[Qemu-devel] Fuzzing event loops

[Qemu-devel] Fuzzing event loops

[Stefan Hajnoczi]

I wanted to share this idea about fuzzing event loops:

https://blog.acolyer.org/2017/06/09/node-fz-fuzzing-the-server-side-event-driven-architecture/

The idea is to expose ordering dependencies and atomicity bugs in
event loop callbacks/coroutines by randomly shuffling the order in
which fd handlers, timers, etc execute.

I'm not sure we'd find many bugs since QEMU tends to use big locks or
request serialization when concurrency gets tricky in the block layer.
Still, it's an interesting concept that we could apply in the future.

Stefan

Re: [Qemu-devel] [Qemu-block] Fuzzing event loops

[John Snow]

On 06/11/2017 06:47 AM, Stefan Hajnoczi wrote:
> I wanted to share this idea about fuzzing event loops:
> 
> https://blog.acolyer.org/2017/06/09/node-fz-fuzzing-the-server-side-event-driven-architecture/
> 
> The idea is to expose ordering dependencies and atomicity bugs in
> event loop callbacks/coroutines by randomly shuffling the order in
> which fd handlers, timers, etc execute.
> 
> I'm not sure we'd find many bugs since QEMU tends to use big locks or
> request serialization when concurrency gets tricky in the block layer.
> Still, it's an interesting concept that we could apply in the future.
> 
> Stefan
> 

Sounds fun, probably too detailed for a GSoC/Outreachy project, right?
Do we have a page on the wiki for random "Hey, this might be nice..." ideas?

(Or is that a bad idea itself so we don't have a graveyard of 'not my
problem' projects?)

--js

Re: [Qemu-devel] [Qemu-block] Fuzzing event loops

[Stefan Hajnoczi]

[-- Attachment #1: Type: text/plain, Size: 1228 bytes --]

On Mon, Jun 26, 2017 at 04:53:45PM -0400, John Snow wrote:
> On 06/11/2017 06:47 AM, Stefan Hajnoczi wrote:
> > I wanted to share this idea about fuzzing event loops:
> > 
> > https://blog.acolyer.org/2017/06/09/node-fz-fuzzing-the-server-side-event-driven-architecture/
> > 
> > The idea is to expose ordering dependencies and atomicity bugs in
> > event loop callbacks/coroutines by randomly shuffling the order in
> > which fd handlers, timers, etc execute.
> > 
> > I'm not sure we'd find many bugs since QEMU tends to use big locks or
> > request serialization when concurrency gets tricky in the block layer.
> > Still, it's an interesting concept that we could apply in the future.
> > 
> > Stefan
> > 
> 
> Sounds fun, probably too detailed for a GSoC/Outreachy project, right?
> Do we have a page on the wiki for random "Hey, this might be nice..." ideas?
> 
> (Or is that a bad idea itself so we don't have a graveyard of 'not my
> problem' projects?)

This idea is difficult as an internship because it's an investigation
project.  It may produce no results or may require deep knowledge of
QEMU internals to resolve issues that are identified.

I just wanted to share the idea.

Stefan

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 455 bytes --]