(Potentially) broken resiprocate build

[Dor1s]

https://oss-fuzz-build-logs.storage.googleapis.com/index.html

Step #4: ++ sancov -print-coverage-pcs /workspace/out/address/aresfuzz
Step #4: ++ wc -l
Step #4: + local NUMBER_OF_EDGES=89
Step #4: + ((  89 < 90  ))
Step #4: + echo 'BAD BUILD: the code does not seem to have coverage instrumentation.'
Step #4: + CHECK_FAILED=1
Step #4: + ((  1 > 0  ))
Step #4: + exit 1
Step #4: BAD BUILD: the code does not seem to have coverage instrumentation.

89 is so close to the threshold, need to take a closer look whether the target is so small or instrumentation flags are being handled improperly

[Dor1s]

Well, this one seems legit. I haven't noticed any issues with instrumentation. However, there is one more target which is even smaller:

root@07916516ef2c:/out# sancov -print-coverage-pcs ./aresfuzz | wc -l
89
root@07916516ef2c:/out# sancov -print-coverage-pcs ./aresfuzzname | wc -l
21

I'm not sure that second target makes sense at all... e.g. if I instrument a dummy program like the following one:

#include <stddef.h>
#include <stdint.h>
#include <string.h>

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  int result = 0;
  if (size % 2) {
    result = strlen((const char*)data);
  }
  if (size % 4) {
    result *= result;
  }
  for (int i = 0; i < result; ++i) {
    result -= i;
  }
  if (result > 0) return 0;
  return 0;
}

It gives me 6 edges:

root@07916516ef2c:/out# sancov -print-coverage-pcs ./test | wc -l
6

So, the second fuzz target named aresfuzzname is just 3.5X more complex that my useless program listed above.

@gjasny, is there a way to extend those fuzz targets to cover more code paths?

[gjasny]

Hello,

the currently activated fuzzing targets in resiprocate just cover the embedded ares library. Those tests are copied / inspired by the c-ares projects fuzz targets. The fuzz-name test could be found here. Extending the ares might be possible, but as a first step, combining the existing ares fuzz targets into one might be feasible.

For resiprocate in general I have a PR pending to add a broader coverage across the whole project: resiprocate/resiprocate#82

Thanks,
Gregor

[Dor1s]

Thanks for taking a look! Let's wait for your PR to land.

[Dor1s]

resiprocate/resiprocate#82 is merged, but I don't see those new fuzz targets on OSS-Fuzz: https://oss-fuzz.com/v2/fuzzer-stats/by-fuzzer/2018-02-22/2018-02-28/fuzzer/libFuzzer/job/libfuzzer_asan_resiprocate

Could you please send a pull request updating https://github.com/google/oss-fuzz/blob/master/projects/resiprocate/build.sh ?

The best move would be write it in a such way that it would copy all fuzz targets at once, so you won't need to update it again after adding a new target upstream.

Instrumentation numbers are still low for existing fuzz targets, but that's fine. We'll find another way to check instrumentation.

root@06363dbf5730:/out# objdump -t aresfuzz | egrep -c __sancov    
20
root@06363dbf5730:/out# objdump -t aresfuzzname | egrep -c __sancov
21

[gjasny]

I filed #1206 to add the new targets.

[inferno-chromium]

Duplicate of #1331