Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Continuous fuzzing #289

Closed
AdamKorcz opened this issue Oct 15, 2020 · 10 comments
Closed

Continuous fuzzing #289

AdamKorcz opened this issue Oct 15, 2020 · 10 comments

Comments

@AdamKorcz
Copy link

Hello,

I see that Compress is being fuzzed which is awesome!

I would like to suggest setting up continuous fuzzing by way of Googles oss-fuzz infrastructure. Continuous fuzzing will help with running the fuzzers regularly as well as fuzzing for deeper bugs that take longer time to discover.

Oss-fuzz is a free service that is offered with an implied expectation that found bugs are fixed, so that the resources spent on fuzzing Compress go towards fixing bugs. I will be happy to integrate Compress into oss-fuzz. All I need are the email addresses for the maintainers that should receive potential bug reports. Note that these email addresses will be added to a public list that can be amended at any time.
@klauspost
Copy link
Owner

Sounds like a good idea. I am missing the continuous fuzzing.

@AdamKorcz
Copy link
Author

Sure. To proceed, please leave the email addresses for maintainers to receive bug reports, and I will setup integration.

@klauspost
Copy link
Owner

Wow this is complicated to set up :/

@AdamKorcz
Copy link
Author

yeah, can be tricky. If you need me to set it up, let me know, I have it ready already

@alexey-milovidov alexey-milovidov mentioned this issue Mar 4, 2023
Closed
@alexey-milovidov
Copy link

It is a prerequisite for using S2 in ClickHouse.

@klauspost
Copy link
Owner

All fuzzing has been migrated to Go 1.18 Fuzzing and there is 500K iteration fuzzing running on every PR now.

I still have no objection to adding oss-fuzz.

@alexey-milovidov
Copy link

Wow! It means that the concern is resolved completely. Thank you!

@AdamKorcz
Copy link
Author

Okay, I will get a PR up on OSS-Fuzz this weekend for integration.

@klauspost
Copy link
Owner

@AdamKorcz I don't know if a complication is that is has several Fuzz tests, and as you can see I run them both with and without assembly -tags=noasm - and a few where it is assembly with some features disabled FuzzNoBMI2Dec

I have an extended corpus from running them here. I try to keep the "public", in repo, corpus reasonably small, since it impacts the download size.

It could be set up with a script that has -fuzztime=30m on each, after which it moves on to the next.

If there is any way I can help, let me know. The go.yaml contains all the fuzz tests that are relevant.

@klauspost
Copy link
Owner

klauspost commented Mar 10, 2023
edited
Loading

@AdamKorcz

I feel that I am about to get into trouble with adding a seed file. (I have removed that line for now)

Since your PR lists files to copy.

I was thinking of adding a tag=fuzznoext so it would simply skip importing the external seed files.

For dictionaries that is needed for the tests I could embed them in the binary with go:embed.

These are the solutions with the least disruptive updates I can think of, that also would require the least maintenance.

@klauspost klauspost mentioned this issue Apr 14, 2023
Closed
@klauspost klauspost mentioned this issue Sep 26, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@klauspost @alexey-milovidov @AdamKorcz