Files

Ilya Lavrenov a952540edf Openvino cmake config (#7419 )

* Added OpenVINOConfig.cmake

* OpenVINOConfig.cmake part 2

* Trying to fix cmake generation

* Fixes

* Export frontends as well

* Fixed condition

* Added OpenVINO cmake package usage: docs, C samples

* Use more OpenVINO config

* Install OpenVINOConfig.cmake

* Trying to fix private plugins

* Trying to fix .tox

* Trying to fix ARM

* Fixed samples build

* Explicit ngraph duplicated targets

* Fixed fuzzing tests build

* Added IR frontend installation

* Removed install directory for IE reader

* Removed IR frontend from export list

* Reverted ngraph_DIR

* Try to fix .tox

* Fixed ieFuncTests with ONNX extensions

* Attempt #2

* Trying to fix ngraph setup.py

* Fix

* Trying to fix ONNX ngraph .tox CI

* Trying to remove spaces

* Fixed ngraph_DIR -> OpenVINO_DIR

* Removed junk files

* Try to fix ngraph wheel

* Try to fix ie_wheel

* Try to fix ngraph wheel

2021-09-10 15:31:27 +03:00

fuzz-testhelper

pdpd Place: remaining methods, refactoring, unit tests (#6637 )

2021-07-23 15:22:05 +03:00

scripts

pdpd Place: remaining methods, refactoring, unit tests (#6637 )

2021-07-23 15:22:05 +03:00

src

Openvino cmake config (#7419 )

2021-09-10 15:31:27 +03:00

CMakeLists.txt

Openvino cmake config (#7419 )

2021-09-10 15:31:27 +03:00

README.md

Add cnpy fuzz test and fix issues (#6109 )

2021-06-14 17:00:49 +03:00

README.md

Fuzzing Test Suite

This test suite contains fuzzing tests for libFuzzer fuzzing engine.

Getting Started

Each fuzzing test is an executable. It can run fuzzing to search for new failures and save reproducer in a file. You can later run a fuzzing test with a reproducer to debug a failure found.

Pre-requisites

There are no special pre-requisites to reproduce and debug failures.

To run fuzzing you will need LLVM components:

Clang and co.
libFuzzer
lld (linker)
libc++

Building fuzz tests

Build openvino

Build openvino with options ENABLE_FUZZING and ENABLE_SANITIZER enabled. It is recommended to use clang compiler.

(\
mkdir -p build && cd build && \
CC=clang CXX=clang++ cmake .. -DENABLE_FUZZING=ON -DENABLE_SANITIZER=ON -DTREAT_WARNING_AS_ERROR=OFF && \
cmake --build . \
)

Build fuzz tests

Build fuzz tests with options ENABLE_FUZZING and ENABLE_SANITIZER enabled. You should use the same compiler as was used for the openvino build.

(\
mkdir -p tests/fuzz/build && cd tests/fuzz/build && \
CC=clang CXX=clang++ cmake .. -DENABLE_FUZZING=ON -DENABLE_SANITIZER=ON -DTREAT_WARNING_AS_ERROR=OFF -DInferenceEngine_DIR=$(pwd)/../../../build && \
cmake --build . \
)

Running fuzz tests

Prepare fuzzing corpus

Fuzzing engine needs a set of valid inputs to start fuzzing from. Those files are called a fuzzing corpus. Place valid inputs for the fuzzing test into directory.

Intel employees can get the corpus as described here https://wiki.ith.intel.com/x/2N42bg.

Run fuzzing

./read_network-fuzzer -max_total_time=600 ./read_network-corpus

Consider adding those useful command line options:

-jobs=$(nproc) runs multiple fuzzing jobs in parallel.
-rss_limit_mb=0 to ignore out-of-memory issues.

Analyzing fuzzing quality

Explore code coverage

To build coverage report after fuzz test execution run:

llvm-profdata merge -sparse *.profraw -o default.profdata && \
llvm-cov show ./read_network-fuzzer -instr-profile=default.profdata -format=html -output-dir=read_network-coverage

Reproducing findings

Fuzzing run halts on the first issue identified, prints issue details to stdout and save data to reproduce the issue as a file in the current folder. To debug the issue pass reproducer as command line argument to fuzz test

./read_network-fuzzer crash-409b5eeed46a8445b7f7b7a2ce5b60a9ad895e3b

It is recommended but not required to use binaries built for fuzzing to debug the issues. A binaries built without ENABLE_FUZZING options can also be used to reproduce and debug the issues.