Well, in general this can be interesting. Apart from our default testsuite, we occasionally ran static code analysis tools. Having additional tests for partially valid scripts and inputs can help to find more issues.
That being said, I don't think we currently qualify as a project with "significant user base and/or be critical to the global IT infrastructure". Also, without Java support these tests would only apply to our native and GPU operations, which do not directly deal with external inputs. So Janardhan, which fuzz targets to you have in mind? Looking over the existing projects we would have to provide build scripts that reference C/C++ entry points for fuzz testing. Although I can see applications (e.g., corrupted column indexes in sparse matrices), I'm not sure if it's a good idea to perform checks for valid inputs on every operation instead of simply hardening the code path for external inputs. Regards, Matthias On Mon, May 21, 2018 at 10:41 AM, Janardhan <[email protected]> wrote: > They accepted( google/oss-fuzz ), SystemML project for fuzz testing. > > PR link: https://github.com/google/oss-fuzz/pull/1429 > > - Janardhan > > On Mon, May 21, 2018 at 11:46 AM, Janardhan <[email protected]> wrote: > >> Hi all, >> >> ---- >> To find various programming errors (mostly detectable such as buffer >> overflow), a fuzz testing can be of great help. >> >> ---- >> Merits: >> 1. It will easily detects common programming errors, which we might have >> missed or not unit tested. >> 2. Improves the quality of our code. >> >> --- >> Demerits: >> 1. If a bug is found, it will be made public after 90 + 15 (grace period) >> days. So, we must fix it before three months, if there is bug. >> 2. For now only C and C++ are supported, Java will be supported soon. >> >> Please use this PR for discussion https://github.com/ >> google/oss-fuzz/pull/1429 , for adding our project's CPP part for fuzzing. >> >> Once you approve, I will try to build a docker image of SystemML and >> configure with help. The results of the test will be CC'ed to private >> mailing list, only. >> >> >> Thank you, >> Janardhan >>
