8a9c19e3eb
* parent6e7016ccdaauthor Ilya Churaev <ilya.churaev@intel.com> 1664281499 +0400 committer Ilya Churaev <ilya.churaev@intel.com> 1664510018 +0400 Fixed warnings on local machine * Added CMAKE_COMPILE_WARNING_AS_ERROR usage * Fixed style * Fixed merge conflicts * Fixed typo * Fixed myriad build for macOS * Fixed warning * Fixed tests * Disabled incorrect test * Try to fix linux tests * Revert "Try to fix linux tests" This reverts commit29224c93ff. * Fixed tests * Revert logic with incorrect cast * Fixed log softmax * Disable warning as error for cuda * Try to fix inference_engine_s * Fixed cmake * Revert "Fixed cmake" This reverts commit87e9e4e674. * Revert "Try to fix inference_engine_s" This reverts commita1adca8b05. * WA for static symbols in inference_engine_s test library * Fixed code style * Fixed static definition for master * Revert "Fixed static definition for master" This reverts commit20d00d215a. * Revert "Fixed code style" This reverts commit0eb2362543. * Revert "WA for static symbols in inference_engine_s test library" This reverts commit75ef86a79d. * Fixed linker issue for Windows * Disable WaE by default * Disable warning as error in the developer package * Try to fix dev package * Try to fix Windows Jenkins * Revert old behavior for tread_warn_as_err variable
Fuzzing Test Suite
This test suite contains fuzzing tests for libFuzzer fuzzing engine.
Getting Started
Each fuzzing test is an executable. It can run fuzzing to search for new failures and save reproducer in a file. You can later run a fuzzing test with a reproducer to debug a failure found.
Pre-requisites
There are no special pre-requisites to reproduce and debug failures.
To run fuzzing you will need LLVM components:
- Clang and co.
- libFuzzer
- lld (linker)
- libc++
Building fuzz tests
- Build openvino
Build openvino with options ENABLE_FUZZING and ENABLE_SANITIZER enabled. It
is recommended to use clang compiler.
(\
mkdir -p build && cd build && \
CC=clang CXX=clang++ cmake .. -DENABLE_FUZZING=ON -DENABLE_SANITIZER=ON && \
cmake --build . \
)
- Build fuzz tests
Build fuzz tests with options ENABLE_FUZZING and ENABLE_SANITIZER enabled.
You should use the same compiler as was used for the openvino build.
(\
mkdir -p tests/fuzz/build && cd tests/fuzz/build && \
CC=clang CXX=clang++ cmake .. -DENABLE_FUZZING=ON -DENABLE_SANITIZER=ON -DOpenVINO_DIR=$(pwd)/../../../build && \
cmake --build . \
)
Running fuzz tests
- Prepare fuzzing corpus
Fuzzing engine needs a set of valid inputs to start fuzzing from. Those files are called a fuzzing corpus. Place valid inputs for the fuzzing test into directory.
Intel employees can get the corpus as described here https://wiki.ith.intel.com/x/2N42bg.
- Run fuzzing
./read_network-fuzzer -max_total_time=600 ./read_network-corpus
Consider adding those useful command line options:
-jobs=$(nproc)runs multiple fuzzing jobs in parallel. Note: configuring code coverage profiling with environment variableLLVM_PROFILE_FILE=deafult-%p.profrawis required.-rss_limit_mb=0to ignore out-of-memory issues.
Analyzing fuzzing quality
Explore code coverage
To build coverage report after fuzz test execution run:
llvm-profdata merge -sparse *.profraw -o default.profdata && \
llvm-cov show ./read_network-fuzzer -object=lib/libopenvino.so -instr-profile=default.profdata -format=html -output-dir=read_network-coverage
Reproducing findings
Fuzzing run halts on the first issue identified, prints issue details to stdout and save data to reproduce the issue as a file in the current folder. To debug the issue pass reproducer as command line argument to fuzz test
./read_network-fuzzer crash-409b5eeed46a8445b7f7b7a2ce5b60a9ad895e3b
It is recommended but not required to use binaries built for fuzzing to debug the issues. A binaries built without ENABLE_FUZZING options can also be used to reproduce and debug the issues.