Suricata

After merge of https://github.com/OISF/suricata/pull/5557

+ fix more bugs
+ visualisation of rust coverage
+ performance inspection
+ coverage inspection (already improved from 40 to 43% in one day on oss-fuzz, and up to 46% three days after)
+ run targets on corpus as part of CI
+ more fuzz targets

+ structure aware versus pcap (so as not to fuzz libpcap, but somehow still use pcaps in the seed corpus)
+ differential testing with tcp flow splitting

https://github.com/OISF/suricata/pull/5616 :
+ fix some bugs in the targets / improve output
+ visualisation of rust coverage : first required step

improving fuzz target initializaition to prevent dummy bug : https://github.com/OISF/suricata/pull/5672

https://github.com/OISF/suricata/pull/5760 to run targets on public corpus as part of CI

Fixing fuzz targets https://github.com/OISF/suricata/pull/5791

Fixing fuzz target with https://github.com/OISF/suricata/pull/5796

TODO : Fuzz when STREAM_MIDSTREAM...

https://github.com/OISF/suricata/pull/5838 to run targets on corpus as part of CI

So, what is left :
+ fix more bugs like https://github.com/OISF/suricata/pull/5850
+ visualisation of rust coverage cf WIP https://github.com/google/oss-fuzz/pull/4697
+ performance inspection + coverage inspection (50% last time I checked and still rising) (fix bugs first)
+ more fuzz targets (cf other redmine tickets)

+ structure aware versus pcap cf https://github.com/OISF/suricata/pull/5818
+ differential testing with tcp flow splitting cf WIP https://github.com/OISF/suricata/pull/4917 to be improved

So, what is left :
+ fix more bugs
+ performance inspection + coverage inspection
+ more fuzz targets (cf other redmine tickets)
+ structure aware versus pcap cf https://github.com/OISF/suricata/pull/5967
+ differential testing with tcp flow splitting cf WIP https://github.com/OISF/suricata/pull/4917 to be improved
+ fuzz midstream by default for sigpcap ?

Maybe we should also have specific fuzz target per protocol in addition to the generic ones

In addition to midstream, its, async are interesting options.
We should try to fuzz them all

So, what is left :
+ fix the bugs
+ performance inspection + coverage inspection + more fuzz targets (cf other redmine tickets)
+ fuzz midstream/async/ips conditionally
+ differential testing with tcp flow splitting cf WIP https://github.com/OISF/suricata/pull/4917 to be improved ?

Performance inspection :
in addition to https://github.com/OISF/suricata/pull/6188, disabling eve.log is a great way to speed up fuzz_sigpcap_aware (from 5 minutes to 3 minutes and 30 seconds on the corpus)

Another prominent function is __sanitizer_cov_trace_cmp8 called from HashListTableFree

The call to ConfGetBool in DetectMpmInitializeAppMpms seems quite expensive as well
Can be optimized away with #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION

Another idea is to split the target in 2 : one to only the "one single TCP stream" inputs , and one to do whatever pcaps

So, what is left :
+ fix the bugs
+ clusterfuzzlite to fuzz our own private staging branch on gitlab
+ performance inspection + coverage inspection
+ more fuzz targets (cf other redmine tickets like #3587) need to give a bit more thought
+ fuzz midstream/async/ips conditionally : after some optimization on predef target ? + naming trick as for app layer protocols
+ differential testing with tcp flow splitting cf WIP https://github.com/OISF/suricata/pull/4917 to be improved ? after https://redmine.openinfosecfoundation.org/issues/4858

We should also fuzz LUA support cf detect-engine-dns.c not reachable without it

I should put into Suricata-verify the build corpus functionalities for the relevant fuzz targets

Another idea : shorten timeouts