New fuzzing platform #1457
New fuzzing platform #1457
Conversation
Markoutte
requested review from
denis-fokin,
SBOne-Kenobi,
tamarinvs19,
Vassiliy-Kudryashov,
volivan239 and
amandelpie
utbot-fuzzers/src/main/kotlin/org/utbot/fuzzing/providers/Objects.kt
Outdated
Show resolved
Hide resolved
| ) | ||
| } | ||
|
|
||
| private fun shouldPass(type: ClassId): Boolean { |
There was a problem hiding this comment.
What "should pass" means in this context?
There was a problem hiding this comment.
Changed to isIgnored(type: ClassId)
| val getter: Method? | ||
| ) | ||
|
|
||
| internal fun findSuitableFields(classId: ClassId, packageName: String?): List<FieldDescription> { |
There was a problem hiding this comment.
I would add a piece of documentation here. Suitable for what?
There was a problem hiding this comment.
Changed to findAccessibleModifableFields(...)
Markoutte
force-pushed
the
pelevin/fuzzing_platform
branch
from
6e39690 to
97d8336
Compare
| * @param description contains user-defined information about current run. Can be used as a state of the run. | ||
| * @param values current values to run. | ||
| */ | ||
| suspend fun run(description: DESCRIPTION, values: List<RESULT>): FEEDBACK |
There was a problem hiding this comment.
Please, find a better naming for the method. 'Run' makes me think that the method is supposed to be called only ones. I would suggest something like: 'hanlde', 'valueUdated' or something similar
| builder = PassRoutine("Main Routine"), | ||
| state = State(1, typeCache), | ||
| ) | ||
| val dynamicallyGenerated = mutableListOf<Node<T, R>>() |
There was a problem hiding this comment.
As I understand you use it as a queue, can you replace it with any instance of queue such as LinkedList or Deque.
| fun String.findMaxSubstring(s: String) : Int { | ||
| if (s.isEmpty()) return -1 | ||
| for (i in s.indices) { | ||
| if (s[i] != this[i]) return i - 1 | ||
| } | ||
| return s.length | ||
| } |
There was a problem hiding this comment.
I think the name is misleading, because the function looks like a strange variation of CharSequence.commonPrefixWith()
Also, it may throw StringIndexOutOfBoundsException if this is a strict prefix of s. If this is intentional, please, add a comment describing how fuzzing handle exceptions in this example.
| /** | ||
| * Probability of creating shifted array values instead of generating new values for modification. | ||
| */ | ||
| var probCollectionMutationInsteadCreateNew: Int = 50, |
There was a problem hiding this comment.
Here and below: imo, if probability is not in [0, 1] it is worth mentioning that it is in percents
| fun main() { | ||
| val endian = Endian.BE | ||
| println(255.toUByte().toBinaryString(endian)) | ||
| println(2.toBinaryString(endian)) | ||
| println(BitVectorValue.fromInt(2).toBinaryString(endian)) | ||
| print(8.75f.toBinaryString(endian)) | ||
| print(8.75.toBinaryString(endian)) | ||
| } |
There was a problem hiding this comment.
I think this should be either moved to tests or deleted. Same for IEEE754Value.kt
| TrieBasedFuzzerStatistics(coveredInstructionValues), methodUnderTestDescription, *defaultModelMutators().toTypedArray() | ||
| ) | ||
| fuzzedValues.forEach { values -> | ||
| val names = graph.body.method.tags.filterIsInstance<ParamNamesTag>().firstOrNull()?.names ?: emptyList() |
There was a problem hiding this comment.
This names initialization looks weird. Can't we just use methodUnderTest.parameters.map { it.name } here? If not, please, add comment reasoning such an initialization
Markoutte
force-pushed
the
pelevin/fuzzing_platform
branch
from
b70b8af to
f759f20
Compare
Description
Adds new fuzzing platform that simplifies developing fuzzing for new languages. Old implementation is still in codebase but will be deprecated and removed soon. Only base Java implementation migrated to the new fuzzing platform at the moment.
Please, see Fuzzing Platform Design doc for understanding of basic concepts. In nutshell now any work with fuzzing requires some 'seeds' or 'tasks' which can be 4 types:
There are some demos that clarify these concepts.
This platform is fully implemented for Java and plugin can be tested with these samples.
Fixes #1448
Also note, that after short discussion this implementation doesn't use mocks because it looks wrong concepts in terms of fuzzing. Fuzzing doesn't analyze the code therefore it cannot supply correct mock calls for tests. Therefore #747 is discontinued starting this PR.
Type of Change
How Has This Been Tested?
Regression and integration tests
Test samples for manual testing were added. Integration test for fuzzing is being under developing.
Automated Testing
All tests from the
utbot-fuzzerandutbot-fuzzingmodules must pass.Manual Scenario
Samples for manual scenario.
Checklist: