Wip: fuzz: init manager #8714
Wip: fuzz: init manager #8714
Conversation
| } | ||
|
|
||
| message InitTestCase { | ||
| repeated InitAction actions = 1; |
There was a problem hiding this comment.
@asraa do you think we should advocate for FuzzDataProvider here (for performance, and because the trace format is simple), or are there good reasons to keep this a proto trace format?
There was a problem hiding this comment.
FuzzDataProvider! TIL. Will explore and introduce
There was a problem hiding this comment.
There is a downside; it's harder to hand-craft corpuses (and understand failing corpus files). It would be ideal if there was some CLI tool that translated from a proto representation of the binary data to the raw binary for FuzzDataProvider, so that both of these can be better handled. Not sure if anyone has built this kind of thing already.
There was a problem hiding this comment.
Oh no!! I had suggested this change yesterday but I didn't know GH review process has an extra submit button.
Yeah, I personally think that if the actions are simple enough to describe, using a FuzzedDataProvider to chose oneof some number of actions is better.
But if there's a strong case for the order of the scenarios bringing interesting behavior (the ordering of ready, add target, destruction) without necessarily strictly increasing code coverage, I think the proto trace format is better. I only think though that if you decide to do the proto trace format way, that you enter a good number of corpus entries.
|
|
||
| DEFINE_PROTO_FUZZER(const test::common::init::InitTestCase& input) { | ||
| if (input.actions_size() < 3) { | ||
| return; |
There was a problem hiding this comment.
Eventually it would be:
if initDriver determine the input as "not a legit input` (e.g. use-after-free, or 0 ready() is signal so as not initialized)
| return; | ||
| } | ||
| InitDriver driver(1, 1); | ||
| ENVOY_LOG_MISC(critical, "input size {}", input.actions_size()); |
There was a problem hiding this comment.
Please make all log messages <= debug, since any emitted logs will slow down fuzzing. The fuzzer will emit critical in ClusterFuzz.
There was a problem hiding this comment.
Sure. Will remove when it's ready to review
| for (const auto& act : input.actions()) { | ||
| driver.transit(act); | ||
| } | ||
| RELEASE_ASSERT(driver.ready_flags_[0], "manager not initialized"); |
There was a problem hiding this comment.
How do you know this will be non-empty?
There was a problem hiding this comment.
The driver should be initialized with reasonable number of manager.
|
|
||
| class InitDriver { | ||
| public: | ||
| InitDriver(int manager_size, int target_size) { |
There was a problem hiding this comment.
Prefer fixed size types in Envoy code style, unsigned where it makes sense like here.
| if (input.actions_size() < 3) { | ||
| return; | ||
| } | ||
| InitDriver driver(1, 1); |
There was a problem hiding this comment.
Why is this parameterized when it's only used with a fixed size?
| int tid = (param % 1); | ||
| switch (action.action()) { | ||
| case test::common::init::INIT_MANAGER_INITIALIZE: | ||
| ms_[mid]->initialize(*ws_[mid]); |
There was a problem hiding this comment.
Can you provide an explanation of what you are aiming to verify by fuzzing? I'm guessing it's not crash resilience, so it's some correctness property. Is the range of possible inputs so large that we can't just use some unit tests or brute force testing? Etc.
|
@htuch Thank you for the early review! The sequences has limited number but it's about 10~ish ! if N = 2 I plan to use the InitDriver to determine the expectation and handle invalid sequence. Most of the comments are awe to the working-in-progress |
|
Close for now to avoid confusion Thanks for the reference of data provider! |
Extracted from #8523 @mergeconflict mentioned we can also maintain a collection of TargetImpl(and a initialize_ flag, std::once_flag) at the target owner. I agree it works but a SharedTarget provides stronger cohesion. Follow up: * update #8523 on top of this PR * complete fuzz test #8714 Signed-off-by: Yuchen Dai <silentdai@gmail.com>
Signed-off-by: Yuchen Dai silentdai@gmail.com
Description:
The goal is to verify the init manager behavior since I am adding shared target in
#8268#8523Risk Level:
Testing:
Docs Changes:
Release Notes:
[Optional Fixes #Issue]
[Optional Deprecated:]