Add dictionary for v8 regex fuzzer |
|||
Issue descriptionhttps://chromium.googlesource.com/v8/v8.git/+/9f5dca8faa05d70b89ad9b795b0feed1513615aa I see ton of sample regexes in https://cs.chromium.org/chromium/src/v8/test/mjsunit/third_party/regexp-pcre/regexp-pcre.js?q=pcre+regex+file:.js&sq=package:chromium&dr=C&l=1 Can these be converted into a dictionary file and added, it should improve coverage and find new bugs. See https://chromium.googlesource.com/chromium/src/testing/libfuzzer/+/HEAD/efficient_fuzzer.md#Fuzzer-Dictionary
,
Jul 19 2017
,
Jul 19 2017
,
Jul 19 2017
In https://cs.chromium.org/chromium/src/v8/test/fuzzer/regexp/ we already have some sample regexes. Do you suggest adding more?
,
Jul 19 2017
Yes, it has ~1600 regexes whereas the current sample set is just 23. It should improve coverage hopefully.
,
Jul 20 2017
How should the samples be provided? As individual files like currently, or is there some format?
,
Jul 20 2017
There are two opportunities: 1) seed corpus: https://cs.chromium.org/chromium/src/testing/libfuzzer/fuzzers/BUILD.gn?q=regexp_fuzzer&sq=package:chromium&l=255 existing one is quite small: https://cs.chromium.org/chromium/src/v8/test/fuzzer/regexp/ but you can easily make it: seed_corpus = [ "//v8/test/fuzzer/regexp/", "another_dir_with_testcaes", "and so on" ] 2) a dictionary (as Abhishek mentioned in the description) existing one: https://cs.chromium.org/chromium/src/testing/libfuzzer/fuzzers/dicts/regexp.dict?q=regexp.dict&dr documentation on the format: https://chromium.googlesource.com/chromium/src/testing/libfuzzer/+/HEAD/efficient_fuzzer.md#Fuzzer-Dictionary The rule of thumb might be: Put relatively large inputs into seed corpus, use small constructions / expressions in dictionary.
,
Jul 20 2017
Funny. The comment in the dictionary says I made it. I don't even remember. I'll extract regexps from the test and add them as dict. |
|||
►
Sign in to add a comment |
|||
Comment 1 by infe...@chromium.org
, Jul 18 2017Components: Blink>JavaScript