Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2727123003:
[libfuzzer] proto-based renderer fuzzer draft (Closed)
Description[libfuzzer] proto-based renderer fuzzer draft.
This is a port of tree fuzzer to libprotobuf-mutator library.
BUG=
Review-Url: https://codereview.chromium.org/2727123003
Cr-Original-Commit-Position: refs/heads/master@{#455874}
Committed: https://chromium.googlesource.com/chromium/src/+/a9e5063b0956891685f847bf4cb11bccfbacde30
Review-Url: https://codereview.chromium.org/2727123003
Cr-Commit-Position: refs/heads/master@{#457262}
Committed: https://chromium.googlesource.com/chromium/src/+/8b1a737925cf4f9f7bfc1a442f09b83adb69abec
Patch Set 1 #Patch Set 2 : integrate #Patch Set 3 : merge #
Total comments: 1
Patch Set 4 : integrate #Patch Set 5 : updated deps #
Dependent Patchsets: Messages
Total messages: 35 (20 generated)
vitalybuka@google.com changed reviewers: + vitalybuka@google.com
Try -max_len=150 or more we have simple logic to decide when to conserve space because we close to max_len. 65 is default. It's good enough for binary, but for text format it's too small. Current max_len=65 causes mutator reduce probability of new fields. For attrs.value message and oneof which need to be created. So it happens quite rarely. Please use max_len, and I will find better solution to fix defaults. https://codereview.chromium.org/2727123003/diff/40001/content/test/fuzzer/htm... File content/test/fuzzer/html_tree.proto (right): https://codereview.chromium.org/2727123003/diff/40001/content/test/fuzzer/htm... content/test/fuzzer/html_tree.proto:127: It would be a little more efficient if you skip message Value message Attribute { Name name = 1; oneof value { bool bool_value = 7; uint64 uint_value = 2; int64 int_value = 3; double double_value = 4; int64 px_value = 5; uint32 pct_value = 6; } in your case you have states: 1. message Value is missing 2. message Value exists but none of oneof is set 3. message Value exists and some oneof is set Looks like your "writer" does not distinguish 1 and 2.
The CQ bit was checked by aizatsky@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
No L-G-T-M from a valid reviewer yet. CQ run can only be started by full committers or once the patch has received an L-G-T-M from a full committer. Even if an L-G-T-M may have been provided, it was from a non-committer, _not_ a full super star committer. Committers are members of the group "project-chromium-committers". Note that this has nothing to do with OWNERS files.
Description was changed from ========== [WIP] proto-based renderer fuzzer. This is a port of tree fuzzer to libprotobuf-mutator library. BUG= ========== to ========== [libfuzzer] proto-based renderer fuzzer draft. This is a port of tree fuzzer to libprotobuf-mutator library. BUG= ==========
The CQ bit was checked by aizatsky@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
No L-G-T-M from a valid reviewer yet. CQ run can only be started by full committers or once the patch has received an L-G-T-M from a full committer. Even if an L-G-T-M may have been provided, it was from a non-committer, _not_ a full super star committer. Committers are members of the group "project-chromium-committers". Note that this has nothing to do with OWNERS files.
vitalybuka@chromium.org changed reviewers: + vitalybuka@chromium.org
The CQ bit was checked by vitalybuka@chromium.org
lgtm
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
CQ is committing da patch.
Bot data: {"patchset_id": 80001, "attempt_start_ts": 1489092288822830,
"parent_rev": "c586b0f6aa6ca3b542d35d1331fa19f2e2fff919", "commit_rev":
"a9e5063b0956891685f847bf4cb11bccfbacde30"}
Message was sent while issue was closed.
Description was changed from ========== [libfuzzer] proto-based renderer fuzzer draft. This is a port of tree fuzzer to libprotobuf-mutator library. BUG= ========== to ========== [libfuzzer] proto-based renderer fuzzer draft. This is a port of tree fuzzer to libprotobuf-mutator library. BUG= Review-Url: https://codereview.chromium.org/2727123003 Cr-Commit-Position: refs/heads/master@{#455874} Committed: https://chromium.googlesource.com/chromium/src/+/a9e5063b0956891685f847bf4cb1... ==========
Message was sent while issue was closed.
Committed patchset #5 (id:80001) as https://chromium.googlesource.com/chromium/src/+/a9e5063b0956891685f847bf4cb1...
Message was sent while issue was closed.
A revert of this CL (patchset #5 id:80001) has been created in https://codereview.chromium.org/2741853002/ by msw@chromium.org. The reason for reverting is: https://luci-logdog.appspot.com/v/?s=chromium%2Fbb%2Fchromium%2FWin%2F52705%2... FAILED: obj/content/test/fuzzer/html_tree_proto/html_tree.pb.obj ninja -t msvc -e environment.x86 -- C:\b\c\goma_client/gomacc.exe "C:\b\depot_tools\win_toolchain\vs_files\d3cb0e37bdd120ad0ac4650b674b09e81be45616\VC\bin\amd64_x86/cl.exe" /nologo /showIncludes /FC @obj/content/test/fuzzer/html_tree_proto/html_tree.pb.obj.rsp /c gen/content/test/fuzzer/html_tree.pb.cc /Foobj/content/test/fuzzer/html_tree_proto/html_tree.pb.obj /Fd"obj/content/test/fuzzer/html_tree_proto_cc.pdb" c:\b\c\b\win_archive\src\out\release\gen\content\test\fuzzer\html_tree.pb.cc(171): error C2220: warning treated as error - no 'object' file generated c:\b\c\b\win_archive\src\out\release\gen\content\test\fuzzer\html_tree.pb.cc(171): warning C4125: decimal digit terminates octal escape sequence.
Message was sent while issue was closed.
A revert of this CL (patchset #5 id:80001) has been created in https://codereview.chromium.org/2744673003/ by thakis@chromium.org. The reason for reverting is: doesn't build: https://luci-logdog.appspot.com/v/?s=chromium%2Fbb%2Fchromium%2FWin%2F52705%2... ninja -t msvc -e environment.x86 -- C:\b\c\goma_client/gomacc.exe "C:\b\depot_tools\win_toolchain\vs_files\d3cb0e37bdd120ad0ac4650b674b09e81be45616\VC\bin\amd64_x86/cl.exe" /nologo /showIncludes /FC @obj/content/test/fuzzer/html_tree_proto/html_tree.pb.obj.rsp /c gen/content/test/fuzzer/html_tree.pb.cc /Foobj/content/test/fuzzer/html_tree_proto/html_tree.pb.obj /Fd"obj/content/test/fuzzer/html_tree_proto_cc.pdb" c:\b\c\b\win_archive\src\out\release\gen\content\test\fuzzer\html_tree.pb.cc(171): error C2220: warning treated as error - no 'object' file generated c:\b\c\b\win_archive\src\out\release\gen\content\test\fuzzer\html_tree.pb.cc(171): warning C4125: decimal digit terminates octal escape sequence .
Message was sent while issue was closed.
thakis@chromium.org changed reviewers: + thakis@chromium.org
Message was sent while issue was closed.
whoops msw beat me to it. unchecking commit on my revert.
Message was sent while issue was closed.
aizatsky@google.com changed reviewers: + aizatsky@google.com
Message was sent while issue was closed.
The line in the proto-generated file in question is:
"\001(\0132\004.Tag\"\247\t\n\003Tag\022\027\n\004name\030\001
\001(\0162\t.Tag.Na"
MSVC complains about perfectly reasonable construct: "\0162"
I wonder if we should turn this warning off?
Message was sent while issue was closed.
Description was changed from ========== [libfuzzer] proto-based renderer fuzzer draft. This is a port of tree fuzzer to libprotobuf-mutator library. BUG= Review-Url: https://codereview.chromium.org/2727123003 Cr-Commit-Position: refs/heads/master@{#455874} Committed: https://chromium.googlesource.com/chromium/src/+/a9e5063b0956891685f847bf4cb1... ========== to ========== [libfuzzer] proto-based renderer fuzzer draft. This is a port of tree fuzzer to libprotobuf-mutator library. BUG= Review-Url: https://codereview.chromium.org/2727123003 Cr-Commit-Position: refs/heads/master@{#455874} Committed: https://chromium.googlesource.com/chromium/src/+/a9e5063b0956891685f847bf4cb1... ==========
The CQ bit was checked by vitalybuka@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
The CQ bit was checked by vitalybuka@chromium.org
lgtm Re-landing. Warning suppressed by https://codereview.chromium.org/2746363004/
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
CQ is committing da patch.
Bot data: {"patchset_id": 80001, "attempt_start_ts": 1489620189471450,
"parent_rev": "b8c947f87302378ed25d9fad732d9b77995d01d3", "commit_rev":
"8b1a737925cf4f9f7bfc1a442f09b83adb69abec"}
Message was sent while issue was closed.
Description was changed from ========== [libfuzzer] proto-based renderer fuzzer draft. This is a port of tree fuzzer to libprotobuf-mutator library. BUG= Review-Url: https://codereview.chromium.org/2727123003 Cr-Commit-Position: refs/heads/master@{#455874} Committed: https://chromium.googlesource.com/chromium/src/+/a9e5063b0956891685f847bf4cb1... ========== to ========== [libfuzzer] proto-based renderer fuzzer draft. This is a port of tree fuzzer to libprotobuf-mutator library. BUG= Review-Url: https://codereview.chromium.org/2727123003 Cr-Original-Commit-Position: refs/heads/master@{#455874} Committed: https://chromium.googlesource.com/chromium/src/+/a9e5063b0956891685f847bf4cb1... Review-Url: https://codereview.chromium.org/2727123003 Cr-Commit-Position: refs/heads/master@{#457262} Committed: https://chromium.googlesource.com/chromium/src/+/8b1a737925cf4f9f7bfc1a442f09... ==========
Message was sent while issue was closed.
Committed patchset #5 (id:80001) as https://chromium.googlesource.com/chromium/src/+/8b1a737925cf4f9f7bfc1a442f09... |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
