More useful output on NEW_FUNC -- include function names

[alex]

libFuzzer will print a handy NEW_FUNC output when running to show the first time it executes a new function. This is very helpful when developing a fuzzer to get a sense of the coverage you're achieving. Unfortunate with atheris, it seems to always be address only -- no function name:

#201019 NEW    cov: 7502 ft: 11769 corp: 91/1040b lim: 32 exec/s: 665 rss: 44Mb L: 24/32 MS: 3 ChangeBinInt-ChangeBit-ShuffleBytes-
        NEW_FUNC[1/2]: 0x238e9e5
        NEW_FUNC[2/2]: 0x238e9e9

I imagine this will require some wiring up to get libFuzzer to know about Python function names, but if there were a way to make it work, that'd be a boon for fuzzer development.

[TheShiftedBit]

I think this should be possible when fuzzing pure Python, simply by providing the right symbolizer symbols. I'll have to ensure that this doesn't break native symbolization though.

[TheShiftedBit]

Done. Pushed a change that replicates the NEW_FUNC feature from libFuzzer as NEW_PY_FUNC; this means Atheris will print data about some new functions when it discovers them.

Initially, I implemented this by providing a definition of __sanitizer_symbolize_pc, which taught libFuzzer how to print this information itself. However, said function is not called when using a sanitizer that provides its own definition of that function. This simpler approach therefore seems better.

[alex]

Wonderful, thank you!

…

On Wed, Dec 9, 2020 at 7:31 PM Ian Eldred Pudney ***@***.***> wrote: Closed #4 <#4>. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#4 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAAGBGANPTH3PBTCHS3YPDSUAJGLANCNFSM4ULMPPEQ> .

-- All that is necessary for evil to succeed is for good people to do nothing.