Upload fuzz targets into a separate GCS bucket |
|||||
Issue descriptionSince 776875 is done, it seems that we are pretty close to fuzzing ChromeOS specific fuzz targets 24/7. We need to do the following: 1) set up a separate GCS bucket, smth like "chromeos-fuzzing-builds" 2) build and upload fuzz targets (there is at least one to be landed soon: crrev.com/c/703480) to the new GCS bucket. We also need to agree on the URL format. For example, in Chromium we use the following one: gs://chromium-browser-libfuzzer/linux-release-asan/libfuzzer-linux-release-([0-9]+).zip where "([0-9]+)" is the revision number. It's important for detection of regression ranges. 3) set up a job on CF side (I'll do that after steps 1 and 2 are done)
,
Dec 6 2017
Will we eventually integrate with OSS-Fuzz or will we run a google-private cluster separately? Do we have a doc describing the plan? The fuzz tests I added export an archive with LLVMFuzzOneInput defined that is linked from the build on OSS Fuzz.
,
Dec 6 2017
We'll be running that on internal ClusterFuzz. We don't have any dedicated doc, it's basically just the action items listed in the issue description.
,
Dec 7 2017
I've asked the chromeos_infra team about setting up a GCS bucket for this. They say it should be pretty easy, but they have a few questions/requests before this can be done: 1). They'd like to see some kind of design document for this. They especially want to know what support, if any, this project will need from them or from other teams. 2). They want to know what project will own this. 3). They want to know roughly how much data to expect for this bucket. 4). They want to know whether the data will be internal or public. 5). They want to know how long the data int the bucket should be kept. mmoroz@ tentatively suggested that the data will probably be public, given that ChromeOS is open source, and that the archives should probably be around forever, given that they are supposed to contain only fuzz target binaries. So going back to comment #4, I think it would be a very good idea for someone to write a design document that answers these questions.
,
Dec 11 2017
RE: Comment #6 : Is there a plan for someone on the infra or security / test infra team to move this forward and prepare the document? I can think of multiple services in platform2 which would benefit from this support, and leveraging Clusterfuzz will make this easy to add for many services built in platform2. Given the benefits, perhaps it is a good idea to involve a PM to help drive this. Anyone on the cc-list who might be able to suggest an appropriate PM to help out?
,
Dec 11 2017
Ok, I'll write the doc if no one else has started doing that yet :)
,
Dec 14 2017
Here is the doc (should be accessible with @google.com accounts): https://docs.google.com/document/d/1sd1IejWzcbQgF7soVVKlqTMk3HZfvPGR7QYP5T6qBYU/edit?usp=sharing
,
Jan 11 2018
Any updates on this? I know this would be very useful on several platform2 binaries (and CRAS can possibly move to this instead of relying on ossfuzz where the binaries have to be separately created).
,
Jan 12 2018
There will be a meeting next week regarding further steps for ChromeOS fuzzing, let's figure this out as well. Assigning to Jorge for now.
,
Jan 12 2018
I am writing a small doc regarding the necessary infra changes. Will share it next week.
,
Jan 13 2018
Thanks for the updates. Please let me know if there is any grunt work that I can help with. I'm super eager to have this automated for platform2, as there are many obvious users, so I would be happy to help out :)
,
Mar 2 2018
Builds are successfully archived on https://commondatastorage.googleapis.com/chromeos-image-archive/amd64-generic-fuzzer/.*-b([0-9]+).{1}sysroot_virtual_target-os.tar.xz
,
Mar 2 2018
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by mmoroz@chromium.org
, Nov 15 2017