Opened 3 years ago

Last modified 2 years ago

#24265 new enhancement

Fuzz all rust functions that are used by authorities to make sure they match C

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: Rust, protover, fuzz, 034-triage-20180328, 034-removed-20180328
Cc: chelseakomlo, isis Actual Points:
Parent ID: Points: 3
Reviewer: Sponsor:

Description (last modified by teor)

We could break consensus if some authorities are running the rust version of the code, and some are running the C version of the code, and their outputs differ on any input.

This is like #24029, but with arbitrary inputs that may or may not be UTF-8.

Child Tickets

#24029defectclosedchelseakomloTest all rust functions' behavior when called from C with bad UTF8
#26265enhancementneeds_revisionA proposal and demo for a fuzzing system that works with Rust through C code
#27229tasknewCreate fuzzing harness to compare C/Rust Functionality

Change History (11)

comment:1 Changed 3 years ago by teor

Description: modified (diff)

comment:2 Changed 3 years ago by nickm

Milestone: Tor: 0.3.2.x-finalTor: 0.3.3.x-final

comment:3 Changed 3 years ago by chelseakomlo

Cc: chelseakomlo added

comment:4 Changed 3 years ago by nickm

Milestone: Tor: 0.3.3.x-finalTor: 0.3.4.x-final
Type: defectenhancement

Label a bunch of (arguable and definite) enhancements as enhancements for 0.3.4.

comment:5 Changed 3 years ago by teor

We'll need to fix all the child tickets before we can fuzz, because they will cause hangs or crashes under fuzzing.

comment:6 Changed 3 years ago by isis

Cc: isis added

comment:7 Changed 3 years ago by nickm

Keywords: 034-triage-20180328 added

comment:8 Changed 3 years ago by nickm

Keywords: 034-removed-20180328 added

Per our triage process, these tickets are pending removal from 0.3.4.

comment:9 Changed 3 years ago by nickm

Milestone: Tor: 0.3.4.x-finalTor: unspecified

These tickets, tagged with 034-removed-*, are no longer in-scope for 0.3.4. We can reconsider any of them, if time permits.

comment:10 Changed 2 years ago by chelseakomlo

I'm going to add more description about what we think the outcome of this ticket should be, so it can be easily picked up. Please update/add more info if this isn't exactly what we need.

1) This implementation should be fairly lightweight, as we don't want a lot of dual implementations between Rust/C in the future, this is largely to support existing code and where we only critically need it in the future.

2) This should be added to existing C fuzzing tests in /src/test/fuzz.

3) This should use existing fuzzing infrastructure in Tor (see doc/HACKING/, but should compare outputs between the C and Rust implementation. This would mean we would need some mechanism to generate both implementations (build tor with rust enabled and not enabled) and then push arbitrary input into functions defined in both and then compare the output.

comment:11 Changed 2 years ago by teor

This ticket requires linking to be fixed, like #25386.

Note: See TracTickets for help on using tickets.