On 200526 1725, Philippe Mathieu-Daudé wrote: > On 5/26/20 4:56 PM, Alexander Bulekov wrote: > > On 200526 1105, Philippe Mathieu-Daudé wrote: > >> On 5/26/20 10:56 AM, Stefan Hajnoczi wrote: > >>> On Tue, May 26, 2020 at 07:58:18AM +0200, Philippe Mathieu-Daudé wrote: > >>>> Hi Alexander, > >>>> > >>>> I forgot to share these 2 patches wrote before > >>>> the direct MemoryRegion fuzzer sent yesterday. > >>>> > >>>> Regards, > >>>> > >>>> Phil. > >>>> > >>>> Philippe Mathieu-Daudé (2): > >>>> tests/qtest/fuzz: Avoid QTest ioport serialization > >>>> tests/qtest/fuzz: Avoid QTest mmio serialization > >>>> > >>>> tests/qtest/fuzz/i440fx_fuzz.c | 19 +++++++++++++------ > >>>> tests/qtest/fuzz/virtio_net_fuzz.c | 6 ++++-- > >>>> tests/qtest/fuzz/virtio_scsi_fuzz.c | 6 +++++- > >>>> 3 files changed, 22 insertions(+), 9 deletions(-) > >>> > >>> Will it still be possible to print qtest reproducer commands when a > >>> crash is found? > >> > >> Yes, there is no change in the corpus format. > > > > Yes, though with these patches, the qtest-based code will be gone. > > Should there be some option to switch between the two modes? > > How so? > > How do you generate your reproducers?
Right now basically with this: --- a/qtest.c +++ b/qtest.c @@ -808,6 +808,8 @@ bool qtest_driver(void) void qtest_server_inproc_recv(void *dummy, const char *buf) { + // It would be nice to add support for qtest's built in qtest_log_fp. + printf(">>> %s\n", buf); static GString *gstr; if (!gstr) { gstr = g_string_new(NULL); -- It would be nice to add support for qtest's built in qtest_log_fp. Unless I'm missing something, these address_space_writes completely bypass qtest, so there has to be some additional step to build reproducers(eg running against the QTest-based version, or adding some way to spit out corresponding qtest commands for the address_space_writes). > > > >>> > >>> Other than this concern, higher fuzzing rates would be great. > >> > >> Thanks, > >> > >> Phil. > >