[C++][CI] Enable continuous fuzzing

[asfimport]

Since fuzzing kinda only works if done as a continuous background job, we should find a way of doing so. This likely requires another service than Travis. Basic requirements are:

• master builds should be submitted for fuzzing
• project members should be informed about new crashes (ideally not via public issue due to potential security impact)

Reporter: Marco Neumann / @crepererum
Assignee: Yevgeny Pats / @yevgenypats

Related issues:

• [C++] Fuzzer builds fail out of the box on Ubuntu 16.04 using LLVM apt repos (is blocked by)

PRs and other links:

• GitHub Pull Request #4504

_{Note: This issue was originally created as ARROW-5525. Please see the migration documentation for further details.}

[asfimport]

Wes McKinney / @wesm:
Issue resolved by pull request 4504
#4504

[asfimport]

Antoine Pitrou / @pitrou:
@yevgenypats Can you explain how one can view the fuzzing jobs? I submitted a build from my local machine but don't know where to view it (I'm using the hardcoded API key):

2019/09/17 14:20:01 Creating job...
2019/09/17 14:20:02 Uploading fuzzer...
2019/09/17 14:20:39 Starting job
2019/09/17 14:20:39 Job aQbIQe0y2n4LX0iKYjnd started succesfully
2019/09/17 14:20:39 Job created successfully

[asfimport]

Marco Neumann / @crepererum:
There's https://fuzzit.dev/ where you can login via GitHub, but I think your account must be linked to the apache/arrow organization (on Fuzzit, not on GitHub). That (to my understanding) must be done by the Fuzzit support team ( @yevgenypats ?).

[asfimport]

Yevgeny Pats / @yevgenypats:
@pitrou  I've added you as admin to apache arrow organisation https://app.fuzzit.dev/orgs/yMxZh42xl9qy6bvg3EiJ/dashboard.

[~marco.neumann.by] you are admin in the organisation.

 

As far as I remember the fuzzing was a bit stalled as the arrow-ipc-fuzzing target was crashing constantly and it wasn't fix so it doesn't really accumulate any interesting corpus.

Also a lot was changed since we first integrated apache-arrow so if fuzzing is a again a priority I would love to help - transfer apache/arrow to new organisation (the old one was deprecated.) and update the Fuzzit CLI to latest version.

 

Also @pitrou  you can join our slack at https://slack.fuzzit.dev and DM so I can help you set it up.

[asfimport]

Marco Neumann / @crepererum:

[~marco.neumann.by] you are admin in the organisation.
Didn't know that. @pitrou which mail address do you use for GitHub so I can add you to the Org?

 

As far as I remember the fuzzing was a bit stalled as the arrow-ipc-fuzzing target was crashing constantly and it wasn't fix so it doesn't really accumulate any interesting corpus.
I have tried to fix all known bugs and fixed the CI, so since some weeks it runs more or less smoothly again. One thing that we might change is to add some known arrow files to the seed corpus so we don't solely rely on the fuzzer to find valid files during the exploration.
Also a lot was changed since we first integrated apache-arrow so if fuzzing is a again a priority I would love to help - transfer apache/arrow to new organisation (the old one was deprecated.) and update the Fuzzit CLI to latest version.
That would help a lot I think.

[asfimport]

Antoine Pitrou / @pitrou:
[~marco.neumann.by] I think it's pitrou@free.fr

[asfimport]

Yevgeny Pats / @yevgenypats:
[~marco.neumann.by] ok, cool. I'll open a PR with an update. and I'll transfer you organisation to a new one.