Fuzzing Utilities, and bson2json+json2bson tools #1000
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vector-of-bool
changed the title
eramongodb
approved these changes
May 26, 2022
kevinAlbs
reviewed
Jul 19, 2022
|
|
||
| FUZZER_TIMEOUT (integer, seonds) | ||
| Set the maximum amount a single fuzzer task should run before the fuzzer | ||
| consideres it to be "stuck" and to generate a timeout report for the |
There was a problem hiding this comment.
Suggested change
| consideres it to be "stuck" and to generate a timeout report for the | |
| considers it to be "stuck" and to generate a timeout report for the |
| COMMAND "${CMAKE_COMMAND}" -E echo | ||
| " Running fuzzer program : $<TARGET_FILE:${name}>" | ||
| COMMAND "${CMAKE_COMMAND}" -E echo | ||
| " Corpus is stored in : ${art_dir}/corpus" |
There was a problem hiding this comment.
Suggested change
| " Corpus is stored in : ${art_dir}/corpus" | |
| " Corpus is stored in : ${art_dir}corpus" |
Slash is already present in ${arg_dir}.
| set (src_libbson_DIST | ||
| ${src_libbson_DIST_local} | ||
| ${src_libbson_build_DIST} | ||
| ${src_libbson_doc_DIST} | ||
| ${src_libbson_examples_DIST} | ||
| ${src_libbson_fuzz_DIST} | ||
| ${src_libbson_src_DIST} | ||
| ${src_libbson_tests_DIST} |
There was a problem hiding this comment.
The make-release-archive task task failure may be resolved by including bson2json.main.c and json2bson.c in the distribution tarball.
I suggest adding a CMakeLists.txt in the src/libbson/tools directory to set the variable ${src_libbbson_tools_DIST}.
kevinAlbs
reviewed
Jul 20, 2022
| executes it, but it will be EXCLUDE_FROM_ALL=TRUE if the CMake setting | ||
| ENABLE_FUZZING is not true. | ||
| ]] | ||
| function (mongoc_add_fuzzer name) |
There was a problem hiding this comment.
Is the run-fuzzer-bson-fuzz target expected to complete quickly? I suspect I am doing something wrong or misunderstanding. But running cmake --build cmake-build --target run-fuzzer-bson-fuzz produces this output:
% cmake --build cmake-build --target run-fuzzer-bson-fuzz
[0/1] cd /Users/kevin.albertson/review/mongo-c-driver-1000/cmake-build/fuzze...bertson/review/mongo-c-driver-1000/cmake-build/fuzzers/bson-fuzz.out//corpus
Running fuzzer program : /Users/kevin.albertson/review/mongo-c-driver-1000/cmake-build/fuzzers/bson-fuzz.debug
Corpus is stored in : /Users/kevin.albertson/review/mongo-c-driver-1000/cmake-build/fuzzers/bson-fuzz.out//corpus
Crashes will appear in : /Users/kevin.albertson/review/mongo-c-driver-1000/cmake-build/fuzzers/bson-fuzz.out/
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 2410153351
INFO: -fork=12: fuzzing in separate process(s)
INFO: -fork=12: 0 seed inputs, starting to fuzz in /var/folders/pv/p1jss0l97mq0ddr7rjbcbdt00000gp/T//libFuzzerTemp.FuzzWithFork16948.dir
#0: cov: 0 ft: 0 corp: 0 exec/s 0 oom/timeout/crash: 0/0/0 time: 0s job: 6 dft_time: 0
INFO: log from the inner process:
INFO: Seed: 2410369315
INFO: 0 files found in /var/folders/pv/p1jss0l97mq0ddr7rjbcbdt00000gp/T//libFuzzerTemp.FuzzWithFork16948.dir/C6
INFO: DataFlowTrace: reading from '/var/folders/pv/p1jss0l97mq0ddr7rjbcbdt00000gp/T//libFuzzerTemp.FuzzWithFork16948.dir/DFT'
INFO: A corpus is not provided, starting from an empty corpus
#2 INITED exec/s: 0 rss: 29Mb
INFO: 0/0 inputs touch the focus function
INFO: 0/0 inputs have the Data Flow Trace
ERROR: no interesting inputs were found. Is the code instrumented for coverage? Exiting.
INFO: exiting: 256 time: 0s
I expected the fuzzer to run for some time, and this completed instantly.
There was a problem hiding this comment.
That is abnormal. It means the execution is not generating any coverage data. I'll investigate when I get free time.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds some basic fuzzing build utilities, and defines bson2json and json2bson command-line tools. This was useful in diagnosing and debugging CDRIVER-4383 and CDRIVER-3380. It replaces the prior fuzzing target file, which itself wasn't being built by any CMake code.