From 95f8b8a34faf3fe0e9dee28447a0cb031d6d2174 Mon Sep 17 00:00:00 2001 From: Stephan Kantelberg Date: Fri, 12 May 2023 15:33:16 +0200 Subject: [PATCH 1/5] changed example, added pipeline for testing --- .github/workflows/build_cmake.yml | 45 +++++++++++++++++++++++++++++++ CMakePresets.json | 28 +++++++++++++++++++ fuzz_test/CMakeLists.txt | 4 +-- fuzz_test/fuzz_tester.cpp | 26 +++++++++--------- 4 files changed, 87 insertions(+), 16 deletions(-) diff --git a/.github/workflows/build_cmake.yml b/.github/workflows/build_cmake.yml index 763a00f..5559bb9 100644 --- a/.github/workflows/build_cmake.yml +++ b/.github/workflows/build_cmake.yml @@ -187,3 +187,48 @@ jobs: - name: Build shell: bash run: cmake --build --preset build-gcc-arm-${{ matrix.buildtype }} + + linux-fuzzing: + name: ${{ matrix.os }}, ${{ matrix.compiler.name }}, C++${{ matrix.cxx }}, ${{ matrix.buildtype }} + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false # 'false' means Don't stop matrix workflows even if some matrix entry fails. + matrix: + os: [ubuntu-22.04] + buildtype: [debug] + compiler: [{name: 'Clang 15', preset: clang-15, pkgs: 'clang-15 llvm-15'}] + cxx: [20] + + steps: + - uses: actions/checkout@v3 + + - name: Cache + uses: actions/cache@v3 + env: + cache-name: cache-conan-modules + with: + path: | + ${{ env.CONAN_USER_HOME }} + ~/.cache/pip + key: ${{ runner.os }}-${{ env.BUILD_TYPE }}-${{ hashFiles('CMakeLists.txt') }}-${{ hashFiles('cmake/Conan.cmake') }} + + - name: Install conan + shell: bash + run: | + python3 -m pip install --upgrade pip setuptools conan==1.59 + source ~/.profile + + - name: Install dependencies + run: | + sudo bash -c "$(wget -O - https://apt.llvm.org/llvm.sh)" + sudo apt update + sudo apt install ninja-build ${{ matrix.compiler.pkgs }} + shell: bash + + - name: Configure via CMake + shell: bash + run: cmake --preset unixlike-${{ matrix.compiler.preset }}-${{ matrix.buildtype }} + + - name: Build + shell: bash + run: cmake --build --preset build-unixlike-${{ matrix.compiler.preset }}-${{ matrix.buildtype }} diff --git a/CMakePresets.json b/CMakePresets.json index 69d1d03..33ed72c 100644 --- a/CMakePresets.json +++ b/CMakePresets.json @@ -350,6 +350,23 @@ "CMAKE_TRY_COMPILE_TARGET_TYPE": "STATIC_LIBRARY", "CMAKE_CROSSCOMPILING": "TRUE" } + }, + { + "name": "clang-15-fuzzing", + "description": "Clang 15 fuzzer test", + "binaryDir": "${sourceDir}/out/build/${presetName}", + "installDir": "${sourceDir}/out/install/${presetName}", + "cacheVariables": { + "CMAKE_C_COMPILER": "clang-15", + "CMAKE_CXX_COMPILER": "clang++-15", + "CMAKE_BUILD_TYPE": "Debug", + "ENABLE_COVERAGE": "ON", + "ENABLE_SANITIZER_ADDRESS": "ON", + "ENABLE_SANITIZER_LEAK": "ON", + "ENABLE_SANITIZER_UNDEFINED_BEHAVIOR": "ON", + "ENABLE_SANITIZER_MEMORY": "OFF", + "ENABLE_FUZZING": "ON" + } } ], "buildPresets": [ @@ -444,6 +461,10 @@ { "name": "build-gcc-arm-release", "configurePreset": "gcc-arm-release" + }, + { + "name": "build-clang-15-fuzzing", + "configurePreset": "clang-15-fuzzing" } ], "testPresets": [ @@ -612,6 +633,13 @@ "inherits": "test-common", "configuration": "Release", "configurePreset": "win32-gcc-x64-mingw-release" + }, + { + "name": "test-clang-15-fuzzing", + "displayName": "Strict", + "description": "Enable output and stop on failure", + "inherits": "test-common", + "configurePreset": "clang-15-fuzzing" } ] } diff --git a/fuzz_test/CMakeLists.txt b/fuzz_test/CMakeLists.txt index 9bef7e1..9a1fc5a 100644 --- a/fuzz_test/CMakeLists.txt +++ b/fuzz_test/CMakeLists.txt @@ -13,7 +13,7 @@ TARGET_COMPILE_OPTIONS(fuzz_tester PRIVATE -fsanitize=fuzzer,undefined,address) # Allow short runs during automated testing to see if something new breaks SET(FUZZ_RUNTIME - 10 - CACHE STRING "Number of seconds to run fuzz tests during ctest run") # Default of 10 seconds + 10 + CACHE STRING "Number of seconds to run fuzz tests during ctest run") # Default of 10 seconds ADD_TEST(NAME fuzz_tester_run COMMAND fuzz_tester -max_total_time=${FUZZ_RUNTIME}) diff --git a/fuzz_test/fuzz_tester.cpp b/fuzz_test/fuzz_tester.cpp index 7ffb452..a2ed014 100644 --- a/fuzz_test/fuzz_tester.cpp +++ b/fuzz_test/fuzz_tester.cpp @@ -1,20 +1,18 @@ -#include -#include -#include +#include +#include -[[nodiscard]] auto sum_values(const uint8_t *Data, size_t Size) -{ - constexpr auto scale = 1000; - int value = 0; - for (std::size_t offset = 0; offset < Size; ++offset) { value += static_cast(*std::next(Data, static_cast(offset))) * scale; } - return value; +// example comes from here: https://github.com/google/fuzzing/blob/master/tutorial/libFuzzer/fuzz_me.cc +// Documentation can be found here: https://llvm.org/docs/LibFuzzer.html +bool FuzzMe(const uint8_t *Data, size_t DataSize) { + return DataSize >= 3 && + Data[0] == 'F' && + Data[1] == 'U' && + Data[2] == 'Z' && + Data[3] == 'Z'; // :‑< } -// Fuzzer that attempts to invoke undefined behavior for signed integer overflow -// cppcheck-suppress unusedFunction symbolName=LLVMFuzzerTestOneInput -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ - fmt::print("Value sum: {}, len{}\n", sum_values(Data, Size), Size); +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + FuzzMe(Data, Size); return 0; } From 42216dfe3e05aa41af934de489f3c1312072cb3f Mon Sep 17 00:00:00 2001 From: Stephan Kantelberg Date: Fri, 12 May 2023 15:55:40 +0200 Subject: [PATCH 2/5] removed unused variable --- .github/workflows/build_cmake.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/build_cmake.yml b/.github/workflows/build_cmake.yml index 5559bb9..4e313a5 100644 --- a/.github/workflows/build_cmake.yml +++ b/.github/workflows/build_cmake.yml @@ -197,7 +197,6 @@ jobs: os: [ubuntu-22.04] buildtype: [debug] compiler: [{name: 'Clang 15', preset: clang-15, pkgs: 'clang-15 llvm-15'}] - cxx: [20] steps: - uses: actions/checkout@v3 From 832ae16467645d4a04294a35e1c32330ab8a796a Mon Sep 17 00:00:00 2001 From: Stephan Kantelberg Date: Fri, 12 May 2023 15:56:05 +0200 Subject: [PATCH 3/5] added more comments that the problem is on purpose --- fuzz_test/fuzz_tester.cpp | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/fuzz_test/fuzz_tester.cpp b/fuzz_test/fuzz_tester.cpp index a2ed014..4908136 100644 --- a/fuzz_test/fuzz_tester.cpp +++ b/fuzz_test/fuzz_tester.cpp @@ -1,14 +1,16 @@ -#include -#include +#include +#include - -// example comes from here: https://github.com/google/fuzzing/blob/master/tutorial/libFuzzer/fuzz_me.cc -// Documentation can be found here: https://llvm.org/docs/LibFuzzer.html +/* + * example comes from here: https://github.com/google/fuzzing/blob/master/tutorial/libFuzzer/fuzz_me.cc + * Documentation can be found here: https://llvm.org/docs/LibFuzzer.html + */ bool FuzzMe(const uint8_t *Data, size_t DataSize) { return DataSize >= 3 && Data[0] == 'F' && Data[1] == 'U' && Data[2] == 'Z' && + // the following is on purpose to demonstrate an error Data[3] == 'Z'; // :‑< } From e8110a95bfa161a4ac146123fbe11d9a59b97ee7 Mon Sep 17 00:00:00 2001 From: Stephan Kantelberg Date: Fri, 12 May 2023 16:17:16 +0200 Subject: [PATCH 4/5] added more libfuzzer compilation --- .github/workflows/build_cmake.yml | 6 ++- CMakePresets.json | 88 +++++++++++++++++++++++++++---- 2 files changed, 83 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build_cmake.yml b/.github/workflows/build_cmake.yml index 4e313a5..e1abb48 100644 --- a/.github/workflows/build_cmake.yml +++ b/.github/workflows/build_cmake.yml @@ -196,7 +196,11 @@ jobs: matrix: os: [ubuntu-22.04] buildtype: [debug] - compiler: [{name: 'Clang 15', preset: clang-15, pkgs: 'clang-15 llvm-15'}] + compiler: [ {name: 'Clang 12', preset: clang-12, pkgs: 'clang-12 llvm-12'}, + {name: 'Clang 13', preset: clang-13, pkgs: 'clang-13 llvm-13'}, + {name: 'Clang 14', preset: clang-14, pkgs: 'clang-14 llvm-14'}, + {name: 'Clang 15', preset: clang-15, pkgs: 'clang-15 llvm-15'} + ] steps: - uses: actions/checkout@v3 diff --git a/CMakePresets.json b/CMakePresets.json index 33ed72c..cfc579a 100644 --- a/CMakePresets.json +++ b/CMakePresets.json @@ -53,6 +53,22 @@ } } }, + { + "name": "common-fuzzing-conf", + "hidden": true, + "description": "Clang 15 fuzzer test", + "binaryDir": "${sourceDir}/out/build/${presetName}", + "installDir": "${sourceDir}/out/install/${presetName}", + "cacheVariables": { + "CMAKE_BUILD_TYPE": "Debug", + "ENABLE_COVERAGE": "ON", + "ENABLE_SANITIZER_ADDRESS": "ON", + "ENABLE_SANITIZER_LEAK": "ON", + "ENABLE_SANITIZER_UNDEFINED_BEHAVIOR": "ON", + "ENABLE_SANITIZER_MEMORY": "OFF", + "ENABLE_FUZZING": "ON" + } + }, { "name": "windows-2019-msvc-debug", "generator": "Visual Studio 16 2019", @@ -351,21 +367,40 @@ "CMAKE_CROSSCOMPILING": "TRUE" } }, + { + "name": "clang-12-fuzzing", + "description": "Clang 12 fuzzer test", + "inherits": "common-fuzzing-conf", + "cacheVariables": { + "CMAKE_C_COMPILER": "clang-12", + "CMAKE_CXX_COMPILER": "clang++-12" + } + }, + { + "name": "clang-13-fuzzing", + "description": "Clang 13 fuzzer test", + "inherits": "common-fuzzing-conf", + "cacheVariables": { + "CMAKE_C_COMPILER": "clang-13", + "CMAKE_CXX_COMPILER": "clang++-13" + } + }, + { + "name": "clang-14-fuzzing", + "description": "Clang 14 fuzzer test", + "inherits": "common-fuzzing-conf", + "cacheVariables": { + "CMAKE_C_COMPILER": "clang-14", + "CMAKE_CXX_COMPILER": "clang++-14" + } + }, { "name": "clang-15-fuzzing", "description": "Clang 15 fuzzer test", - "binaryDir": "${sourceDir}/out/build/${presetName}", - "installDir": "${sourceDir}/out/install/${presetName}", + "inherits": "common-fuzzing-conf", "cacheVariables": { "CMAKE_C_COMPILER": "clang-15", - "CMAKE_CXX_COMPILER": "clang++-15", - "CMAKE_BUILD_TYPE": "Debug", - "ENABLE_COVERAGE": "ON", - "ENABLE_SANITIZER_ADDRESS": "ON", - "ENABLE_SANITIZER_LEAK": "ON", - "ENABLE_SANITIZER_UNDEFINED_BEHAVIOR": "ON", - "ENABLE_SANITIZER_MEMORY": "OFF", - "ENABLE_FUZZING": "ON" + "CMAKE_CXX_COMPILER": "clang++-15" } } ], @@ -462,6 +497,18 @@ "name": "build-gcc-arm-release", "configurePreset": "gcc-arm-release" }, + { + "name": "build-clang-12-fuzzing", + "configurePreset": "clang-12-fuzzing" + }, + { + "name": "build-clang-13-fuzzing", + "configurePreset": "clang-13-fuzzing" + }, + { + "name": "build-clang-14-fuzzing", + "configurePreset": "clang-14-fuzzing" + }, { "name": "build-clang-15-fuzzing", "configurePreset": "clang-15-fuzzing" @@ -634,6 +681,27 @@ "configuration": "Release", "configurePreset": "win32-gcc-x64-mingw-release" }, + { + "name": "test-clang-12-fuzzing", + "displayName": "Strict", + "description": "Enable output and stop on failure", + "inherits": "test-common", + "configurePreset": "clang-12-fuzzing" + }, + { + "name": "test-clang-13-fuzzing", + "displayName": "Strict", + "description": "Enable output and stop on failure", + "inherits": "test-common", + "configurePreset": "clang-13-fuzzing" + }, + { + "name": "test-clang-14-fuzzing", + "displayName": "Strict", + "description": "Enable output and stop on failure", + "inherits": "test-common", + "configurePreset": "clang-14-fuzzing" + }, { "name": "test-clang-15-fuzzing", "displayName": "Strict", From 9fec3bf53882e1ea10fc52810b4144aa0875e276 Mon Sep 17 00:00:00 2001 From: Stephan Kantelberg Date: Fri, 12 May 2023 16:40:48 +0200 Subject: [PATCH 5/5] Changed naming --- .github/workflows/build_cmake.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_cmake.yml b/.github/workflows/build_cmake.yml index e1abb48..5174c5e 100644 --- a/.github/workflows/build_cmake.yml +++ b/.github/workflows/build_cmake.yml @@ -189,7 +189,7 @@ jobs: run: cmake --build --preset build-gcc-arm-${{ matrix.buildtype }} linux-fuzzing: - name: ${{ matrix.os }}, ${{ matrix.compiler.name }}, C++${{ matrix.cxx }}, ${{ matrix.buildtype }} + name: ${{ matrix.os }}, ${{ matrix.compiler.name }}, libFuzzer, ${{ matrix.buildtype }} runs-on: ${{ matrix.os }} strategy: fail-fast: false # 'false' means Don't stop matrix workflows even if some matrix entry fails.