Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build: enable CIFuzz #1490

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

DavidKorczynski
Copy link

Add CIFuzz workflow action to have fuzzers build and run on each PR.
This is a service offered by OSS-Fuzz, on which coveragepy already runs.

CIFuzz can help detect catch regressions and fuzzing build issues early, and has a variety of features (see the URL above). In the current PR the fuzzer is built on a pull request and will run for 300 seconds.

Signed-off-by: David Korczynski [email protected]

Signed-off-by: David Korczynski <[email protected]>
@nedbat
Copy link
Owner

nedbat commented Nov 18, 2022

Thanks! There was also some mention some place of moving the fuzzing code itself into this repo so that we could extend it. How do we make that happen?

@DavidKorczynski
Copy link
Author

DavidKorczynski commented Nov 18, 2022

There was also some mention some place of moving the fuzzing code itself into this repo so that we could extend it. How do we make that happen?

Move this code https://github.com/google/oss-fuzz/blob/master/projects/coveragepy/fuzz_parse.py into this library. We can move this anytime now -- feel free to make a PR on OSS-Fuzz that remove it and moves it up here. We should adjust https://github.com/google/oss-fuzz/blob/master/projects/coveragepy/build.sh and https://github.com/google/oss-fuzz/blob/master/projects/coveragepy/Dockerfile accordingly, but this is likely just switching a link.

In order to build fuzz_parse.py in the OSS-Fuzz environment, we use https://github.com/google/oss-fuzz/blob/master/projects/coveragepy/build.sh It would be great to continue using compile_python_fuzzer for the OSS-Fuzz environment since it makes it possible to get the coverage reports (thanks to this repo :) !) as well as introspector reports (still early stage for Python: https://github.com/ossf/fuzz-introspector).

If we place the fuzzer in test/fuzzers/ of this repo, then we can adjust the build script on OSS-Fuzz to use:

for fuzzer in $(find ./test/fuzzers/ -name 'fuzz_*.py'); do
  compile_python_fuzzer $fuzzer
done

The source folder in the find command is the only thing changed. That will make it possible to simply put new fuzzers in test/fuzzers/* and OSS-Fuzz will start running them continuously automatically.

I can also make a PR that does the above -- let me know if you'd like me to and I'll do this tomorrow Friday.

@ProsperousHeart
Copy link
Contributor

ProsperousHeart commented Mar 20, 2023

Are this and #1497 still valid @nedbat ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants