I-Google yethule iphrojekthi ye-ClusterFuzzLite, evumela ukuhlela ukuhlolwa okungaqondakali kwekhodi ukuze kutholwe kusenesikhathi ubungozi obungaba khona phakathi nokusebenza kwamasistimu okuhlanganiswa okuqhubekayo. Okwamanje, i-ClusterFuzz ingasetshenziselwa ukwenza ukuhlola kwe-fuzz ngokuzenzakalelayo kwezicelo zokudonsa ku-GitHub Actions, Google Cloud Build, ne-Prow, kodwa ukusekelwa kwamanye amasistimu e-CI kulindeleke esikhathini esizayo. Le phrojekthi isuselwe kuplathifomu ye-ClusterFuzz, edalelwe ukuxhumanisa umsebenzi wamaqoqo okuhlola axakayo, futhi isatshalaliswa ngaphansi kwelayisensi ye-Apache 2.0.
Kuyaphawulwa ukuthi ngemuva kokuthi i-Google yethule isevisi ye-OSS-Fuzz ngo-2016, amaphrojekthi omthombo ovulekile abalulekile angaphezu kuka-500 amukelwe ohlelweni lokuhlola oluxakile. Ngokusekelwe ezivivinyweni ezenziwe, ngaphezu kwe-6500 ubungozi obuqinisekisiwe bususiwe futhi amaphutha angaphezu kwezinkulungwane ezingama-21 alungiswa. I-ClusterFuzzLite iyaqhubeka nokuthuthukisa izindlela zokuhlola ezixakile ezinekhono lokuhlonza izinkinga kusenesikhathi esigabeni sokubuyekezwa sezinguquko ezihlongozwayo. I-ClusterFuzzLite isivele isetshenziswe ezinqubweni zokubuyekezwa koshintsho kumaphrojekthi we-systemd kanye ne-curl, futhi yenze kwaba nokwenzeka ukuhlonza amaphutha aphuthelwe abahlaziyi abamile kanye nama-linter asetshenziswe esigabeni sokuqala sokuhlola ikhodi entsha.
I-ClusterFuzzLite isekela ukubuyekezwa kwephrojekthi ku-C, C++, Java (nezinye izilimi ezisekelwe ku-JVM), i-Go, i-Python, i-Rust, ne-Swift. Ukuhlolwa kwe-Fuzzing kwenziwa kusetshenziswa injini ye-LibFuzzer. Amathuluzi e-AddressSanitizer, MemorySanitizer, kanye ne-UBSan (UndefinedBehaviorSanitizer) angaphinda abizwe ukuze ahlonze amaphutha enkumbulo nokudidayo.
Izici ezibalulekile ze-ClusterFuzzLite: ukuhlola okusheshayo kwezinguquko ezihlongozwayo ukuze uthole amaphutha ngaphambi kokwamukela ikhodi; ukulanda imibiko ngezimo zokuphahlazeka; ikhono lokudlulela ekuhlolweni okuthuthuke kakhulu kokuhlonza amaphutha ajulile angazange avele ngemva kokuhlola izinguquko zekhodi; ukukhiqizwa kwemibiko ehlanganisayo yokuhlola ukufakwa kwamakhodi ngesikhathi sokuhlolwa; i-architecture ye-modular evumela ukuthi ukhethe umsebenzi odingekayo.
Masikhumbule ukuthi ukuhlola okungaqondakali kuhilela ukukhiqiza ukusakazwa kwazo zonke izinhlobo zezinhlanganisela ezingahleliwe zedatha yokufaka eseduze nedatha yangempela (isibonelo, amakhasi e-html anamapharamitha womaka angahleliwe, izingobo zomlando noma izithombe ezinezihloko ezingaqondakali, njll.), kanye nokurekhoda okungenzeka ukwehluleka ohlelweni lokucutshungulwa kwazo. Uma uchungechunge luphahlazeka noma lungafani nempendulo elindelekile, lokhu kuziphatha cishe kuzobonisa isiphazamisi noma ukuba sengozini.
Source: opennet.ru