From dev-return-2515-archive-asf-public=cust-asf.ponee.io@systemml.apache.org Thu Jul 19 10:21:13 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 0AAF4180630 for ; Thu, 19 Jul 2018 10:21:12 +0200 (CEST) Received: (qmail 14426 invoked by uid 500); 19 Jul 2018 08:21:12 -0000 Mailing-List: contact dev-help@systemml.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@systemml.apache.org Delivered-To: mailing list dev@systemml.apache.org Received: (qmail 14414 invoked by uid 99); 19 Jul 2018 08:21:11 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 19 Jul 2018 08:21:11 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 04DAFCA343 for ; Thu, 19 Jul 2018 08:21:11 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.87 X-Spam-Level: * X-Spam-Status: No, score=1.87 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id IZIpDgyK-bmX for ; Thu, 19 Jul 2018 08:21:09 +0000 (UTC) Received: from mail-qt0-f176.google.com (mail-qt0-f176.google.com [209.85.216.176]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id D1D715F3EF for ; Thu, 19 Jul 2018 08:21:08 +0000 (UTC) Received: by mail-qt0-f176.google.com with SMTP id b15-v6so6447940qtp.11 for ; Thu, 19 Jul 2018 01:21:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=c5hkvg4KkRI4kbxX9yra+lLjb6TirKDjuedNlTYPWKI=; b=QlqRb2HTsh179Yy4bZip7XLXInfoI9/Ixlk1UVyC4PnU0arypTVmiFoiiaf6PvBkml QeJuCPyDKSvuDzY93ABHnUdBLiGnyak8e77d7w+nXp1bfwEkhdImK9OQ9c064nDin2JR fUKfjRT7J3Yb3jXqwsQgHpNzdNPF8aKm3eZwvK6a7obfIlxXaw3wAALj1e9bxnlueqzu DA34Iku11S6xNLu59SD8i1hqW79cMuOsZJ3R3SZ1TVgXt3OUOkPnN/gho9ODfEN7L5kv M5Egvn1bQD4ImCOy8UJq4vN1oq45owRSyeeUdylX7lHe4u+OZJREXLC+H//WcEhe8Zts D0yw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=c5hkvg4KkRI4kbxX9yra+lLjb6TirKDjuedNlTYPWKI=; b=bLEkQKV7B93Xh6Y9SzSEt7DqRJX+4W4p02ZcpK0jwRln1rYu3eNLPbeUlDvdK4200I pEXEfrdulU15oeSFrwFMiTILbAFHseKuOysaWjiUeYtwbfdDmsElHdJ/DPiNMgiyegb9 LiMxIF3ezBhm3cn8z8DbOyfkFkYEwTXaZ/CDCGZhUAvZ/QpaMbvq2FvqqZJNv+/BsJxu LJWT4xHEYT4VwM8Vcx5DWsQwRA/ebZadtWvKIk+vYrtLqmuYiwnApBwAddU9a3qTwN4e c5FMNctZO7i5cNe9wg4lOAUfe7RNKWPTIFJiicp5EsRx6dgMFESOlaAF2wSu+oAnB5Hb wEwg== X-Gm-Message-State: AOUpUlGmk/rlSq0rLG3GAIRIVLbMLnMRNuAhHZaOR7/olkl1LPXnmdeY T/RBOLrLmVoCdi5T2uMs5RDitdIL6rzlZ/li8Z3smA== X-Google-Smtp-Source: AAOMgpdluex+XM8CLYqYCOnvUeWSLPzROt8b461XFAHc22gi1DA6J/KGihNpShYQT4+jOa2yxLHNLnANd45+T6/9ArM= X-Received: by 2002:a0c:8261:: with SMTP id h88-v6mr9797187qva.117.1531988461581; Thu, 19 Jul 2018 01:21:01 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:aed:3383:0:0:0:0:0 with HTTP; Thu, 19 Jul 2018 01:20:21 -0700 (PDT) In-Reply-To: References: From: Janardhan Date: Thu, 19 Jul 2018 13:50:21 +0530 Message-ID: Subject: Re: [DISCUSS] Adding SystemML to OSS Fuzz To: dev@systemml.apache.org Content-Type: multipart/alternative; boundary="0000000000000d78ed057155dcdd" --0000000000000d78ed057155dcdd Content-Type: text/plain; charset="UTF-8" Hi Matthias, Resolved the issue. Thank you, Janardhan On Thu, Jul 19, 2018 at 12:55 PM, Matthias Boehm wrote: > Hi Janardhan, > > instead of continuing the discussion on the other thread of > google/oss-fuzz, let us arrive at a project-wide conclusion first. As > I said before, I don't think that creating fuzz tests for our native > kernels is a pressing issue right now because they only receive > internally constructed intermediates. Instead it would be better to > harden our external entry points (read/programmatic APIs) which are > all Java. > > However, I don't want to hold you back. If you're interested in this > project and you're willing to do the work, please come up with a > concrete plan of action items that we can discuss here. If I don't > here back in 3 days, I'll recommend to close the issue at > google/oss-fuzz. > > Regards, > Matthias > > On Mon, May 21, 2018 at 5:29 PM, Matthias Boehm wrote: > > Well, in general this can be interesting. Apart from our default > > testsuite, we occasionally ran static code analysis tools. Having > > additional tests for partially valid scripts and inputs can help to > > find more issues. > > > > That being said, I don't think we currently qualify as a project with > > "significant user base and/or be critical to the global IT > > infrastructure". Also, without Java support these tests would only > > apply to our native and GPU operations, which do not directly deal > > with external inputs. > > > > So Janardhan, which fuzz targets to you have in mind? Looking over the > > existing projects we would have to provide build scripts that > > reference C/C++ entry points for fuzz testing. Although I can see > > applications (e.g., corrupted column indexes in sparse matrices), I'm > > not sure if it's a good idea to perform checks for valid inputs on > > every operation instead of simply hardening the code path for external > > inputs. > > > > Regards, > > Matthias > > > > On Mon, May 21, 2018 at 10:41 AM, Janardhan > wrote: > >> They accepted( google/oss-fuzz ), SystemML project for fuzz testing. > >> > >> PR link: https://github.com/google/oss-fuzz/pull/1429 > >> > >> - Janardhan > >> > >> On Mon, May 21, 2018 at 11:46 AM, Janardhan > wrote: > >> > >>> Hi all, > >>> > >>> ---- > >>> To find various programming errors (mostly detectable such as buffer > >>> overflow), a fuzz testing can be of great help. > >>> > >>> ---- > >>> Merits: > >>> 1. It will easily detects common programming errors, which we might > have > >>> missed or not unit tested. > >>> 2. Improves the quality of our code. > >>> > >>> --- > >>> Demerits: > >>> 1. If a bug is found, it will be made public after 90 + 15 (grace > period) > >>> days. So, we must fix it before three months, if there is bug. > >>> 2. For now only C and C++ are supported, Java will be supported soon. > >>> > >>> Please use this PR for discussion https://github.com/ > >>> google/oss-fuzz/pull/1429 , for adding our project's CPP part for > fuzzing. > >>> > >>> Once you approve, I will try to build a docker image of SystemML and > >>> configure with help. The results of the test will be CC'ed to private > >>> mailing list, only. > >>> > >>> > >>> Thank you, > >>> Janardhan > >>> > --0000000000000d78ed057155dcdd--