You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After the most recent round of MSan false positives (#11886), perhaps OSS-Fuzz could consider better pre-commit testing? For example:
Before every tooling update, run the fuzzers over the existing corpus, or at least a random sample of them. Collect the new bugs that would be filed and the bugs that would be closed. If there are a lot, someone from OSS-Fuzz should triage them and confirm that this is working as intended and there isn't something gone horribly wrong.
If triaging other projects things is tricky (pretty understandable), OSS-Fuzz could maintain a benchmark project containing fuzzers that are known to surface problems and not surface problems. Those could be used for pre-commit testing. In particular, there should be benchmark fuzzers that break if libc and libc++ are not correctly instrumented in MSan.
Then, just as well-run projects are expected to write regression tests when things break, OSS-Fuzz should add to this benchmark project whenever a false positive slips through.
The text was updated successfully, but these errors were encountered:
After the most recent round of MSan false positives (#11886), perhaps OSS-Fuzz could consider better pre-commit testing? For example:
Before every tooling update, run the fuzzers over the existing corpus, or at least a random sample of them. Collect the new bugs that would be filed and the bugs that would be closed. If there are a lot, someone from OSS-Fuzz should triage them and confirm that this is working as intended and there isn't something gone horribly wrong.
If triaging other projects things is tricky (pretty understandable), OSS-Fuzz could maintain a benchmark project containing fuzzers that are known to surface problems and not surface problems. Those could be used for pre-commit testing. In particular, there should be benchmark fuzzers that break if libc and libc++ are not correctly instrumented in MSan.
Then, just as well-run projects are expected to write regression tests when things break, OSS-Fuzz should add to this benchmark project whenever a false positive slips through.
The text was updated successfully, but these errors were encountered: