Skip to content

fuzzer: write inputs to shared memory before running #22862

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 12, 2025
Merged

fuzzer: write inputs to shared memory before running #22862

merged 2 commits into from
Feb 12, 2025

Conversation

andrewrk
Copy link
Member

@andrewrk andrewrk commented Feb 11, 2025
edited
Loading

breaking change to the fuzz testing API; it now passes a type-safe context parameter to the fuzz function.

libfuzzer is reworked to select inputs from the entire corpus.

I tested that it's roughly as good as it was before in that it can find the panics in the simple examples, as well as achieve decent coverage on the tokenizer fuzz test.

however I think the next step here will be figuring out why so many points of interest are missing from the tokenizer in both Debug and ReleaseSafe modes.

does not quite close #20803 yet since there are some more important things to be done, such as opening the previous corpus, continuing fuzzing after finding bugs, storing the length of the inputs, etc.

the main change here is that fuzz input corpus is stored at .zig-cache/f/{s}/{d}, where {s} is the test name, and {d} is an incrementing integer.

@andrewrk
ZigLLVMTargetMachineEmitToFile: schedule sancov pass depending on mode
31c1320 
In debug mode, schedule it early. In release modes, schedule it late.
@andrewrk
fuzzer: write inputs to shared memory before running
d789f1e 
breaking change to the fuzz testing API; it now passes a type-safe
context parameter to the fuzz function.

libfuzzer is reworked to select inputs from the entire corpus.

I tested that it's roughly as good as it was before in that it can find
the panics in the simple examples, as well as achieve decent coverage on
the tokenizer fuzz test.

however I think the next step here will be figuring out why so many
points of interest are missing from the tokenizer in both Debug and
ReleaseSafe modes.

does not quite close #20803 yet since there are some more important
things to be done, such as opening the previous corpus, continuing
fuzzing after finding bugs, storing the length of the inputs, etc.
@andrewrk andrewrk added the release notes This PR should be mentioned in the release notes. label Feb 11, 2025
@andrewrk andrewrk mentioned this pull request Feb 11, 2025
Closed
@andrewrk andrewrk merged commit 58f9288 into master Feb 12, 2025
9 checks passed
@andrewrk andrewrk deleted the fuzz branch February 12, 2025 07:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
release notes This PR should be mentioned in the release notes.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

write fuzz inputs to a shared memory region before running a task
1 participant
@andrewrk