Comments (3)
It generates a coverage report but doesn't create the static HTML pages that are often associated with coverage reports.
Specifically, when I run build_simple_example.sh
I get a file (from tests folder) simple-example-0/work/fuzzer.covreport
with the content:
fuzz_entry:
65| 8.01M|int fuzz_entry(const uint8_t *data, size_t size) {
66| 8.01M| int ret;
67| 8.01M| if (size == 2) {
68| 0| ret = target2(data);
69| 0| }
70| 8.01M| else if (size == 3) {
71| 0| ret = target3(data);
72| 0| }
73| 8.01M| else {
74| 8.01M| ret = 1;
75| 8.01M| }
76| 8.01M| return ret;
77| 8.01M|}
LLVMFuzzerTestOneInput:
79| 12.2M|int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
80| 12.2M| if (size < 10) {
81| 4.21M| return 0;
82| 4.21M| }
83| 8.01M| char *kldfj = (char*)malloc(123);
84| 8.01M| char *nt = malloc(size+1);
85| 8.01M| memcpy(nt, data, size);
86| 8.01M| nt[size] = '\0';
87| 8.01M| fuzz_entry(nt, size);
88| 8.01M| return 0;
89| 12.2M|}
This is the raw coverage data that Fuzz Introspector interprets.
When I look at the HTML report generated in the folder simple-example-0/web
I get (after having launched a webserver in the web
folder using python3 -m http.server 8012
): at the URL http://localhost:8012/fuzz_report.html#fuzz_blocker0 the following UI:
As such, a blocker is found and target2
is the largest blocked function. As we can see in the covreport
line 67 is a blocker given the current coverage. That said, ti doesn't look like a branch blocker since looking at the summary.json
at simple-example-0/web/summary.json
I get:
{
"fuzzer": {
"branch_blockers": [],
"stats": {
"total-basic-blocks": 49,
"total-cyclomatic-complexity": 28,
"file-target-count": 1
},
I think it may be that the sample is too small and the branch blocker definitions doesn't care when the blocked code is too small. Maybe this should be adjusted to work with small samples.
Let me know if you have further questions or if I didn't answer all your concerns!
from fuzz-introspector.
Closing as fixed.
from fuzz-introspector.
It generates a coverage report but doesn't create the static HTML pages that are often associated with coverage reports.
Specifically, when I run
build_simple_example.sh
I get a file (from tests folder)simple-example-0/work/fuzzer.covreport
with the content:fuzz_entry: 65| 8.01M|int fuzz_entry(const uint8_t *data, size_t size) { 66| 8.01M| int ret; 67| 8.01M| if (size == 2) { 68| 0| ret = target2(data); 69| 0| } 70| 8.01M| else if (size == 3) { 71| 0| ret = target3(data); 72| 0| } 73| 8.01M| else { 74| 8.01M| ret = 1; 75| 8.01M| } 76| 8.01M| return ret; 77| 8.01M|} LLVMFuzzerTestOneInput: 79| 12.2M|int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 80| 12.2M| if (size < 10) { 81| 4.21M| return 0; 82| 4.21M| } 83| 8.01M| char *kldfj = (char*)malloc(123); 84| 8.01M| char *nt = malloc(size+1); 85| 8.01M| memcpy(nt, data, size); 86| 8.01M| nt[size] = '\0'; 87| 8.01M| fuzz_entry(nt, size); 88| 8.01M| return 0; 89| 12.2M|}
This is the raw coverage data that Fuzz Introspector interprets.
When I look at the HTML report generated in the folder
simple-example-0/web
I get (after having launched a webserver in theweb
folder usingpython3 -m http.server 8012
): at the URL http://localhost:8012/fuzz_report.html#fuzz_blocker0 the following UI:As such, a blocker is found and
target2
is the largest blocked function. As we can see in thecovreport
line 67 is a blocker given the current coverage. That said, ti doesn't look like a branch blocker since looking at thesummary.json
atsimple-example-0/web/summary.json
I get:{ "fuzzer": { "branch_blockers": [], "stats": { "total-basic-blocks": 49, "total-cyclomatic-complexity": 28, "file-target-count": 1 },
I think it may be that the sample is too small and the branch blocker definitions doesn't care when the blocked code is too small. Maybe this should be adjusted to work with small samples.
Let me know if you have further questions or if I didn't answer all your concerns!
Thanks for your kind reply, but one more question is that when I use libxml2-2.9.8 and a simple harness, the local build doesn't detect the fuzz blocker but integrating it into oss-fuzz using fuzz introspector detects the fuzz blocker.
from fuzz-introspector.
Related Issues (20)
- REST-API interface is very inconsistent HOT 9
- Extend project-summary API endpoint to include project wide summary HOT 6
- web_api: Consider Semver
- Incorrect `fuzzer_name`s in some projects
- using fuzz introspector with other fuzzers (AFL-Like) HOT 3
- Add rust support for introspector HOT 4
- Missing timestamps for projects on introspector.oss-fuzz.com HOT 1
- web app: on project profile page add graphs for historical progression of coverage per-fuzzer
- Improve cross-referencing data
- expat: showing 0.0% code coverage even if the static inline function is reached HOT 2
- missing type definitions for ndpi functions
- Showing FI compatibility with a project in the `far-reach-but-low-coverage` API HOT 2
- web: Add further APIs
- Proposed legal & governance improvements for the OpenSSF
- Introspector Builds Failing for all OSS-Fuzz Python Projects Since 2024-04-23 HOT 4
- Docker build fails HOT 3
- Add mypy to the webapp HOT 2
- Add more testing for web API HOT 1
- expose absolute paths to header files HOT 2
- Running out of memory when generating report for Bitcoin Core
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fuzz-introspector.