fuzzing: Limit the total number of API calls generated #1265
Conversation
To avoid libfuzzer timeouts, limit the total number of API calls we generate in the `api_calls` fuzz target. We were already limiting the number of exported function calls we made, and this extends the limit to all API calls.
| let max_export_calls = 100; | ||
| // Total limit on number of API calls we'll generate. This exists to | ||
| // avoid libFuzzer timeouts. | ||
| let max_calls = 100; | ||
|
|
||
| for _ in 0..input.arbitrary_len::<ApiCall>()? { |
There was a problem hiding this comment.
I'm not too familiar with the Arbitrary trait, but is there perhaps a way that we can hook in here? Is there a way to indicate that we want at most a particular number of API calls?
There was a problem hiding this comment.
We have int_in_range but this draws from the front of the byte string, rather than the end, like lengths do. The mechanism that lengths use to get an integer in a range from the end of the byte string isn't a public API, unfortunately. (Reason lengths should be drawn from the end of the byte string: https://github.com/rust-fuzz/libfuzzer-sys/blob/0c450753/libfuzzer/utils/FuzzedDataProvider.h#L92-L97)
Overall, I don't think it really matters too much, though.
There was a problem hiding this comment.
Filed rust-fuzz/arbitrary#36 for posterity
To avoid libfuzzer timeouts, limit the total number of API calls we generate in
the
api_callsfuzz target. We were already limiting the number of exportedfunction calls we made, and this extends the limit to all API calls.