Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

report: enable experiment run with local introspector #305

Closed
wants to merge 4 commits into from

Conversation

DavidKorczynski
Copy link
Collaborator

@DavidKorczynski DavidKorczynski commented Jun 4, 2024

Script for running an experiment using a local version of Fuzz Introspector's webapp.

For reference, there is also a more end-to-end version of this, which will run both the harness itself and the building of the introspector reports here. The logic in this PR is focused on using a local version of Fuzz Introspector's webapp such that all requests to ../api/.. happens to the local webapp.

Sample run:

export OPENAI_API_KEY=....
git clone https://github.com/google/oss-fuzz-gen
cd oss-fuzz-gen
python3.11 -m virtualenv .venv
. .venv/bin/activate
python3 -m pip install -r ./requirements.txt
TARGET_PROJECTS=htslib,tinyxml2 LLM_MODEL=gpt-3.5-turbo ./report/docker_local_run.sh
python3 -m report.web ./results/ 8012

Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
Copy link
Collaborator

@DonggeLiu DonggeLiu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @DavidKorczynski!
I left some comments below on how your code can better help with current experiment setting.
Please let me know if I missed anything : )

@@ -0,0 +1,70 @@
#!/bin/bash
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks so much for working on this promptly.

Could you please merge this into the existing docker_run.sh script?
I reckon they have a lot in common, and it's easier to adopt a local introspection for all experiments in that way.
Besides, maintaining one script is easier than two : )

Alternatively, it can be an independent script to set up the database (and do not care about running experiments), like upload_report.sh.

BTW, if you think modifying the code in docker_run.sh can simplify the integration (e.g., shorten the code, convert it into Python, etc.) or make the code more consistent, please feel free to do so.

The following comments will be based on the assumption of integrating this script into docker_run.sh.

# limitations under the License.

# Comma separated project list
PROJECTS=${TARGET_PROJECTS}
Copy link
Collaborator

@DonggeLiu DonggeLiu Jun 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The projects are the files in $BENCHMARK_SET (in docker_run.sh).

nit: Could you please use "${TARGET_PROJECTS}" to avoid unintended splitting or globbing?
Thanks, same below (e.g., $PWD -> "$PWD").

echo $WORK_DIR
git clone https://github.com/ossf/fuzz-introspector $ROOT_FI
cd $ROOT_FI
python3 -m pip install -r ./requirements.txt
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a minor note: docker_run.sh uses its own venv, please avoid conflict when merging : )

cd $ROOT_FI/tools/web-fuzzing-introspection/app/
FUZZ_INTROSPECTOR_SHUTDOWN=1 python3 ./main.py >> /dev/null &

SECONDS=5
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: IIRC, you mentioned that preparing the database for many projects (e.g., a full experiments with 200+ projects) can take a long time.
Would it be a good idea to make the waiting time depend on the project number? E.g. project_num * 5 seconds.
This can avoid spamming the log with "waiting messages".

while true
do
# Checking if exists
MSG=$(curl -v --silent 127.0.0.1:8080 2>&1 | grep "Fuzzing" | wc -l)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This happens to be the same port for experiment result report.

-g ${BENCHMARK_HEURISTICS} \
-gp ${PROJECTS} \
-gm 6 \
-e http://127.0.0.1:8080/api
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I reckon this can be merged into here.

@DavidKorczynski
Copy link
Collaborator Author

Superseded by #423

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants