[ovs-dev] ossfuzz: Regression testing with fuzzer generated corpus
Ben Pfaff
blp at ovn.org
Mon Dec 10 20:44:56 UTC 2018
On Fri, Nov 30, 2018 at 01:17:39PM +0100, Bhargava Shastry wrote:
> Hi all,
>
> oss-fuzz corpus (test inputs synthesized by the fuzzer) comprises two
> classes of inputs: crashing and non-crashing-but-new-coverage-yielding.
>
> At the moment, Open vSwitch performs regression testing using
> **crashing** test inputs only [1].
>
> [1]: https://github.com/openvswitch/ovs/tree/master/tests/fuzz-regression
>
> However, adding non-crashing test inputs generated by the fuzzer to this
> set may be useful to catch bugs that are not necessarily regressions of
> known bugs but bugs in program paths that have already been covered
> during fuzz testing.
>
> If you like this idea, I have an initial proposal. What we could do is
> use this "driver" [2] for each of the fuzzer targets to drive regression
> testing on the entire fuzzer corpus.
>
> [2]:
> https://github.com/llvm-mirror/compiler-rt/blob/master/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c
>
> The fuzzer corpus may be downloaded by oss-fuzz contact points (e.g.,
> Ben Pfaff, Justin Pettit etc.) from Google Cloud via a program called
> gsutil that is shipped with Google Cloud SDK. This would need to be
> updated from time to time, but this is very easy (`gsutil sync` is
> sufficient).
>
> The plan is to have a PR that includes the corpus obtained via Google
> cloud, standalone drivers, and some sort of regression test automation
> for all the fuzzer targets.
>
> I am interested in contributing to this effort, should you decide to go
> forward with it. Looking forward to feedback.
It sounds like a good idea to me.
More information about the dev
mailing list