-
Notifications
You must be signed in to change notification settings - Fork 35.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fuzz: Avoid timeout and bloat in fuzz targets #28815
Conversation
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. Code CoverageFor detailed information about the code coverage, see the test coverage report. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
Can be tested by running the corresponding test case from #28812 (comment) and looking at the runtime |
fa4db4a
to
fa3a00d
Compare
fa3a00d
to
fa2e33c
Compare
fa11c29
to
fa2cd4c
Compare
Concept ACK Question: What is the difference compared to #27552 ("partial" fuzzers)? |
As I said on that pull request, it needs benchmarks and review on a case-by-case basis to check whether it is useful for a specific fuzz target. If someone wants to do those benchmarks on the fuzz targets touched in this pull request, and finds a positive outcome, nothing is holding anyone back from applying the concept. The goal of this pull request is to prevent the fuzz engine from exploring invalid serializations in a loop, as they do not help the fuzz target in any way, increase runtime, and increase storage costs. I've edited the pull request description to clarify that this only covers loop serialization. |
Also, fix iwyu
fa2cd4c
to
fabb504
Compare
Did the same for coins_view, because it followed the same pattern, even though a timeout is currently not reported by Oss-Fuzz. |
There seems to be a pattern here, maybe it makes sense to have something like a |
Not sure, there are also some loops that do not pick out of several callables. Happy to push any refactoring, if someone uploads a diff, patch, or commit. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
utACK fabb504
Didn't test but the rational makes a lot of sense to me. This should be better even if it doesn't solve the timeouts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
crACK fabb504
Logic makes sense for me. I didn't check all the targets, but it seems we could apply it in coincontrol
as well.
Yes, I was thinking about this, too. In practise it doesn't matter because Can be done in a follow-up, or in this pull, if I have to re-touch again. |
If the fuzz input contains invalid data in a loop, abort early. This will teach the fuzz engine to look for useful data and avoids bloating the fuzz input folder with useless (repeated) data.