-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CFG improvements #4
Comments
An example case in the form of systemd where some parts of the project forces a build with bfd, i.e. is incompatible with gold and LTO, which means fuzz-introspector won't work: google/oss-fuzz#7573 (comment) |
One solution to enhance statically extracted Call Graph specifcally for indirect calls is using this feature of
What we should do is building the fuzz target with those flags and implement |
Fuzz-introspector relies on extracting control-flow graphs to determine reachability of the code under analysis. In addition to this, fuzz-introspector extracts more data than what is in a pure CFG and we use that data to do fine-grained analysis. However, relying on LTO and using a somewhat homegrown approach to CFG extraction may not be ideal. Other alternatives could be considered:
The benefit of using our own is that it enables fast development (until technical debt grows too large), and this is of fairly high priority atm.
The text was updated successfully, but these errors were encountered: