Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update fuzzer and integrate with OneFuzz #4135

Merged
merged 30 commits into from
Feb 13, 2024
Merged

Update fuzzer and integrate with OneFuzz #4135

merged 30 commits into from
Feb 13, 2024

Conversation

ryfu-msft
Copy link
Contributor

@ryfu-msft ryfu-msft commented Feb 2, 2024
edited
Loading

Updates the WinGetYamlFuzzer so that it builds successfully for only the fuzzing configuration and x64 or x86 platforms.

Building a libfuzzer with MSVC is now supported so I removed everything related to creating our own libfuzzer.

I started by removing the WINGET_DISABLE_FOR_FUZZING macro and trying to get the project to build successfully, since a lot has changed since this was last implemented and things are a lot more complex now. I worked backwards by removing references that were not needed and building with the the required ASan and SanCov compiler options.

Microsoft Reviewers: Open in CodeFlow

@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@ryfu-msft
Copy link
Contributor Author

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@microsoft microsoft deleted a comment from github-actions bot Feb 7, 2024
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@ryfu-msft ryfu-msft marked this pull request as ready for review February 7, 2024 18:37
@ryfu-msft ryfu-msft requested a review from a team as a code owner February 7, 2024 18:37
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
ryfu-msft
ryfu-msft commented Feb 7, 2024
View reviewed changes
azure-pipelines.yml Outdated
- job: 'Fuzzing'
timeoutInMinutes: 60
dependsOn: 'GetReleaseTag'
condition: always()
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel strongly that this condition should be changed so that the fuzzing job only runs for the master branch. I don't think we should overload the onefuzz task by submitting artifacts for every PR build as the task doesn't immediately give us any information about fuzzing bugs. Those are autogenerated by the onefuzz service and sent as an ADO notification. It would be less noisy if it only ran for a master branch commit because that is actual code that is checked in and not being worked on.

If there are no objections, I will change this after this PR is reviewed and approved so that we can see it run to completion.

Copy link
Contributor

@yao-msft yao-msft Feb 7, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, if "the task doesn't immediately give us any information about fuzzing bugs", then we should consider running it only on ci builds

yao-msft
yao-msft reviewed Feb 7, 2024
View reviewed changes
azure-pipelines.yml Outdated Show resolved Hide resolved
azure-pipelines.yml Show resolved Hide resolved
src/WinGetYamlFuzzing/OneFuzzConfig.json Outdated Show resolved Hide resolved
src/WinGetYamlFuzzing/OneFuzzConfig.json Outdated Show resolved Hide resolved
src/WinGetYamlFuzzing/OneFuzzConfig.json Outdated Show resolved Hide resolved
src/WinGetYamlFuzzing/OneFuzzConfig.json
"AdoTemplate": {
"Org": "ms",
"Project": "winget-cli",
"AssignedTo": "[email protected]",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Is this required field? Unless you are responsible for triaging all fuzzing related bugs?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes this is required, and I'll volunteer myself to help with triaging :)

@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@microsoft microsoft deleted a comment from github-actions bot Feb 9, 2024
@ryfu-msft ryfu-msft requested a review from yao-msft February 9, 2024 18:49
yao-msft
yao-msft previously approved these changes Feb 13, 2024
View reviewed changes
src/WinGetYamlFuzzing/WinGetYamlFuzzing.vcxproj Outdated Show resolved Hide resolved
@ryfu-msft ryfu-msft merged commit be14d83 into microsoft:master Feb 13, 2024
8 checks passed
@ryfu-msft ryfu-msft deleted the retryFuzzing branch February 13, 2024 02:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JohnMcPMS JohnMcPMS JohnMcPMS left review comments

@yao-msft yao-msft yao-msft approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ryfu-msft @JohnMcPMS @yao-msft