[pull] master from google:master#136
Merged
Merged
Conversation
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
Tracked in onnx/onnx#4902. ## Summary Adds Python [atheris](https://github.com/google/atheris) fuzz targets for the [ONNX](https://onnx.ai/) library, covering the main parsing, validation, and transformation surfaces of the public API. ## Fuzz targets | Target | API exercised | Input type | |---|---|---| | `fuzz_checker` | `checker.check_model(..., full_check=True)` | raw bytes (checker accepts `bytes` natively) | | `fuzz_model_loader` | `load_model_from_string` + graph traversal + `check_model` | raw bytes | | `fuzz_parser` | `parser.parse_model` | UTF-8 text (ONNX text format) | | `fuzz_shape_inference` | `shape_inference.infer_shapes` with sampled `check_type` and `strict_mode` | dual-path: raw bytes **or** structured `ModelProto` built by `FuzzedDataProvider` | | `fuzz_version_converter` | `version_converter.convert_version` | raw bytes → ModelProto; tries version−1, version+1, and latest opset | ## Design notes **C++ extension instrumentation.** ONNX's protobuf-based checker, shape inference engine, and version converter are implemented in C++. The build passes `$CFLAGS`/`$CXXFLAGS` via `pip install --no-build-isolation` and sets `-DONNX_USE_ASAN=ON` via `CMAKE_ARGS` when `$SANITIZER` is `address` or `undefined`, so both the Python layer (via atheris) and the C++ extensions are instrumented. `-DONNX_USE_ASAN=ON` covers both ASan and UBSan: ONNX's `CMakeLists.txt` links `Sanitizer::address` and `Sanitizer::undefined` when this flag is set, so no separate cmake flag is needed for UBSan. **Seed corpora.** `make_seed_corpus.py` generates two seed zips: - `fuzz_version_converter_seed_corpus.zip` — six serialized ONNX models covering edge cases relevant to version conversion (missing inputs, mixed opset versions). - `fuzz_parser_seed_corpus.zip` — six ONNX text-format strings extracted from [`onnx/test/parser_test.py`](https://github.com/onnx/onnx/blob/main/onnx/test/parser_test.py), covering basic graph parsing, multi-opset imports, metadata fields, local function definitions with attribute references, type initializers, and special float literals (`inf`, `-inf`, `nan`). **Structured shape inference fuzzing.** `fuzz_shape_inference` uses two input paths selected by a trailing toggle byte. The raw-bytes path feeds the protobuf parser directly. The structured path uses `FuzzedDataProvider` to construct `ModelProto` objects containing subgraph-bearing ops (`If`, `Loop`, `Scan`), which drives the recursive visitor inside `shape_inference` on most iterations. Both `strict_mode` and `check_type` values are sampled per iteration. **Recursion guard.** A `sys.setrecursionlimit(1000)` guard in `fuzz_shape_inference` prevents a known unbounded-recursion DoS in the shape inference engine (deeply nested subgraphs) from crashing the fuzzer process. `RecursionError` is explicitly caught and suppressed so the fuzzer continues finding unrelated bugs. **API contract differences.** `checker.check_model` accepts `Union[ModelProto, bytes, str, Path]` and handles deserialization internally, so raw bytes are passed directly. `shape_inference.infer_shapes` accepts `Union[ModelProto, str, Path]` only, so the fuzzer deserializes first and passes the resulting `ModelProto`. ## Testing Built and ran locally with: ``` python infra/helper.py build_fuzzers onnx python infra/helper.py run_fuzzer onnx <target> ``` --------- Signed-off-by: Andreas Fehlner <fehlner@arcor.de> Signed-off-by: MuhammedHussein17 <muhammedbussnies@gmail.com> Co-authored-by: MUHAMMED HUSSEIN <muhammedbussnies@gmail.com>
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )