Coverage-guided fuzz test crash reproduction binaries
Problem to solve
Users get a lot of value from fuzz testing when we find inputs that can crash their application. However, they have difficulty figuring out how to take the crashing inputs and pass them to their apps for debugging.
Generally, they will take two approaches:
- Write an additional test harness binary, which isolates just their function under test that can take an input file from the command line. This works but is a lot of extra steps for users.
- Run their full app and pass the input to the app manually. This also works but is time-consuming depending on how involved starting and running the app are.
Intended users
User experience goal
Provide these along with the artifacts of a fuzz test job.
Proposal
By building a fuzz harness, a user has already done the work to isolate a function under test and provide it inputs that can crash it. As part of building fuzz testing artifacts, build a standalone version of the fuzz harness that can be run directly without the fuzz engine. Allow users to pass an input file (which will usually be the crashing input found by the fuzz engine) so they can quickly reproduce a crash and debug it.
Further details
The current fuzz harness a user writes has a function that exercises whatever they want to test. Include a main()
(or language equivalent) function which can take a single input file and run it through the fuzz harness. Build the binary in debug mode so that debugging symbols are available.
Documentation
Availability & Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Is this a cross-stage feature?
No
Links / references
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.