix/pull/14206 | 14:56:17 |
 John Ericson | Sergei Zimmerman (xokdvium): would inline in a top-level function definition affect linking? | 16:38:40 |
| John Ericson | I am having some trouble with missing from_json and to_json deps | 16:39:00 |
| John Ericson | * I am having some trouble with missing from_json and to_json methods, from the macro nlohman provides | 16:39:11 |
| John Ericson | after moving things around | 16:39:13 |
| John Ericson | I would think that only static would do this, not inline, I am a bit conffused | 16:39:31 |
| lovesegfault | John Ericson: Do you think this is an improvement? https://github.com/NixOS/nix/pull/14206/commits/1aeeeec15fdd5580255feed9ad743c60367f6f30 | 16:57:13 |
| John Ericson | lovesegfault: yes I do, and if you make like a "run child args" struct with the CPP'd field, I think you can avoid so much more CPP | 17:00:44 |
| John Ericson | (let me know if that doesn't make sense) | 17:00:51 |
| lovesegfault | oh, i see what you mean | 17:03:35 |
| lovesegfault | done and pushed :) | 17:11:37 |
| John Ericson | lovesegfault: ok left a few more comments | 17:16:30 |
