Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:125966
X-Original-To: internals@lists.php.net
Delivered-To: internals@lists.php.net
Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5])
	by qa.php.net (Postfix) with ESMTPS id B429F1A00BD
	for <internals@lists.php.net>; Fri, 15 Nov 2024 18:33:51 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail;
	t=1731695788; bh=z+K140h2ivzJOytrB2rbMpRjJHwfWV10rRJgJsloyIA=;
	h=Date:Subject:To:References:From:In-Reply-To:From;
	b=ScaTVwVOu60cGxzTNzNNHsSn1IyScew/wpdkZwLQy8JG0ojjOmi7/21jr0IVTDO+s
	 5vBTKMcSR0YF9VN20SvYcJOpOa3mOmFDLSZOPngLGD7TGhh2wfFLqr8ZF1IyvfuOcv
	 42p58DDkE45TV4EI79vQ6nNq3aBWWPiMdHPAM3YtHo5IHetFfJlNaTZyVyoBf8SnlU
	 5pc9zen6wmzY5NqOldgvcmqlkFL97dz79JP45M6DIkGYPJG1LwsuXvZO9MQPh9yazR
	 W69fEMU5zxQXhZqkBkY2DHARAUfkCLnNS19PV6tcQbQFpF6sZRH6jKdFWxpem7LuI7
	 6kt18K/PKxlzA==
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id B5CF8180056
	for <internals@lists.php.net>; Fri, 15 Nov 2024 18:36:27 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_50,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,FREEMAIL_FROM,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,
	RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=no
	autolearn_force=no version=4.0.0
X-Spam-Virus: No
X-Envelope-From: <dossche.niels@gmail.com>
Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com [209.85.221.48])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Fri, 15 Nov 2024 18:36:27 +0000 (UTC)
Received: by mail-wr1-f48.google.com with SMTP id ffacd0b85a97d-382325b0508so103787f8f.3
        for <internals@lists.php.net>; Fri, 15 Nov 2024 10:33:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1731695629; x=1732300429; darn=lists.php.net;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:to:subject:user-agent:mime-version:date:message-id:from
         :to:cc:subject:date:message-id:reply-to;
        bh=Mu170NJkuKooBVvwR5RwF0Q62YY0fCtrTDrQfLsYQkU=;
        b=exlFvj0TiXSI5J+d4jggU1lsnLnnpguWw1dpYu3RHL0N7lpMqO2v+T+yVfz0eGL/K8
         8wbfeupwfjxGXb6yxoV796VbRrY0tDYnXe/ITE3CS43W/CehsvmzD9Xr/g1VLdFF+JWk
         1d7ESIJJ0nDEGwIo2e3i5b59Y/AP081T7Otr52MmQAN0a51u05NJ4/k8Y3f1zBNplqBS
         oTJSz6QVV3fsHvnRbalHQuD5/Dmg+RjVhLQI0TV8W9CI1ShDJxjeaM2D17i8Qm9oy9k7
         M/FN0q0HZXKgL+7AIjr7sCCmncMjjRkuFCH9KMreunkQNa716kslZM7pPiWJvlj7TRsI
         CH2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1731695629; x=1732300429;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:to:subject:user-agent:mime-version:date:message-id
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=Mu170NJkuKooBVvwR5RwF0Q62YY0fCtrTDrQfLsYQkU=;
        b=SQBtEhULRvGcjN8ED9U7yl866wFf0TaSijK4RWKAyQMM16ow/MU1Zuf8Bly3OddaAB
         FWj8rnAnqDZreJhLJ21+Kb07af0TuayeK6+icOuHCTZRcpG3i951u1M37u2JeZRqqfCK
         9H9MG3Ja4gOTQBesEN4F31S3PQ++mArc+2xFh3n1AvfrYsIaDhNrPWCrR9ZAeXBq7Db5
         K00KdlqODaBnfYHEBuMRGzIFSRladrLtl0LoY+ZKaQIdeg6VDC3EuYmLHDc6qJ7jvtO+
         NPN3R7vPwm18mefL0kCA4JjlGY2m832x5HYVssLzYCY/a4KcXzjUBc9oFKzJ8DMLc6yz
         OQJQ==
X-Gm-Message-State: AOJu0YxDUBmEwloSCfmfHJNfMyBwUUjNCoZjOpV2XLBKJrtrEzvKkJeJ
	OqtKmgQDcx30cpbgUMOk7WM98sNgwoiXl9prejDU1SZiV033s0L9LBUH0g==
X-Google-Smtp-Source: AGHT+IFFTGTqU0sWsjdqtmFcyW1HoufuLr4REWFRSxicyQVsB7TkY7flAmyqbFp3FBrSgP1oMkK7tw==
X-Received: by 2002:a5d:6488:0:b0:382:1e06:fb0 with SMTP id ffacd0b85a97d-38225aa63a2mr3135569f8f.56.1731695628993;
        Fri, 15 Nov 2024 10:33:48 -0800 (PST)
Received: from ?IPV6:2a02:1811:cd2f:3500:e093:fcad:4f6:e542? (ptr-du5vm7f5ekzptmf0fgi.18120a2.ip6.access.telenet.be. [2a02:1811:cd2f:3500:e093:fcad:4f6:e542])
        by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3821ada2e35sm5083236f8f.5.2024.11.15.10.33.48
        for <internals@lists.php.net>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Fri, 15 Nov 2024 10:33:48 -0800 (PST)
Message-ID: <00831f49-ae36-4c4e-a60e-94a28333bc98@gmail.com>
Date: Fri, 15 Nov 2024 19:34:34 +0100
Precedence: bulk
list-help: <mailto:internals+help@lists.php.net
list-unsubscribe: <mailto:internals+unsubscribe@lists.php.net>
list-post: <mailto:internals@lists.php.net>
List-Id: internals.lists.php.net
x-ms-reactions: disallow
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PHP-DEV] A new fuzz testing tool for PHP
To: internals@lists.php.net
References: <79C53085-9AD8-4E6D-ADAA-38AC1660A57E@gmail.com>
Content-Language: en-US
In-Reply-To: <79C53085-9AD8-4E6D-ADAA-38AC1660A57E@gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From: dossche.niels@gmail.com (Niels Dossche)

On 15/11/2024 14:20, Yuancheng Jiang wrote:
> Hi all,
> 
> 
> I have been submitting hundreds of bugs (see https://github.com/php/php-src/issues/created_by/YuanchengJiang <https://github.com/php/php-src/issues/created_by/YuanchengJiang>) during the past months and I first thank all the developers who take time to fix these issues to make PHP better.
> 
> 
> I am thrilled to introduce one fully automated fuzz testing tool, FlowFusion, for discovering various bugs of the PHP interpreter.
> 
> 
> The core idea behind FlowFusion is to leverage dataflow as an effective representation of test cases (.phpt files) maintained by PHP developers, merging two (or more) test cases to produce fused test cases with more complex code semantics. We connect two (or more) test cases via interleaving their dataflows, i.e., bringing the code context from one test case to another. This enables interactions among existing test cases, which are mostly the unit tests verifying one single functionality, making fused test cases interesting with merging code semantics.
> 
> 
> FlowFusion additionally fuzzes all defined functions and class methods using the code contexts of fused test cases. Available functions, classes, and methods are pre-collected and stored in sqlite3 with necessary information like the number of parameters. FlowFusion will be automatically upgrading if phpt files keep updating. Any new single test can bring thousands of new fused tests.
> 
> 
> The search space of FlowFusion is huge, which means it can cover various corner cases. Reasons for the huge search space are three-fold: (i) two random combinations of around 20,000 test cases can generate 400,000,000 test cases, and we can combine even more; (ii) the interleaving has randomness, given two test cases, there could be multiple ways to connect them; and (iii) FlowFusion also mutates the test case, fuzzes the runtime environment/configuration like JIT.
> 
> 
> *I can open-source the tool under my personal repository. I wonder by any chance if I can contribute it as the official PHP tool under https://github.com/php <https://github.com/php>, and I would be happy to maintain it for a long time.*
> 
> *
> *
> 
> Best,
> 
> Yuancheng
> 

Hi Yuancheng

Thanks for all the reports you made, certainly an impressive feat!
I don't know what other maintainers think, but FWIW I'd be in favor incorporating this into our toolchain.

Kind regards
Niels