Hi all, oss-fuzz corpus (test inputs synthesized by the fuzzer) comprises two classes of inputs: crashing and non-crashing-but-new-coverage-yielding.
At the moment, Open vSwitch performs regression testing using **crashing** test inputs only [1]. [1]: https://github.com/openvswitch/ovs/tree/master/tests/fuzz-regression However, adding non-crashing test inputs generated by the fuzzer to this set may be useful to catch bugs that are not necessarily regressions of known bugs but bugs in program paths that have already been covered during fuzz testing. If you like this idea, I have an initial proposal. What we could do is use this "driver" [2] for each of the fuzzer targets to drive regression testing on the entire fuzzer corpus. [2]: https://github.com/llvm-mirror/compiler-rt/blob/master/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c The fuzzer corpus may be downloaded by oss-fuzz contact points (e.g., Ben Pfaff, Justin Pettit etc.) from Google Cloud via a program called gsutil that is shipped with Google Cloud SDK. This would need to be updated from time to time, but this is very easy (`gsutil sync` is sufficient). The plan is to have a PR that includes the corpus obtained via Google cloud, standalone drivers, and some sort of regression test automation for all the fuzzer targets. I am interested in contributing to this effort, should you decide to go forward with it. Looking forward to feedback. Best, Bhargava -- Bhargava Shastry <[email protected]> Security in Telecommunications TU Berlin / Telekom Innovation Laboratories Ernst-Reuter-Platz 7, Sekr TEL 17 / D - 10587 Berlin, Germany phone: +49 30 8353 58235 Keybase: https://keybase.io/bshastry _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
