Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2284393003:
[wasm] Pulling in new wasm function fuzzer, and wasm module corpus. (Closed)
|
Created:
4 years, 3 months ago by bradnelson Modified:
4 years, 3 months ago CC:
chromium-reviews, jbudorick+watch_chromium.org, mikecase+watch_chromium.org Target Ref:
refs/pending/heads/master Project:
chromium Visibility:
Public. |
Description[wasm] Pulling in new wasm function fuzzer, and wasm module corpus.
Pulling in a new v8 fuzzer.
Adding a download step for the wasm and wasm->asm.js module fuzzers.
BUG=None
TEST=None
R=kcc@chromium.org,ahaas@chromium.org,mmoroz@chromium.org
Committed: https://crrev.com/20c9a731886d612b4bb33af74b26c9709e531ba2
Cr-Commit-Position: refs/heads/master@{#415340}
Patch Set 1 #Patch Set 2 : merge #
Total comments: 6
Messages
Total messages: 32 (17 generated)
The CQ bit was checked by bradnelson@chromium.org to run a CQ dry run
PTAL Ignore the DEPS roll + android test_runner change (I've included to do a try job), will wait until DEPS roll automatically and drop them.
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...)
Description was changed from ========== Merge remote-tracking branch 'origin/master' into wasm_fuzz [wasm] Pulling in new wasm function fuzzer, and wasm module corpus. Pulling in a new v8 fuzzer. Adding a download step for the wasm and wasm->asm.js module fuzzers. BUG=None TEST=None R=kcc@chromium.org,ahaas@chromium.org ========== to ========== [wasm] Pulling in new wasm function fuzzer, and wasm module corpus. Pulling in a new v8 fuzzer. Adding a download step for the wasm and wasm->asm.js module fuzzers. BUG=None TEST=None R=kcc@chromium.org,ahaas@chromium.org ==========
The CQ bit was checked by bradnelson@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Ok, merged.
Description was changed from ========== [wasm] Pulling in new wasm function fuzzer, and wasm module corpus. Pulling in a new v8 fuzzer. Adding a download step for the wasm and wasm->asm.js module fuzzers. BUG=None TEST=None R=kcc@chromium.org,ahaas@chromium.org ========== to ========== [wasm] Pulling in new wasm function fuzzer, and wasm module corpus. Pulling in a new v8 fuzzer. Adding a download step for the wasm and wasm->asm.js module fuzzers. BUG=None TEST=None R=kcc@chromium.org,ahaas@chromium.org,mmoroz@chromium.org ==========
bradnelson@chromium.org changed reviewers: + mmoroz@chromium.org
+mmoroz
LGTM with a question just to clarify that I understood how DEPS work here :) https://codereview.chromium.org/2284393003/diff/20001/testing/libfuzzer/fuzze... File testing/libfuzzer/fuzzers/BUILD.gn (right): https://codereview.chromium.org/2284393003/diff/20001/testing/libfuzzer/fuzze... testing/libfuzzer/fuzzers/BUILD.gn:259: seed_corpus = "//v8/test/fuzzer/wasm/" Just to clarify: I don't see this directory and "wasm_asmjs" in https://cs.chromium.org/chromium/src/v8/test/fuzzer/, but they will be automatically created, right?
bradnelson@google.com changed reviewers: + bradnelson@google.com
I didn't know about your storage bucket when I set up the v8 corpus snapshot. These are each in separate storage buckets (the infra folks use separate buckets with upload/download_to_google_storage). https://pantheon.corp.google.com/storage/browser/v8-wasm-fuzzer/ and https://pantheon.corp.google.com/storage/browser/v8-wasm-asm-fuzzer/ These have the advantage that they're versioned with v8, so that way updates land in v8, then come into chrome + clusterfuzz on a deps roll.
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
The CQ bit was checked by bradnelson@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Message was sent while issue was closed.
Description was changed from ========== [wasm] Pulling in new wasm function fuzzer, and wasm module corpus. Pulling in a new v8 fuzzer. Adding a download step for the wasm and wasm->asm.js module fuzzers. BUG=None TEST=None R=kcc@chromium.org,ahaas@chromium.org,mmoroz@chromium.org ========== to ========== [wasm] Pulling in new wasm function fuzzer, and wasm module corpus. Pulling in a new v8 fuzzer. Adding a download step for the wasm and wasm->asm.js module fuzzers. BUG=None TEST=None R=kcc@chromium.org,ahaas@chromium.org,mmoroz@chromium.org ==========
Message was sent while issue was closed.
Committed patchset #2 (id:20001)
Message was sent while issue was closed.
Description was changed from ========== [wasm] Pulling in new wasm function fuzzer, and wasm module corpus. Pulling in a new v8 fuzzer. Adding a download step for the wasm and wasm->asm.js module fuzzers. BUG=None TEST=None R=kcc@chromium.org,ahaas@chromium.org,mmoroz@chromium.org ========== to ========== [wasm] Pulling in new wasm function fuzzer, and wasm module corpus. Pulling in a new v8 fuzzer. Adding a download step for the wasm and wasm->asm.js module fuzzers. BUG=None TEST=None R=kcc@chromium.org,ahaas@chromium.org,mmoroz@chromium.org Committed: https://crrev.com/20c9a731886d612b4bb33af74b26c9709e531ba2 Cr-Commit-Position: refs/heads/master@{#415340} ==========
Message was sent while issue was closed.
Patchset 2 (id:??) landed as https://crrev.com/20c9a731886d612b4bb33af74b26c9709e531ba2 Cr-Commit-Position: refs/heads/master@{#415340}
Message was sent while issue was closed.
thakis@chromium.org changed reviewers: + thakis@chromium.org
Message was sent while issue was closed.
https://codereview.chromium.org/2284393003/diff/20001/DEPS File DEPS (right): https://codereview.chromium.org/2284393003/diff/20001/DEPS#newcode1005 DEPS:1005: "name": "wasm_fuzzer", Do we really need to pull this on every single checkout? I'd imagine that almost nobody uses this.
Message was sent while issue was closed.
https://codereview.chromium.org/2284393003/diff/20001/DEPS File DEPS (right): https://codereview.chromium.org/2284393003/diff/20001/DEPS#newcode1005 DEPS:1005: "name": "wasm_fuzzer", On 2016/09/09 20:43:10, Nico wrote: > Do we really need to pull this on every single checkout? I'd imagine that almost > nobody uses this. ^ Ping?
Message was sent while issue was closed.
https://codereview.chromium.org/2284393003/diff/20001/DEPS File DEPS (right): https://codereview.chromium.org/2284393003/diff/20001/DEPS#newcode1005 DEPS:1005: "name": "wasm_fuzzer", On 2016/09/15 at 19:40:39, Nico wrote: > On 2016/09/09 20:43:10, Nico wrote: > > Do we really need to pull this on every single checkout? I'd imagine that almost > > nobody uses this. > > ^ Ping? These files are the seed corpus of the v8-wasm-fuzzer which are needed to give clusterfuzz some initial guidance. Since the files are binary we do not want to add them to the repository because they are hard to review and to modify. Downloading these files from google storage was the best solution we could come up with which provides clusterfuzz with a seed corpus and keeps binary files out of the repository.
Message was sent while issue was closed.
On 2016/09/16 08:02:56, ahaas wrote: > https://codereview.chromium.org/2284393003/diff/20001/DEPS > File DEPS (right): > > https://codereview.chromium.org/2284393003/diff/20001/DEPS#newcode1005 > DEPS:1005: "name": "wasm_fuzzer", > On 2016/09/15 at 19:40:39, Nico wrote: > > On 2016/09/09 20:43:10, Nico wrote: > > > Do we really need to pull this on every single checkout? I'd imagine that > almost > > > nobody uses this. > > > > ^ Ping? > > These files are the seed corpus of the v8-wasm-fuzzer which are needed to give > clusterfuzz some initial guidance. Since the files are binary we do not want to > add them to the repository because they are hard to review and to modify. > Downloading these files from google storage was the best solution we could come > up with which provides clusterfuzz with a seed corpus and keeps binary files out > of the repository. Sure, but currently every single dev and every single bot downloads them. That seems overly broad, no?
Message was sent while issue was closed.
Oops, had thought I sent this out earlier. Pinging clusterfuzz folks about what's possible. https://codereview.chromium.org/2284393003/diff/20001/DEPS File DEPS (right): https://codereview.chromium.org/2284393003/diff/20001/DEPS#newcode1005 DEPS:1005: "name": "wasm_fuzzer", On 2016/09/09 20:43:10, Nico wrote: > Do we really need to pull this on every single checkout? I'd imagine that almost > nobody uses this. kcc, mmoroz, does this need to actually be in chrome checkouts for you guys to use it as an updated fuzzer corpus?
Message was sent while issue was closed.
mmoroz@chromium.org changed reviewers: + aizatsky@chromium.org, ochang@chromium.org
Message was sent while issue was closed.
https://codereview.chromium.org/2284393003/diff/20001/DEPS File DEPS (right): https://codereview.chromium.org/2284393003/diff/20001/DEPS#newcode1005 DEPS:1005: "name": "wasm_fuzzer", On 2016/09/16 22:37:55, bradn wrote: > On 2016/09/09 20:43:10, Nico wrote: > > Do we really need to pull this on every single checkout? I'd imagine that > almost > > nobody uses this. > > > kcc, mmoroz, does this need to actually be in chrome checkouts for you guys to > use it as an updated fuzzer corpus? We have an alternative way to provide the corpus (https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/eff...), but using the repo is our preferred way. I agree that requiring everybody with Chromium checkout to execute that is an overhead. Since your corpus is not directly stored in Chromium repo (I mean we don't track changes for the files itself, etc), I believe that we have to use clusterfuzz-corpus GCS bucket. How frequent do you update these files? Should we set up anything special to update them on ClusterFuzz automatically?
Message was sent while issue was closed.
We have a few more changes coming to the format, and then many of these will be the same after that. During the transition keeping the fuzzers up to date is actually rather helpful (as we're trying to stamp out issues). I just learned on Friday that we might be able to merge these inputs. (Will look into that regardless to better understand how diverse these inputs are). For reference, these are a 64k + 30k tgz with 645/171 files. Only the top dozen or so are more than 1k. |
