Merged
Conversation
Java's toMap and further down uniqKeysMapAccumulator require non-null values.
1c193b8 to
ed63cd4
Compare
This new self-fuzz-test uncovered many problems with the mutation framework for cases where users fuzz for a while before changing the fuzz test signature and then continue fuzzing. This might (and often times will) result in corpus inputs that Jazzer's mutation framework was not designed to deal with. Most bugs come from the protobuf mutators that has no default max container size. Co-authored-by: Simon Resch <simon.resch@code-intelligence.com>
314f9f2 to
028b574
Compare
Co-authored-by: Simon Resch <simon.resch@code-intelligence.com>
23f7559 to
f9080ff
Compare
f9080ff to
0fb7f52
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR introduces a comprehensive self-fuzzing test framework to test Jazzer's mutation framework and fixes a critical bug in the map mutator. The self-fuzzing test uncovered several issues with the protobuf mutators and mutation framework when handling corpus inputs from different fuzz test signatures.
- Adds a new self-fuzz test that systematically tests all mutation functionality
- Fixes a null pointer exception in MapMutatorFactory's detach method
- Updates visibility rules to enable the self-fuzzing framework
Reviewed Changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| src/main/java/com/code_intelligence/jazzer/mutation/mutator/collection/MapMutatorFactory.java | Fixes NPE by replacing stream-based detach with manual iteration that handles null values |
| selffuzz/src/test/java/com/code_intelligence/selffuzz/mutation/ArgumentsMutatorFuzzTest.java | Main self-fuzzing test that exercises mutation framework with various data types |
| selffuzz/src/test/java/com/code_intelligence/selffuzz/mutation/*.java | Helper classes for testing bean mutation patterns |
| src/test/java/com/code_intelligence/jazzer/mutation/mutator/proto/BUILD.bazel | Updates visibility to allow selffuzz access to proto libraries |
| .github/workflows/*.yml | Adds fuzzing workflow and corpus caching for CI |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
...rc/test/java/com/code_intelligence/selffuzz/mutation/ConstructorPropertiesAnnotatedBean.java
Show resolved
Hide resolved
selffuzz/src/test/java/com/code_intelligence/selffuzz/mutation/ImmutableBuilder.java
Show resolved
Hide resolved
simonresch
reviewed
Sep 25, 2025
0fb7f52 to
da265ca
Compare
simonresch
approved these changes
Sep 25, 2025
Contributor
simonresch
left a comment
There was a problem hiding this comment.
Nice! Really useful test.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This new self-fuzz-test uncovered many problems with the mutation framework for cases where users fuzz for a while before changing the fuzz test signature and then continue fuzzing. This might (and often times will) result in corpus inputs that Jazzer's mutation framework was not designed to deal with. Most bugs come from the protobuf mutators that have no default max container size.
This PR includes a fix for a null pointer exception in the map mutator that happened when detaching keys that mapped to null.
All bugs that currently happen in the protobuf mutator are commented out and will be addressed in the future.