qemu-trivial
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] gitlab-ci.yml: Only run one test-case per fuzzer


From: Alexander Bulekov
Subject: Re: [PATCH] gitlab-ci.yml: Only run one test-case per fuzzer
Date: Fri, 2 Oct 2020 14:47:05 -0400

On 201002 1715, Thomas Huth wrote:
> On 02/10/2020 16.35, Alexander Bulekov wrote:
> > With 1000 runs, there is a non-negligible chance that the fuzzer can
> > trigger a crash. With this CI job, we care about catching build/runtime
> > issues in the core fuzzing code. Actual device fuzzing takes place on
> > oss-fuzz. For these purposes, only running one input should be
> > sufficient.
> > 
> > Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
> > Suggested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> > ---
> >  .gitlab-ci.yml | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
> > index a51c89554f..075c15d45c 100644
> > --- a/.gitlab-ci.yml
> > +++ b/.gitlab-ci.yml
> > @@ -303,7 +303,7 @@ build-oss-fuzz:
> >                        | grep -v slirp); do
> >          grep "LLVMFuzzerTestOneInput" ${fuzzer} > /dev/null 2>&1 || 
> > continue ;
> >          echo Testing ${fuzzer} ... ;
> > -        "${fuzzer}" -runs=1000 -seed=1 || exit 1 ;
> > +        "${fuzzer}" -runs=1 -seed=1 || exit 1 ;
> 
> ... but we're apparently already using a fixed seed for running the
> test, so it should be pretty much deterministic, shouldn't it? So the
> chance that the fuzzer hits a crash here for a pre-existing problem
> should be close to zero? ... so I'm not quite sure whether we really
> need this? Anyway, I certainly also won't object this patch, so in case
> anybody wants to merge it:

In addition to using an RNG+seed, libfuzzer also uses coverage
information to guide mutations. My guess is that as QEMU changes, this
coverage can change as well, so I wouldn't assume that using the same
seed will result in the same inputs generated, in the longer term.

Its true that the main benefit will probably be a few minutes shaved off
the 400 minute limit...
Thanks
-Alex

> 
> Acked-by: Thomas Huth <thuth@redhat.com>
> 



reply via email to

[Prev in Thread] Current Thread [Next in Thread]