Skip to content

stats: Avoid asserts in fuzz-tests by eliminating arbitrary length limits, using the new MemBlock wrapper for memcpy#8779

Merged
jmarantz merged 50 commits intoenvoyproxy:masterfrom
jmarantz:stats-fuzzer-not-too-long
Dec 20, 2019
Merged

stats: Avoid asserts in fuzz-tests by eliminating arbitrary length limits, using the new MemBlock wrapper for memcpy#8779
jmarantz merged 50 commits intoenvoyproxy:masterfrom
jmarantz:stats-fuzzer-not-too-long

Conversation

@jmarantz
Copy link
Contributor

@jmarantz jmarantz commented Oct 27, 2019
edited
Loading

Description: Stats have a reasonably generous hard limit of 64k bytes per "."-separated segment. However fuzzing is evidently happy to make longer strings, based on the fuzz crash report

This change also has the benefit of further reducing memory use; see gold-file updates in the PR.

Risk Level: low
Testing: just this one fuzz test
Docs Changes: n/a
Release Notes: n/a

@jmarantz
Avoid crashes in fuzz-tests due to input strings being too long.
5d40fc4 
Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz jmarantz requested a review from htuch October 27, 2019 12:37
htuch
htuch reviewed Oct 28, 2019
View reviewed changes
Copy link
Member

@htuch htuch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, curious what enforces the stat name limits.

test/common/stats/symbol_table_fuzz_test.cc Outdated

if (str.size() >= StatNameMaxSize) {
size_t halfway = str.size() / 2;
addSymbol(pool, symbol_table, str.substr(0, halfway));
Copy link
Member

@htuch htuch Oct 28, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need to have this kind of smart logic; if you just cap the string at StatNameMaxSize, the fuzzer will be able to do what is implied in this logic if it is helpful to the exploration.

Copy link
Contributor Author

@jmarantz jmarantz Oct 28, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm changing the symbol-table impl to simply not have this limit, which should simplify fuzzing. It works I think but still not quite ready for review. Will ping again when ready.

Copy link
Contributor Author

@jmarantz jmarantz Dec 18, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is ready for review now.

asraa
asraa reviewed Oct 28, 2019
View reviewed changes
Copy link
Contributor

@asraa asraa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I figured out how to max_len to at least libfuzzer in oss-fuzz, but would it benefit if we only consume up to StatNameMaxSize per symbol?

I will test run the max_len for one @htuch's fuzzers for now, cc you on it and lmk

@jmarantz
Eliminate 64k limit on # of segments in a real symbol-table stat-name…
8f9ab93 
…, or on the length of a fake-symbol table stat-name.

Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz
some cleanup
beb4684 
Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz jmarantz changed the title stats: Avoid asserts in fuzz-tests due to input strings being too long. WiP stats: Avoid asserts in fuzz-tests due to input strings being too long. Oct 28, 2019
@jmarantz
Share helper methods for encoding/decoding symbols and sizes.
d143365 
Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz
cleanup
5ef1a49 
Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz
typo
c425551 
Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz
fix confusing about whether the encoding-length was the number of byt…
f680ccc 
…es or symbols. it's bytes.

Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz
fix over-aggressive inequality for fake symbol tables
9fee9f5 
Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz
don't recompute the number of bytes consumed.
184fbed 
Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz
Merge branch 'master' into stats-fuzzer-not-too-long
6ac3dee 
Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz
remove dynamo-stats test change which is not needed
9c62a9e 
Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz jmarantz changed the title WiP stats: Avoid asserts in fuzz-tests due to input strings being too long. stats: Avoid asserts in fuzz-tests due to input strings being too long. Oct 29, 2019
@jmarantz jmarantz changed the title stats: Avoid asserts in fuzz-tests due to input strings being too long. stats: Avoid asserts in fuzz-tests by eliminating arbitrary length limits Oct 29, 2019
@jmarantz
Copy link
Contributor Author

jmarantz commented Oct 29, 2019

ready for review now

@jmarantz
use totalSizeBytes to simplify some code.
4482ca7 
Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz
Copy link
Contributor Author

jmarantz commented Oct 30, 2019

/azp run envoy-macos

@azure-pipelines
Copy link

azure-pipelines bot commented Oct 30, 2019

Azure Pipelines successfully started running 1 pipeline(s).

htuch
htuch reviewed Oct 30, 2019
View reviewed changes
@jmarantz
Merge branch 'master' into stats-fuzzer-not-too-long
14220bb 
Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz
add MemBlock abstraction to isolate risky memory operations.
4d345d0 
Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz
reduce need to do byte access to the memory buffers.
5b6f0db 
Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz
remove remainder of memcpy and pointer arithmetic outside MemBlock cl…
70ffe33 
…ass.

Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz
format
9f1eae7 
Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz jmarantz changed the title stats: Avoid asserts in fuzz-tests by eliminating arbitrary length limits WiP stats: Avoid asserts in fuzz-tests by eliminating arbitrary length limits Nov 2, 2019
@jmarantz
some cleanup -- still needs more unit tests.
cf33e18 
Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz jmarantz mentioned this pull request Dec 11, 2019
Merged
@jmarantz jmarantz changed the title stats: Avoid asserts in fuzz-tests by eliminating arbitrary length limits, adding a new MemBlock wrapper for memcpy WiP stats: Avoid asserts in fuzz-tests by eliminating arbitrary length limits, adding a new MemBlock wrapper for memcpy Dec 11, 2019
@jmarantz
Merge branch 'master' into stats-fuzzer-not-too-long
006b5c7 
Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz
Merge branch 'master' into stats-fuzzer-not-too-long
aa70e5e 
Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz
post-merge cleanup
9033ac6 
Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz jmarantz changed the title WiP stats: Avoid asserts in fuzz-tests by eliminating arbitrary length limits, adding a new MemBlock wrapper for memcpy stats: Avoid asserts in fuzz-tests by eliminating arbitrary length limits, using the new MemBlock wrapper for memcpy Dec 15, 2019
@jmarantz
more cleanups
d19d722 
Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz
Cleanup lifetime issues in test infrastructure.
ae1da1b 
Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz jmarantz mentioned this pull request Dec 16, 2019
Merged
jmarantz added a commit to jmarantz/envoy that referenced this pull request Dec 16, 2019
@jmarantz
Add test for release(), which was not working (discovered in envoypro…
2445781 
…xy#8779).

Signed-off-by: Joshua Marantz <jmarantz@google.com>
jmarantz added a commit that referenced this pull request Dec 16, 2019
@jmarantz
util: Add test for MemBlockBuilder::release(), which was not working …
a23eff5 
…(discovered in #8779). (#9360)

* Add test for release(), which was not working (discovered in #8779).

Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz
update MemBlockBuilder interface change
bc9871e 
Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz
Merge branch 'master' into stats-fuzzer-not-too-long
ae0b1dd 
Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz
popuplate -> setCacacity
f4ef7c6 
Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz
add direct fuzzing of the encoder.
3edfac7 
Signed-off-by: Joshua Marantz <jmarantz@google.com>
asraa
asraa reviewed Dec 18, 2019
View reviewed changes
@jmarantz
Share testing infrastructure between fuzz-tests and unit-tests.
4f5be6c 
Signed-off-by: Joshua Marantz <jmarantz@google.com>
@jmarantz
Copy link
Contributor Author

jmarantz commented Dec 18, 2019

/retest

@repokitteh-read-only
Copy link

repokitteh-read-only bot commented Dec 18, 2019

🔨 rebuilding ci/circleci: api (failed build)

🐱

Caused by: a #8779 (comment) was created by @jmarantz.

see: more, trace.

asraa
asraa approved these changes Dec 19, 2019
View reviewed changes
Copy link
Contributor

@asraa asraa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This LGTM from the fuzzing / test utility side now

@jmarantz
Copy link
Contributor Author

jmarantz commented Dec 20, 2019

Over to @mattklein123 for senior maintainer review. Thank you!

mattklein123
mattklein123 approved these changes Dec 20, 2019
View reviewed changes
Copy link
Member

@mattklein123 mattklein123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM from a skim.

test/common/stats/stat_test_utility.cc
#endif
}

// TODO(jmarantz): this utility is intended to be costs both for unit tests
Copy link
Member

@mattklein123 mattklein123 Dec 20, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"costs both"? Feel free to fix in a follow up.

Copy link
Contributor Author

@jmarantz jmarantz Dec 20, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Matt, rolling that into #9355

@jmarantz jmarantz merged commit 6eeced6 into envoyproxy:master Dec 20, 2019
@jmarantz jmarantz deleted the stats-fuzzer-not-too-long branch December 20, 2019 18:18
spenceral added a commit to spenceral/envoy that referenced this pull request Dec 20, 2019
@spenceral
Merge branch 'master' into filter-config-dump
ade8dbe 
* master: (167 commits)
  stats: Avoid asserts in fuzz-tests by eliminating arbitrary length limits, using the new MemBlock wrapper for memcpy (envoyproxy#8779)
  Make %UPSTREAM_LOCAL_ADDRESS% access-log format work for HTTP requests. (envoyproxy#9362)
  tools: API boosting support for using decls and enum constants. (envoyproxy#9418)
  Fix incorrect cluster InitializePhase type (envoyproxy#9379)
  build: fix merge race between envoyproxy#9241 and envoyproxy#9413. (envoyproxy#9427)
  fuzz: fix incorrect evaluator test (envoyproxy#9402)
  server: fix bogus startup log message (envoyproxy#9404)
  tools: Add protoxform tests (envoyproxy#9241)
  api: options after import (envoyproxy#9413)
  misc: use std::move instead of constructing a copy (envoyproxy#9415)
  tools: API boosting support for rewriting elaborated types. (envoyproxy#9375)
  docs: fix invalid transport_socket value (envoyproxy#9403)
  fix typo in docs (envoyproxy#9394)
  srds: remove to-de-removed scopes first and then apply additions to avoid scope key conflict. (envoyproxy#9366)
  api: generate whole directory and sync (envoyproxy#9382)
  bazel: Add load statements for proto_library (envoyproxy#9367)
  Fix typo (envoyproxy#9388)
  Correct test of OptionsImpl argc type (Was: Correct type for std::array size() result) (envoyproxy#9290)
  http1 encode trailers in chunk encoding (envoyproxy#8667)
  Add mode to PipeInstance (envoyproxy#8423)
  ...
prakhag1 pushed a commit to prakhag1/envoy that referenced this pull request Jan 3, 2020
@jmarantz @prakhag1
util: Add test for MemBlockBuilder::release(), which was not working …
1f526f1 
…(discovered in envoyproxy#8779). (envoyproxy#9360)

* Add test for release(), which was not working (discovered in envoyproxy#8779).

Signed-off-by: Joshua Marantz <jmarantz@google.com>
Signed-off-by: Prakhar <prakhar_au@yahoo.com>
prakhag1 pushed a commit to prakhag1/envoy that referenced this pull request Jan 3, 2020
@jmarantz @prakhag1
stats: Avoid asserts in fuzz-tests by eliminating arbitrary length li…
e2c383c 
…mits, using the new MemBlock wrapper for memcpy (envoyproxy#8779)

* Avoid crashes in fuzz-tests due to input strings being too long.

Signed-off-by: Joshua Marantz <jmarantz@google.com>
Signed-off-by: Prakhar <prakhar_au@yahoo.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mattklein123 mattklein123 mattklein123 approved these changes

@alyssawilk alyssawilk Awaiting requested review from alyssawilk

@dio dio Awaiting requested review from dio

@lizan lizan Awaiting requested review from lizan

@snowp snowp Awaiting requested review from snowp

@zuercher zuercher Awaiting requested review from zuercher

+3 more reviewers

@dnoe dnoe dnoe left review comments

@htuch htuch htuch left review comments

@asraa asraa asraa approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@asraa asraa

@mattklein123 mattklein123

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@jmarantz @dnoe @asraa @mattklein123 @htuch