alexcrichton opened PR #9457 from alexcrichton:update-differential-fuzzer
to bytecodealliance:main
:
This commit updates the processing of the
ALLOWED_*
environment variables to work differently than before. Previously the list of engines and module-generation-strategies were filtered based onALLOWED_*
environment variables but this meant that the meaning of a fuzz input changed depending on environment variables. This commit instead replaces the handling of these environment variables to ensure that the meaning of the fuzz input doesn't change depending on their values. Instead fuzz test cases are early-thrown-out if they request an engine that's disabled or a module-generation-strategy that's disabled.<!--
Please make sure you include the following information:
If this work has been discussed elsewhere, please include a link to that
conversation. If it was discussed in an issue, just mention "issue #...".Explain why this change is needed. If the details are in an issue already,
this can be brief.Our development process is documented in the Wasmtime book:
https://docs.wasmtime.dev/contributing-development-process.htmlPlease ensure all communication follows the code of conduct:
https://github.com/bytecodealliance/wasmtime/blob/main/CODE_OF_CONDUCT.md
-->
alexcrichton requested elliottt for a review on PR #9457.
alexcrichton requested wasmtime-fuzz-reviewers for a review on PR #9457.
github-actions[bot] commented on PR #9457:
Subscribe to Label Action
cc @fitzgen
<details>
This issue or pull request has been labeled: "fuzzing"Thus the following users have been cc'd because of the following labels:
- fitzgen: fuzzing
To subscribe or unsubscribe from this label, edit the <code>.github/subscribe-to-label.json</code> configuration file.
Learn more.
</details>
fitzgen submitted PR review.
fitzgen created PR review comment:
log::debug!("test case uses a runtime-disabled engine");
elliottt submitted PR review:
Looks good, just curious about how we ensure that the fuzzer is staying productive.
elliottt created PR review comment:
log::debug!("test case uses a runtime-disabled engine");
elliottt created PR review comment:
Do we have a way to categorize the early return cases, or can we find out if the fuzzer is spending all its time in unproductive configurations?
cfallin submitted PR review.
cfallin created PR review comment:
In the regalloc.rs fuzzer we used atomics to count stats (iirc similar thing, rejected cases) and the fuzz case that got a value 0 mod 1000 from the fetch-and-add printed a progress message with all stats -- this at least gave us a general sense watching interactively. I don't think there's a way to get such output from oss-fuzz though. IIRC there is a way to return a status to libFuzzer that tells it specifically the case is uninteresting?
abrown submitted PR review.
abrown created PR review comment:
It might not be clear in this diff but
RuntimeStats
is what does that here.
alexcrichton submitted PR review.
alexcrichton created PR review comment:
Can confirm what @abrown mentioned should work and it's the same idea as regalloc's fuzzers @cfallin mentions.
AFAIK though there's no way to tell libFuzzer something is uninteresting, but by not doing anything you're also saying "this introduces no new coverage" which means it should naturally get pruned and deduplicated from the corpus over time.
alexcrichton updated PR #9457.
alexcrichton has enabled auto merge for PR #9457.
alexcrichton merged PR #9457.
fitzgen submitted PR review.
fitzgen created PR review comment:
AFAIK though there's no way to tell libFuzzer something is uninteresting, but by not doing anything you're also saying "this introduces no new coverage" which means it should naturally get pruned and deduplicated from the corpus over time.
There actually is: if you return this https://docs.rs/libfuzzer-sys/latest/libfuzzer_sys/enum.Corpus.html#variant.Reject from a fuzz target, then it tells libfuzzer not to add that testcase into the corpus or reuse it for future mutations or whatever.
alexcrichton submitted PR review.
alexcrichton created PR review comment:
Whoa fancy!
Last updated: Dec 23 2024 at 13:07 UTC