Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[infra] Check that fuzzers don't fail on an empty input file #8341

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

[infra] Check that fuzzers don't fail on an empty input file #8341

wants to merge 3 commits into from

Conversation

fmeum
Copy link
Contributor

@fmeum fmeum commented Aug 24, 2022

Adds a new bad build check for libfuzzer targets that runs the fuzzer on
an empty file without any further arguments. This is specifically meant
to catch issues with argument parsing in libFuzzer derivates such as
Jazzer.

Fixes #8276

@fmeum fmeum force-pushed the 8276-bad-build-check branch from f5a7786 to 6691a7d Compare August 24, 2022 04:59
@fmeum fmeum marked this pull request as draft August 24, 2022 06:03
@fmeum fmeum marked this pull request as ready for review August 24, 2022 07:53
@fmeum
Copy link
Contributor Author

fmeum commented Aug 24, 2022

@oliverchang I don't see how the test failure is related to my change as it diffs cloud build steps. Do you know what could cause it?

@jonathanmetzman
Copy link
Contributor

@oliverchang I'm not sure I like this. I think it's super tailored to catching the last problem (which should be caught through pinning and tests there) and I don't want to add overhead to bad_build_check which is used in ClusterFuzzLite.

@jonathanmetzman
Copy link
Contributor

There may be fuzzers that are slow to startup and frankly I think any amount of time spent on this in ClusterFuzzLite is too much, it doesn't belong there and I think we should do something like this elsewhere.

@oliverchang
Copy link
Collaborator

@oliverchang I'm not sure I like this. I think it's super tailored to catching the last problem (which should be caught through pinning and tests there) and I don't want to add overhead to bad_build_check which is used in ClusterFuzzLite.

I think this is still important. We have a lot of wrapper scripts now with languages like Java, Python and we need to make sure reproducing works.

Even ignoring the last issue -- it seems to make perfect sense to me that a target should not crash with an empty input.

Re ClusterFuzzLite slowness -- is this something we can fix there instead? Does bad build check make sense there in general?

@oliverchang
Copy link
Collaborator

@fmeum could you please merge master into this PR to see if that fixes the infra tests?

@fmeum
Copy link
Contributor Author

fmeum commented Sep 1, 2022

Will do.

@oliverchang If this check is mostly meant to apply to Jazzer, Atheris and potential future wrappers, maybe limiting the check to fuzzing languages other than C/C++ could help with @jonathanmetzman's concerns?

@fmeum fmeum force-pushed the 8276-bad-build-check branch from 6691a7d to de3b375 Compare September 4, 2022 15:23
@oliverchang
Copy link
Collaborator

Thanks @fmeum! @jonathanmetzman WDYT?

@jonathanmetzman
Copy link
Contributor

I'm not sold on this change, i don't think it's necessary and it slows things down.

@oliverchang
Copy link
Collaborator

Spoke with @jonathanmetzman offline here. The main concern was slowing down CFLite -- we could just gate this behind a flag and let CFLite opt out.

@fmeum fmeum force-pushed the 8276-bad-build-check branch from de3b375 to e98011c Compare September 9, 2022 14:39
@fmeum
Copy link
Contributor Author

fmeum commented Sep 9, 2022

@oliverchang Some of the checks fail with:

2022-09-09T14:50:01.9843353Z �[0m�[91mERROR: /src/centipede/BUILD:502:8: Compiling blob_file_test.cc failed: (Exit 1): clang-15 failed: error executing command /usr/local/bin/clang-15 -U_FORTIFY_SOURCE -fstack-protector -Wall -Wthread-safety -Wself-assign -Wunused-but-set-parameter -Wno-free-nonheap-object -fcolor-diagnostics -fno-omit-frame-pointer -g0 -O2 ... (remaining 53 arguments skipped)
2022-09-09T14:50:01.9844040Z 
2022-09-09T14:50:01.9844480Z Use --sandbox_debug to see verbose messages from the sandbox and retain the sandbox build root for debugging
2022-09-09T14:50:01.9916525Z �[0m�[91mblob_file_test.cc:50:5: error: use of undeclared identifier 'EXPECT_OK'
2022-09-09T14:50:01.9916996Z     EXPECT_OK(appender->Open(path));

I'm also running into this locally.

@oliverchang
Copy link
Collaborator

@oliverchang Some of the checks fail with:

2022-09-09T14:50:01.9843353Z �[0m�[91mERROR: /src/centipede/BUILD:502:8: Compiling blob_file_test.cc failed: (Exit 1): clang-15 failed: error executing command /usr/local/bin/clang-15 -U_FORTIFY_SOURCE -fstack-protector -Wall -Wthread-safety -Wself-assign -Wunused-but-set-parameter -Wno-free-nonheap-object -fcolor-diagnostics -fno-omit-frame-pointer -g0 -O2 ... (remaining 53 arguments skipped)
2022-09-09T14:50:01.9844040Z 
2022-09-09T14:50:01.9844480Z Use --sandbox_debug to see verbose messages from the sandbox and retain the sandbox build root for debugging
2022-09-09T14:50:01.9916525Z �[0m�[91mblob_file_test.cc:50:5: error: use of undeclared identifier 'EXPECT_OK'
2022-09-09T14:50:01.9916996Z     EXPECT_OK(appender->Open(path));

I'm also running into this locally.

Please merge master. This should be fixed by #8467

@fmeum fmeum force-pushed the 8276-bad-build-check branch from e98011c to fbc87e7 Compare September 12, 2022 07:09
@fmeum
Copy link
Contributor Author

fmeum commented Sep 12, 2022

@oliverchang Looks good now.

oliverchang
oliverchang reviewed Sep 13, 2022
View reviewed changes
infra/base-images/base-runner/bad_build_check Outdated
@@ -433,6 +466,13 @@ function main {
result=$?
checks_failed=$(( $checks_failed + $result ))

if [ -z ${MORE_BAD_BUILD_CHECKS+x} ]
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be -n instead?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch, fixed.

oliverchang
oliverchang reviewed Sep 13, 2022
View reviewed changes
infra/base-images/base-runner/bad_build_check Outdated
@@ -433,6 +466,13 @@ function main {
result=$?
checks_failed=$(( $checks_failed + $result ))

if [ -n "$MORE_BAD_BUILD_CHECKS" ]
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this may still break due to the -u argument passed to the hashbang bash command.

You'll need something like ${MORE_BAD_BUILD_CHECKS:-} instead

fmeum and others added 3 commits September 13, 2022 08:14
@fmeum
[infra] Check that fuzzers don't fail on an empty input file
7ce44a9 
Adds a new bad build check for libfuzzer targets that runs the fuzzer on
an empty file without any further arguments. This is specifically meant
to catch issues with argument parsing in libFuzzer derivates such as
Jazzer.

Fixes google#8276
@fmeum
Use -n instead of -z
c6d61f2
@fmeum
Guard against undefined MORE_BAD_BUILD_CHECKS
22e021d
@fmeum fmeum force-pushed the 8276-bad-build-check branch from e6c1b3a to 22e021d Compare September 13, 2022 06:14
oliverchang
oliverchang approved these changes Sep 13, 2022
View reviewed changes
Copy link
Collaborator

@oliverchang oliverchang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! I'll merge this tomorrow since it's close to EOD for me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oliverchang oliverchang oliverchang approved these changes

@jonathanmetzman jonathanmetzman Awaiting requested review from jonathanmetzman

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

bad_build_check didn't catch latest Jazzer breakage
3 participants
@fmeum @jonathanmetzman @oliverchang