Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable keep/reject inputs from the corpus #97

Merged
merged 4 commits into from Oct 18, 2022
Merged

Conversation

dacut
Copy link
Contributor

@dacut dacut commented Oct 1, 2022

This allows the fuzz target to indiciate whether an input was useful for the fuzz testing by returning Corpus::Keep or Corpus::Reject. Backwards compatibility is preserved by coercing the unit type () to Corpus::Keep.

This maps to 0 (Keep) and -1 (Reject) in the libFuzzer API: https://llvm.org/docs/LibFuzzer.html#rejecting-unwanted-inputs

This allows the fuzz target to indiciate whether an input was useful
for the fuzz testing by returning Corpus::Keep or Corpus::Reject.
Backwards compatibility is preserved by coercing the unit type () to
Corpus::Keep.

This maps to 0 (Keep) and -1 (Reject) in the libFuzzer API:
https://llvm.org/docs/LibFuzzer.html#rejecting-unwanted-inputs
Copy link
Member

@fitzgen fitzgen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! A couple nitpicks below, and once they're addressed this should be good to merge.

(Sorry about the delay, I've been on vacation)

src/lib.rs Outdated Show resolved Hide resolved
src/lib.rs Outdated Show resolved Hide resolved
src/lib.rs Outdated Show resolved Hide resolved
@dacut
Copy link
Contributor Author

dacut commented Oct 14, 2022

Will take a look at this over the next day or so. Thanks!

Docs: make it explicit that we're ignoring the return value of the
function under test. Add comments from libfuzzer explaining why one
might want to keep inputs out of the corpus.

Convert From<Corpus> to i32 to a pub fn to_libfuzzer_code() that is
impl on Corpus to avoid accidental conversion.
@dacut
Copy link
Contributor Author

dacut commented Oct 17, 2022

I see there are some test failures. Now that I see how you're running tests (cargo test --doc instead of cargo test), I'll see what's going on there and resolve.

@dacut
Copy link
Contributor Author

dacut commented Oct 17, 2022

Alright, got the cargo test --doc issues sorted out. I'm not sure if this is a MacOS thing, but on my machine I have to remove the subshell calls in ci/script.sh to make it work:

1134 dacut/projects/libfuzzer% git diff
diff --git a/ci/script.sh b/ci/script.sh
index 59462d4..2f1da2f 100755
--- a/ci/script.sh
+++ b/ci/script.sh
@@ -10,13 +10,13 @@ cargo test --doc
 pushd ./example
 cargo fuzz build
 cargo fuzz build  --dev
-(! cargo fuzz run bananas -- -runs=100000)
+! cargo fuzz run bananas -- -runs=100000
 popd

 pushd ./example_arbitrary
 cargo fuzz build
 cargo fuzz build  --dev
-(! cargo fuzz run rgb -- -runs=10000000)
+! cargo fuzz run rgb -- -runs=10000000
 RUST_LIBFUZZER_DEBUG_PATH=$(pwd)/debug_output \
     cargo fuzz run rgb \
     $(ls ./fuzz/artifacts/rgb/crash-* | head -n 1)
@@ -27,7 +27,7 @@ popd
 pushd ./example_mutator
 cargo fuzz build
 cargo fuzz build  --dev
-(! cargo fuzz run boom -- -runs=10000000)
+! cargo fuzz run boom -- -runs=10000000
 popd

 echo "All good!"

Copy link
Member

@fitzgen fitzgen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

src/lib.rs Outdated Show resolved Hide resolved
@fitzgen fitzgen merged commit 393082d into rust-fuzz:master Oct 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants