fuzz-introspector icon indicating copy to clipboard operation
fuzz-introspector copied to clipboard

Published 20 hours ago verified publisher icon ossf

Introspector not showing coverage on Python Decorators

Open sg3-141-592 opened this issue 1 year ago • 7 comments

I recently integrated the cachetools library into OSS-Fuzz recently. This library uses a @cached decorator to indicate a function output to cache, e.g.

@cachetools.cached(cache=fdp.PickValueInList(CACHE_TYPES), lock=cache_lock, info=fdp.ConsumeBool()) 
def fib(n):
     return n if n < 2 else fib(n - 1) + fib(n - 2)

I can't get the introspector to recognise that we're hitting the cached decorator. I can see the coverage here cachetools/__init__py.html:632 but I can't get it in the call graph.

image

Some other data points, if you see fuzzerLogFile-fuzz_cached.data.yaml this method is on line 629

    functionLinenumber: 629
    functionName: cachetools.cached.decorator
    functionSourceFile: cachetools

CallTree File fuzzerLogFile-fuzz_cached.data

Call tree
...fuzz_cached.TestOneInput / -1
  cachetools.cached.decorator ...fuzz_cached -1
    <builtin>.isinstance cachetools 633

And Coverage File all_cov.json

        "/pythoncovmergedfiles/medio/medio/usr/local/lib/python3.8/site-packages/cachetools/__init__.py": {
            "executed_lines": [
...
                629,
                630,
                631,
                633,
...

Any idea if this is an introspector issue, or if it's likely something else?

sg3-141-592 avatar Apr 21 '23 19:04 sg3-141-592

Do I get this right, that the decorator is recognised in the calltree and the coverage is recorded in all_cov.json but it isn't showing up as green in the calltree?

DavidKorczynski avatar Apr 22 '23 19:04 DavidKorczynski

That's correct yes. It's not turning up in the Functions coverage either.

image

sg3-141-592 avatar Apr 22 '23 20:04 sg3-141-592

Ah thanks, I will see if I can go over this Monday!

DavidKorczynski avatar Apr 23 '23 23:04 DavidKorczynski

Should be fixed in https://github.com/ossf/fuzz-introspector/pull/1005

Screenshot 2023-04-24 114156

Thanks for reporting!

DavidKorczynski avatar Apr 24 '23 10:04 DavidKorczynski

leaving open until we've bumped oss-fuzz

DavidKorczynski avatar Apr 24 '23 11:04 DavidKorczynski

Thanks for the quick fix. Did a bit of local testing with the latest fuzz-introspector repo and results look good.

import function_inspector

function_inspector.print_function_details(
    "cachetools",
    [
        "cachetools.cached.decorator",
        "cachetools.Cache.__init__",
        "cachetools.LFUCache.__init__",
    ],
)

## Outputs
cachetools.cached.decorator
  Reached by 1 fuzzers [['fuzz_cached']]
  Code coverage: 75.000000
cachetools.Cache.__init__
  Reached by 1 fuzzers [['fuzz_cached']]
  Code coverage: 100.000000
cachetools.LFUCache.__init__
  Reached by 1 fuzzers [['fuzz_cached']]
  Code coverage: 100.000000

sg3-141-592 avatar Apr 25 '23 20:04 sg3-141-592

Hey @DavidKorczynski , some observations from the latest introspector report for cachetools https://storage.googleapis.com/oss-fuzz-introspector/cachetools/inspector-report/20230501/fuzz_report.html .

The calltree looks good, and __init__ methods are showing as covered. And the overall coverage number has increased from 9% to 69%.

However the overall "functions statically reachable" and "cyclomatic complexity statically reachable" overview numbers haven't changed. Is there a secondary fix needed on the introspector get the __init__ methods included in these statistics?

sg3-141-592 avatar May 01 '23 12:05 sg3-141-592