Genesis icon indicating copy to clipboard operation
Genesis copied to clipboard
verified publisher icon Genesis-Embodied-AI

[MISC] initial Genesis Fuzz Support fuzz_target.py

Open Shivam7-1 opened this issue 1 year ago • 4 comments

Introducing foundational fuzzing support for Genesis to help identify and resolve potential issues.

Once merged, I will submit a pull request to the OSS-Fuzz repo to enable fuzzing for this library on Google infrastructure. Any identified bugs will be reported to the Genesis maintainers.

Kindly review the OSS-Fuzz documentation and Bug Disclosure Guidelines before proceeding with the merge.

Thanks

Shivam7-1 avatar Dec 21 '24 12:12 Shivam7-1

Hii @YilingQiao Could Team Review This PR as well as can I get maintainer list so I can Add them who get notified above Alerts

Thanks

Shivam7-1 avatar Dec 22 '24 03:12 Shivam7-1

Hi Shivam,

Thank you for your PR. I’m not sure if we need this workflow at the moment. Are there other similar repositories using it? Our current priority is to address some urgent bugs. Let me discuss this with others and get back to you. Thank you so much for your time!

YilingQiao avatar Dec 22 '24 03:12 YilingQiao

Hii @YilingQiao Okay Thanks For Response Yes You can discuss and let me know also I had created Above Fuzz Target py file also Ultimately it will Improves the System and Get Alerts as you will Review Documentation of it Here are list of Project which is aling with ossfuzz https://github.com/google/oss-fuzz/tree/master/projects Thanks again

Shivam7-1 avatar Dec 22 '24 03:12 Shivam7-1

Introducing foundational fuzzing support for Genesis to help identify and resolve potential issues.

Once merged, I will submit a pull request to the OSS-Fuzz repo to enable fuzzing for this library on Google infrastructure. Any identified bugs will be reported to the Genesis maintainers.

Kindly review the OSS-Fuzz documentation and Bug Disclosure Guidelines before proceeding with the merge.

Thanks

Hii @YilingQiao @zhouxian Can I Proceed with this? If yes Could Team please Merge This PR to this Repo Thanks

Shivam7-1 avatar Dec 23 '24 09:12 Shivam7-1

Reminder Hii @ziyanx02 @YilingQiao @zhouxian Can I Proceed with this? If yes Could Team please Merge This PR to this Repo So then I will make PR in ossfuzz to integrate Project Thanks

Shivam7-1 avatar Dec 29 '24 03:12 Shivam7-1

Hi, @Shivam7-1 , can you elaborate further on why this is needed and why it is not yet a common practice for similar repositories (such as MuJoCo and Bullet3)? We are not entirely sure about the pros and cons of this additional workflow.

YilingQiao avatar Dec 29 '24 16:12 YilingQiao

Hii @YilingQiao @Kashu7100 @ziyanx02 Thanks For Response The initial fuzz integration file is useful to ensure that we can identify potential issues early in the development process

  1. Automated Testing and Early Bug Detection: Fuzz testing automatically generates random, invalid, or unexpected inputs to test the system’s resilience. By integrating fuzzing into the project early, we can identify edge cases, vulnerabilities, and crashes that might otherwise be missed during manual testing. This significantly enhances the robustness of the system.

  2. Improving Code Quality: Fuzz testing helps detect flaws that could lead to security vulnerabilities, performance bottlenecks, or unexpected behavior. Integrating this into the Genesis project from the outset allows us to maintain high-quality, stable, and secure code as we move forward.

  3. Efficiency: Implementing fuzz testing early in the process can save both time and resources. Catching issues early in the development lifecycle helps avoid the higher costs of fixing bugs later in the process, especially when the system is more complex and harder to change.

For similiar Repo I am unaware about this but I think this would be better here to use or any project Further you can also look into this OSS-Fuzz documentation and Bug Disclosure Guidelines

Shivam7-1 avatar Dec 29 '24 16:12 Shivam7-1

The PR code seems not providing valuable check at this moment to me. I don't see any benefit of including this at this point.

Kashu7100 avatar Jan 02 '25 05:01 Kashu7100

Hii @Kashu7100 Thanks For Reviewing What things Could make this more better check and can be added?

Shivam7-1 avatar Jan 02 '25 16:01 Shivam7-1

First of all, what do you want to check with fuzzing (in your PR for example)? The purpose or intention is very unclear, which makes unlikely to be merged. Second, we currently have the automated workflow for basic check. You haven't provided any merit of using this fuzzer over the current workflow that we have. Also you didn't give clear reason why similar projects such as MuJoCo and Bullet3 are not adapting your suggested workflow (I guess there's no need for fuzzing).

If you still want to convince us, could you update your PR to include the code that you think is actually beneficial for Genesis debugging?

Kashu7100 avatar Jan 03 '25 16:01 Kashu7100