KEMBAR78
fuzz them all by oetr · Pull Request #954 · CodeIntelligenceTesting/jazzer · GitHub
Skip to content

fuzz them all #954

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Sep 25, 2025
Merged

fuzz them all #954

merged 5 commits into from
Sep 25, 2025

Conversation

@oetr
Copy link
Contributor

@oetr oetr commented Sep 22, 2025
edited
Loading

This new self-fuzz-test uncovered many problems with the mutation framework for cases where users fuzz for a while before changing the fuzz test signature and then continue fuzzing. This might (and often times will) result in corpus inputs that Jazzer's mutation framework was not designed to deal with. Most bugs come from the protobuf mutators that have no default max container size.

This PR includes a fix for a null pointer exception in the map mutator that happened when detaching keys that mapped to null.

All bugs that currently happen in the protobuf mutator are commented out and will be addressed in the future.

@oetr
fix: null pointer exception when detaching maps containing X->null
55973e5 
Java's toMap and further down uniqKeysMapAccumulator require non-null values.
@oetr oetr force-pushed the CIF-1799-fuzz-them-all branch 9 times, most recently from 1c193b8 to ed63cd4 Compare September 22, 2025 15:25
@oetr @simonresch
test: self-fuzz the mutation framework
7a9acc1 
This new self-fuzz-test uncovered many problems with the mutation framework
for cases where users fuzz for a while before changing the fuzz test
signature and then continue fuzzing.
This might (and often times will) result in corpus inputs that
Jazzer's mutation framework was not designed to deal with.
Most bugs come from the protobuf mutators that has no default max
container size.

Co-authored-by: Simon Resch <simon.resch@code-intelligence.com>
@oetr oetr force-pushed the CIF-1799-fuzz-them-all branch 2 times, most recently from 314f9f2 to 028b574 Compare September 23, 2025 08:46
@oetr @simonresch
chore: use fuzz test corpus in regression mode
2d6067e 
Co-authored-by: Simon Resch <simon.resch@code-intelligence.com>
@oetr oetr force-pushed the CIF-1799-fuzz-them-all branch 3 times, most recently from 23f7559 to f9080ff Compare September 23, 2025 10:44
@oetr oetr force-pushed the CIF-1799-fuzz-them-all branch from f9080ff to 0fb7f52 Compare September 23, 2025 10:47
@oetr oetr requested review from a team and Copilot September 23, 2025 10:54
Copilot
Copilot AI reviewed Sep 23, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces a comprehensive self-fuzzing test framework to test Jazzer's mutation framework and fixes a critical bug in the map mutator. The self-fuzzing test uncovered several issues with the protobuf mutators and mutation framework when handling corpus inputs from different fuzz test signatures.

  • Adds a new self-fuzz test that systematically tests all mutation functionality
  • Fixes a null pointer exception in MapMutatorFactory's detach method
  • Updates visibility rules to enable the self-fuzzing framework

Reviewed Changes

Copilot reviewed 14 out of 14 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
src/main/java/com/code_intelligence/jazzer/mutation/mutator/collection/MapMutatorFactory.java Fixes NPE by replacing stream-based detach with manual iteration that handles null values
selffuzz/src/test/java/com/code_intelligence/selffuzz/mutation/ArgumentsMutatorFuzzTest.java Main self-fuzzing test that exercises mutation framework with various data types
selffuzz/src/test/java/com/code_intelligence/selffuzz/mutation/*.java Helper classes for testing bean mutation patterns
src/test/java/com/code_intelligence/jazzer/mutation/mutator/proto/BUILD.bazel Updates visibility to allow selffuzz access to proto libraries
.github/workflows/*.yml Adds fuzzing workflow and corpus caching for CI

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

simonresch
simonresch reviewed Sep 25, 2025
View reviewed changes
@oetr oetr force-pushed the CIF-1799-fuzz-them-all branch from 0fb7f52 to da265ca Compare September 25, 2025 07:56
@simonresch simonresch self-requested a review September 25, 2025 08:42
simonresch
simonresch approved these changes Sep 25, 2025
View reviewed changes
Copy link
Contributor

@simonresch simonresch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! Really useful test.

@simonresch simonresch merged commit 745778a into main Sep 25, 2025
8 checks passed
@simonresch simonresch deleted the CIF-1799-fuzz-them-all branch September 25, 2025 08:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@simonresch simonresch simonresch approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@oetr @simonresch