Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Long-running fuzzing mode to discover bugs #171

Closed
DRMacIver opened this issue Sep 25, 2015 · 9 comments · Fixed by #2371
Closed

Long-running fuzzing mode to discover bugs #171

DRMacIver opened this issue Sep 25, 2015 · 9 comments · Fixed by #2371
Labels
new-feature entirely novel capabilities or strategies

Comments

@DRMacIver
Copy link
Member

Currently Hypothesis is intended for being run as part of a small test suite of reasonably fast tests. This is great and all, but particularly given the coverage based discovery features what you really want is to be able to part Hypothesis on a server somewhere and just have it sitting there 24/7 looking for bugs in your code, then run only the corpus of examples that it built up there every time you do a CI run.
@DRMacIver DRMacIver added this to the Hypothesis 2.0 milestone Sep 25, 2015
@DRMacIver DRMacIver mentioned this issue Sep 25, 2015
Closed
@DRMacIver DRMacIver added the enhancement it's not broken, but we want it to be better label Sep 25, 2015
@Zac-HD Zac-HD removed this from the Hypothesis 2.0 milestone Mar 1, 2018
@Zac-HD Zac-HD mentioned this issue Apr 12, 2018
Merged
5 tasks
@bukzor
Copy link
Contributor

bukzor commented Apr 12, 2018

This is almost exactly my use case. Is there a "next step" that I can contribute, please?

@DRMacIver
Copy link
Member Author

This isn't really a feature I'm up for someone else taking the lead on I'm afraid. It's big, touches on a lot of issues, and is pretty central to my long-term plans for the project.

The only real next step that someone who isn't me can take on for this is finding a way to pay me to work on it it so I can move it up my priority queue, and I'm overcommitted enough right now that even that will have a fairly long lead time.

@Zac-HD Zac-HD assigned DRMacIver and unassigned DRMacIver Apr 12, 2018
@bukzor
Copy link
Contributor

bukzor commented Apr 12, 2018

💔

@DRMacIver
Copy link
Member Author

💔

The suggestion of funding it is a serious offer. If this is really something that you need, Google isn't exactly short on cash...

@bukzor
Copy link
Contributor

bukzor commented Apr 12, 2018

I'm attempting a hypothesis project that would justify such a thing, but I can't before it's successful. Given that I really want such a feature, what should I do?

@Zac-HD Zac-HD modified the milestone: 3.x Jul 23, 2018
@Zac-HD
Copy link
Member

Zac-HD commented Sep 15, 2018

#1567 makes Hypothesis suitable for long (x hours per test) running processes, and the standard database workflow will ensure that discovered bugs can be re-run quickly. There's plenty more to do though!

@Zac-HD Zac-HD added new-feature entirely novel capabilities or strategies and removed enhancement it's not broken, but we want it to be better labels Oct 15, 2018
@Zac-HD
Copy link
Member

Zac-HD commented Dec 16, 2018

There was a short student project at Imperial College to implement a fuzzing mode for Hypothesis. This did not result in production-ready code, but did suggest the following approach:

  1. Always keep running until every known bug has been fully minimised,
    (simplifying the standard life-cycle for consistency across modes)
  2. Have an internal flag to restart the cycle after bugs are fully minimised,
    (i.e. the "keep fuzzing" mode)
  3. Provide some way for test cases from multiple tests to run interleaved or in parallel.
    (so we can fuzz better than 'one test per process')

It's still not the proverbial "simple matter of code", but we at least have some idea what to do.

@Zac-HD Zac-HD changed the title Discovery mode Long-running fuzzing mode to discover bugs Feb 7, 2019
@Zac-HD Zac-HD mentioned this issue Feb 7, 2019
Closed
@Zac-HD Zac-HD mentioned this issue Feb 28, 2019
Closed
@Zac-HD Zac-HD mentioned this issue Jul 24, 2019
Closed
@Zac-HD
Copy link
Member

Zac-HD commented Nov 4, 2019

Before writing our own fuzzing engine, we should start by exposing a way to treat Hypothesis tests as fuzz targets - i.e. a wrapper which takes bytes and invokes the test function once - which can be executed by any engine. This is much easier to support, a better match for the scope of our project, and allows both us and users to experiement with a variety of different approaches and tools.

python-afl would only need a small shim, and pythonfuzz or services like fuzzbuzz wouldn't even need that, so IMO we should keep such an interface even if we do end up developing our own engine.

Post-MVP we'll want to think about e.g whether we need a new Phase (or similar) for this, how it integrates with settings such as timeouts and healthchecks, and especially how the example database should work. Definitely good to get an MVP first though...

@Zac-HD Zac-HD mentioned this issue Mar 13, 2020
Merged
@MaxG87 MaxG87 mentioned this issue Mar 18, 2020
Closed
@Zac-HD
Copy link
Member

Zac-HD commented Jun 26, 2022

See also https://hypofuzz.com/, a designed-for-Hypothesis fuzzing project.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
new-feature entirely novel capabilities or strategies
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add fuzz_one_input attribute Zac-HD/hypothesis
3 participants
@DRMacIver @bukzor @Zac-HD