[ovs-dev] ossfuzz: Regression testing with fuzzer generated corpus
Bhargava Shastry
bshastry at sect.tu-berlin.de
Mon Dec 3 18:34:10 UTC 2018
Hi Aaron,
Please find my reply inline:
On 11/30/18 4:34 PM, Aaron Conole wrote:
> Bhargava Shastry <bshastry at sect.tu-berlin.de> writes:
...
>> If you like this idea, I have an initial proposal. What we could do is
>> use this "driver" [2] for each of the fuzzer targets to drive regression
>> testing on the entire fuzzer corpus.
>>
>> [2]:
>> https://github.com/llvm-mirror/compiler-rt/blob/master/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c
>>
>> The fuzzer corpus may be downloaded by oss-fuzz contact points (e.g.,
>> Ben Pfaff, Justin Pettit etc.) from Google Cloud via a program called
>> gsutil that is shipped with Google Cloud SDK. This would need to be
>> updated from time to time, but this is very easy (`gsutil sync` is
>> sufficient).
>
> Why should this only be available to small group of people? Is it
> possible to expose this to everyone? That way developers could take
> advantage of the fuzzer for their own internal testing while developing
> patches. Did I misunderstand it?
I was hoping the regression-corpus would be checked into the code base
so it is public.
>> The plan is to have a PR that includes the corpus obtained via Google
>> cloud, standalone drivers, and some sort of regression test automation
>> for all the fuzzer targets.
>
> I would prefer if it were sent to the list, and have updates also come
> via the list. But that's just me.
Actually, I was thinking of a patch sent to list when I called it a PR :)
More information about the dev
mailing list