Google's OSS-Fuzz - Could it be of use?

Not sure how i compares to Coverity, etc.


They are restricting it to projects with a large user base or essential to the computing infrastructure. They admit that is a vague and somewhat arbitrary definition, but I’m not sure we qualify, still.

Anyway, this is about fuzzing, which is not the same as coverity at all. Coverity just scans the sourcecode and statically analyzes it to identify possible bugs. Fuzzing is the process of feeding random data to a program and trying to find new ways of crashing it. This works well for command line programs and libraries. For example, a PNG decoder can crash in many ways if you feed it with invalid data.

In the case of Haiku, we could do some fuzzing at several entry points:

  • Calling BeAPI functions with all kind of random parameters, but this will probably crash “expectedly” (it is part of our API design to crash in some obvious invalid calls, including calling debugger() with an explicit error message).
  • And more interesting, calling syscalls with random parameters, and making sure that whatever you do, there is no way to KDL.

Some options we may try to port to Haiku:

1 Like