Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add TypeNameFuzzer #107206

Merged
merged 5 commits into from
Sep 2, 2024
Merged

Add TypeNameFuzzer #107206

merged 5 commits into from
Sep 2, 2024

Conversation

buyaa-n
Copy link
Contributor

@buyaa-n buyaa-n commented Aug 30, 2024

Add TypeNameFuzzer with dictionary values

NOTE: Do not run Fuzzer until #107195 merged, else it will fail with same issue

Putting the PR to get feedback on dictionary and fuzzer

@dotnet-issue-labeler dotnet-issue-labeler bot added the needs-area-label An area label is needed to ensure this gets routed to the appropriate area owners label Aug 30, 2024
@adamsitnik adamsitnik mentioned this pull request Aug 30, 2024
Merged
adamsitnik
adamsitnik approved these changes Aug 30, 2024
View reviewed changes
Copy link
Member

@adamsitnik adamsitnik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thank you @buyaa-n !

src/libraries/Fuzzing/DotnetFuzzing/Dictionaries/typename.dict Show resolved Hide resolved
@adamsitnik
Copy link
Member

Do not run Fuzzer until #107195 merged, else it will fail with same issue

I've merged #107195 to unblock you.

@adamsitnik adamsitnik added area-System.Reflection.Metadata and removed needs-area-label An area label is needed to ensure this gets routed to the appropriate area owners labels Aug 30, 2024
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Tagging subscribers to this area: @dotnet/area-system-reflection-metadata
See info in area-owners.md if you want to be subscribed.

@buyaa-n
Copy link
Contributor Author

buyaa-n commented Aug 30, 2024

@MihuBot fuzz TypeName

@MihuBot MihuBot mentioned this pull request Aug 30, 2024
Open
@buyaa-n @MihaZupan
Update src/libraries/Fuzzing/DotnetFuzzing/Dictionaries/typename.dict
89f7cf7 
Co-authored-by: Miha Zupan <mihazupan.zupan1@gmail.com>
@build-analysis build-analysis bot mentioned this pull request Aug 30, 2024
Open
3 tasks
@buyaa-n
Copy link
Contributor Author

buyaa-n commented Aug 30, 2024

@MihuBot fuzz TypeName

@MihuBot MihuBot mentioned this pull request Aug 30, 2024
Open
@MihuBot
Copy link

MihuBot commented Aug 31, 2024 

// TypeNameFuzzer
Process terminated. Assertion failed.
Pre-allocated full name should have been provided in the ctor
   at System.Reflection.Metadata.TypeName.get_FullName()
   at System.Reflection.Metadata.TypeName.get_FullName()
   at System.Reflection.Metadata.TypeName.get_AssemblyQualifiedName()
   at System.Reflection.Metadata.TypeNameParserHelpers.GetGenericTypeFullName(ReadOnlySpan`1 fullTypeName, ReadOnlySpan`1 genericArgs)
   at System.Reflection.Metadata.TypeName.get_FullName()
   at System.Reflection.Metadata.TypeName.get_FullName()
   at System.Reflection.Metadata.TypeName.get_FullName()
   at System.Reflection.Metadata.TypeName.get_FullName()
   at System.Reflection.Metadata.TypeName.get_FullName()
   at System.Reflection.Metadata.TypeName.get_FullName()
   at System.Reflection.Metadata.TypeName.get_FullName()
   at DotnetFuzzing.Fuzzers.TypeNameFuzzer.Test(Span`1 testSpan) in D:\a\runtime-utils\runtime-utils\Runner\runtime\src\libraries\Fuzzing\DotnetFuzzing\Fuzzers\TypeNameFuzzer.cs:line 35
   at DotnetFuzzing.Fuzzers.TypeNameFuzzer.FuzzTarget(ReadOnlySpan`1 bytes) in D:\a\runtime-utils\runtime-utils\Runner\runtime\src\libraries\Fuzzing\DotnetFuzzing\Fuzzers\TypeNameFuzzer.cs:line 25
   at SharpFuzz.Fuzzer.LibFuzzer.Run(ReadOnlySpanAction action, Boolean ignoreExceptions)
   at SharpFuzz.Fuzzer.LibFuzzer.Run(ReadOnlySpanAction action)
   at DotnetFuzzing.Program.RunFuzzer(IFuzzer fuzzer, String inputFiles) in D:\a\runtime-utils\runtime-utils\Runner\runtime\src\libraries\Fuzzing\DotnetFuzzing\Program.cs:line 86
   at DotnetFuzzing.Program.Main(String[] args) in D:\a\runtime-utils\runtime-utils\Runner\runtime\src\libraries\Fuzzing\DotnetFuzzing\Program.cs:line 67
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[TStateMachine](TStateMachine& stateMachine)
   at DotnetFuzzing.Program.Main(String[] args)
   at DotnetFuzzing.Program.<Main>(String[] args)
ALARM: working on the last Unit for 61 seconds
       and the timeout value is 60 (use -timeout=N to change)
MS: 1 InsertRepeatedBytes-; base unit: 1d3815d8668dcfd3f2a53619ef95f13d85a0a9ee
0x0,0x5b,0x0,0x5b,0x5d,0x5b,0x5d,0x5b,0x5d,0x5b,0x5d,0x5b,0x5d,0x5b,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x2c,0x5d,0x5b,0x5d,0x5d,0x5b,0x5d,0x5b,0x5d,0x5b,0x5d,0x5b,0x5d,0x5b,0x5d,0x5b,0x5d,
\000[\000[][][][][][,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,][]][][][][][][]
artifact_prefix='./'; Test unit written to TypeNameFuzzer-artifact-1
Base64: AFsAW11bXVtdW11bXVssLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsLCwsXVtdXVtdW11bXVtdW11bXQ==
==9192== ERROR: libFuzzer: timeout after 61 seconds
SUMMARY: libFuzzer: timeout

@build-analysis build-analysis bot mentioned this pull request Aug 31, 2024
Open
3 tasks
@adamsitnik adamsitnik mentioned this pull request Sep 2, 2024
Merged
@adamsitnik
Copy link
Member

I was able to repro the test failure:

[Fact]
public void FirstBugDiscoveredByTheFuzzer()
{
    const string Input = "\0[\0[][][][][][,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,][]][][][][][][]";

    TypeName typeName = TypeName.Parse(Input.AsSpan());

    _ = typeName.FullName;
}

@buyaa-n I am going to provide a fix

@adamsitnik adamsitnik mentioned this pull request Sep 2, 2024
Merged
@adamsitnik
Copy link
Member

The fix: #107261

Since it's a one-liner I am going to push the change to your branch @buyaa-n and run the fuzzer again (so if there are more bugs, I can fix them)

@adamsitnik
Copy link
Member

@MihuBot fuzz TypeName

@MihuBot MihuBot mentioned this pull request Sep 2, 2024
Open
@adamsitnik
Copy link
Member

/ba-g the failure is unrelated, I need to get it merged to see if #106334 that I want to backport is going to pass fuzzing as well

@adamsitnik adamsitnik merged commit 48ae967 into dotnet:main Sep 2, 2024
82 of 85 checks passed
@buyaa-n buyaa-n deleted the typename-fuzzer branch September 2, 2024 23:51
adamsitnik added a commit to adamsitnik/runtime that referenced this pull request Sep 9, 2024
@buyaa-n @MihaZupan @adamsitnik
Add TypeNameFuzzer (dotnet#107206)
d109cff 
Co-authored-by: Miha Zupan <mihazupan.zupan1@gmail.com>
Co-authored-by: Adam Sitnik <adam.sitnik@gmail.com>
@adamsitnik adamsitnik mentioned this pull request Sep 9, 2024
Merged
4 tasks
carlossanlop pushed a commit that referenced this pull request Sep 12, 2024
@adamsitnik @buyaa-n @MihaZupan
[release/9.0] TypeName fuzzer and bug fixes (#107533)
e9633ab 
* AssemblyNameInfo fuzzer (#107195)

* add initial AssemblyNameInfo Fuzzer

* fix the first bug that it has discovered

* Fix sbyte overflow in TypeName parsing (#107261)

* Add TypeNameFuzzer (#107206)

Co-authored-by: Miha Zupan <mihazupan.zupan1@gmail.com>
Co-authored-by: Adam Sitnik <adam.sitnik@gmail.com>

* [TypeName] Nested types should respect MaxNode count (#106334)

* Improve AssemblyNameInfo Fuzzer (#107257)

---------

Co-authored-by: Buyaa Namnan <bunamnan@microsoft.com>
Co-authored-by: Miha Zupan <mihazupan.zupan1@gmail.com>
jtschuster pushed a commit to jtschuster/runtime that referenced this pull request Sep 17, 2024
@buyaa-n @MihaZupan
@adamsitnik @jtschuster
Add TypeNameFuzzer (dotnet#107206)
a4b3a1c 
Co-authored-by: Miha Zupan <mihazupan.zupan1@gmail.com>
Co-authored-by: Adam Sitnik <adam.sitnik@gmail.com>
sirntar pushed a commit to sirntar/runtime that referenced this pull request Sep 30, 2024
@buyaa-n @MihaZupan
@adamsitnik @sirntar
Add TypeNameFuzzer (dotnet#107206)
91b6d17 
Co-authored-by: Miha Zupan <mihazupan.zupan1@gmail.com>
Co-authored-by: Adam Sitnik <adam.sitnik@gmail.com>
@github-actions github-actions bot locked and limited conversation to collaborators Oct 3, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@MihaZupan MihaZupan MihaZupan approved these changes

@adamsitnik adamsitnik adamsitnik approved these changes

Assignees

@buyaa-n buyaa-n

Labels
area-System.Reflection.Metadata
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@buyaa-n @adamsitnik @MihuBot @MihaZupan