Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tests: add new fuzzer #2965

Merged
merged 1 commit into from
Dec 7, 2023
Merged

tests: add new fuzzer #2965

merged 1 commit into from
Dec 7, 2023

Conversation

DavidKorczynski
Copy link
Contributor

@DavidKorczynski DavidKorczynski commented Dec 6, 2023
edited
Loading

This adds a new fuzzer that is similar in nature to jq_fuzz_execute. The difference is that the jq_fuzz_execute will seed both the jq program and input with fuzz data wheras this new jq_fuzz_fixed fuzzer has a predefined list of jq program and only the input will be seeded from the fuzzer. The benefit is that this fuzzer is closer to identifying issues that may happen in "generic jq programs" and much faster at exploring certain parts of the codebase. It does explore a subset of the jq_fuzz_execute, however, there is plenty of code to explore and this will be much more efficient at targeting some (relevant) parts of it.

The jq_progs was taken from the /tests/*.test files.

From a local run, this drastically improves code coverage.

@DavidKorczynski
tests: add new fuzzer
7abfdc5 
Signed-off-by: David Korczynski <[email protected]>
@emanuele6 emanuele6 merged commit 5029328 into jqlang:master Dec 7, 2023
28 checks passed
@emanuele6
Copy link
Member

Thank you!

@DavidKorczynski DavidKorczynski mentioned this pull request Dec 7, 2023
Merged
AdamKorcz pushed a commit to google/oss-fuzz that referenced this pull request Dec 7, 2023
@DavidKorczynski
jq: add new fuzzer from upstream (#11333)
9731dd1 
Ref: jqlang/jq#2965
wader
wader reviewed Dec 7, 2023
View reviewed changes
tests/jq_fuzz_fixed.cpp
"\"\") ) else . end )",
"[while(.<100; .*2)]",
"with_entries(.key |= \"KEY_\" + .)",
". - [\"xml\", \"yaml\"]",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are these generated from documentation or test? maybe could be?

Copy link
Contributor Author

@DavidKorczynski DavidKorczynski Dec 7, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

from the tests/*.test. This one specifically is:

jq/tests/man.test

Line 170 in 5029328

. - ["xml", "yaml"]

Specifically, it was generated using a simple scraping "capture each line that is after an empty line in some of the .test files" with a bit of sorting etc.

Please feel free to add any new ones as well! The more the merrier, and also it's not a big deal (for the fuzzer at least) if some of them are not valid.

@emanuele6 emanuele6 added the test label Dec 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wader wader wader left review comments

Assignees
No one assigned
Labels
test
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DavidKorczynski @emanuele6 @wader