Percentage of coverage and data from corpuses

Question

Percentage of coverage and data from corpuses

manobaneru opened this issue a year ago · 5 comments

manobaneru commented a year ago

Good evening! During my study of the tool and fuzzing in general, I had two questions.

I am running a program using Maven:
mvn jqf:fuzz -Dclass=ClassName -Dmethod=MethodName
Zest displays the Total coverage and Valid coverage parameters, and I'm not quite sure what the map parameter is? I add a .jar file to pom.xml to invoke the class method from it, but what map percentage do I get displayed? The percentage covered from the whole file, the class in question, or something else?
A corpus of data is generated during the JQF+Zest run. Can I realistically use them in the future? By using the jqf-afl-fuzz command? Or am I misunderstanding the concept of the workflow?

Thanks for your answers!

Answer 1 · 2023-08-25T17:07:53.000Z

Thanks for your interest in JQF! I agree we need better documentation or actually a better status screen.

The "Map" is the hashmap used to store coverage. So higher % of map covered means higher coverage. For efficiency reasons, we don't always resolve hash collisions, so the idea is that if the % coverage is very high (more than 40-50%), it would be better to increase the size of the hash map for better accuracy at the expense of lower performance. If the map coverage % is lower than 10-20%, I would just ignore it.

The corpus can be used for re-running tests using mvn jqf:repro (see docs) or by using them as seeds for another round of fuzzing. The files themselves are not human readable; they only ensure that the same corresponding inputs will be produced assuming the test method has the same signature and that the generator code hasn't changed.

Answer 2 · 2023-08-25T17:08:54.000Z

The mvn jqf:repro workflow is very important, because it allows you to re-run tests for debugging if you find a failure, or if you just want to see what behavior your program is exercising. We often use the repro runs along with a pretty-coverage tool like JaCoCo to generate HTML reports of coverage.

Answer 3 · 2023-08-28T09:17:12.000Z

Thank you for your detailed response and help in researching the issue!

Answer 4 · 2023-09-11T23:43:44.000Z

Hi, I hope you are doing well.

How does this % of map compares to the code coverage percentage I get from intelliJ? I'm asking because I'm using as seeds the same inputs I use in my Junit tests, but the % code coverage I get from intelliJ is quite different from the % of map coverage.

Answer 5 · 2023-09-12T00:30:13.000Z

There is no relation between the two numbers (except maybe a correlation).

…

On Mon, Sep 11, 2023, 7:43 PM enzocardeal ***@***.***> wrote: Hi, I hope you are doing well. How does this % of map compares to the code coverage percentage I get from intelliJ? I'm asking because I'm using as seeds the same inputs I use in my Junit tests, but the % code coverage I get from intelliJ is quite different from the % of map coverage. — Reply to this email directly, view it on GitHub <#236 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABAJQMWMJU3P7OH3LSJEAOLXZ6O3VANCNFSM6AAAAAA36ASPYU> . You are receiving this because you commented.Message ID: ***@***.***>