From ac54c9e6bb209c01536538788857eca9eb1654c1 Mon Sep 17 00:00:00 2001 From: Alan Jowett Date: Tue, 14 May 2024 13:27:12 -0700 Subject: [PATCH 1/4] Run ubpf_test over every file in corpus Signed-off-by: Alan Jowett --- .github/workflows/posix.yml | 12 ++++++++++++ libfuzzer/split.sh | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100755 libfuzzer/split.sh diff --git a/.github/workflows/posix.yml b/.github/workflows/posix.yml index 8c60f7f1..0140af43 100644 --- a/.github/workflows/posix.yml +++ b/.github/workflows/posix.yml @@ -191,6 +191,18 @@ jobs: --build build \ --target test + - name: Run ubpf_test over each file in fuzz corpus + run: | + wget https://github.com/iovisor/ubpf/archive/refs/heads/fuzz/corpus.zip + unzip corpus.zip + for file in ubpf-fuzz-corpus/fuzz/corpus/*; do + path=$(dirname $file) + name=$(basename $file) + libfuzzer/split.sh $file + build/bin/ubpf_test --mem $path/memory-$name $path/program-$name + build/bin/ubpf_test --mem $path/memory-$name $path/program-$name --jit + done + - name: Generate code coverage report if: inputs.enable_coverage == true && inputs.platform == 'macos-11' run: | diff --git a/libfuzzer/split.sh b/libfuzzer/split.sh new file mode 100755 index 00000000..2f562afa --- /dev/null +++ b/libfuzzer/split.sh @@ -0,0 +1,37 @@ +#!/bin/bash + +# Split the file name into path and base name +path=$(dirname $1) +base=$(basename $1) + +# Get the first 4 bytes from the file (which is the length of the program) +input="$(xxd -p -l 4 $1)" +# Convert from little endian +input="${input:6:2}${input:4:2}${input:2:2}${input:0:2}" + +# Convert input from hex string to value +length=$((16#$input)) + +# Extract the hash part from the file name +hash=$(echo $base | cut -d'-' -f2-) + +# Copy the program to a file named program-$hash +echo "Extracting program-$hash..." +dd if=$1 of=$path/program-$hash bs=1 skip=4 count=$length 2> /dev/null + +echo "Extracting memory-$hash..." +# Copy the rest to a file named memory-$hash +dd if=$1 of=$path/memory-$hash bs=1 skip=$((4 + $length)) 2> /dev/null + +echo "Disassembling program-$hash..." +# Unassembly program using bin/ubpf-disassembler +bin/ubpf-disassembler $path/program-$hash > $path/program-$hash.asm + +echo "Program size: $(stat -c %s $path/program-$hash)" +echo "Memory size: $(stat -c %s $path/memory-$hash)" + +echo "Disassembled program:" +cat $path/program-$hash.asm + +echo "Memory contents:" +xxd $path/memory-$hash From bbf6f6a06e36c65a3991a8731946caa041a92d7e Mon Sep 17 00:00:00 2001 From: Alan Jowett Date: Tue, 14 May 2024 13:42:37 -0700 Subject: [PATCH 2/4] Check return value Signed-off-by: Alan Jowett --- .github/workflows/posix.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/posix.yml b/.github/workflows/posix.yml index 0140af43..02868212 100644 --- a/.github/workflows/posix.yml +++ b/.github/workflows/posix.yml @@ -199,8 +199,12 @@ jobs: path=$(dirname $file) name=$(basename $file) libfuzzer/split.sh $file - build/bin/ubpf_test --mem $path/memory-$name $path/program-$name - build/bin/ubpf_test --mem $path/memory-$name $path/program-$name --jit + interpret_result=$(build/bin/ubpf_test --mem $path/memory-$name $path/program-$name) + jit_result=$(build/bin/ubpf_test --mem $path/memory-$name $path/program-$name --jit) + if [[ $interpret_result != $jit_result ]]; then + echo "Test failed for $name" + exit 1 + fi done - name: Generate code coverage report From 7c884b2a810764b2ff5086cd8a87d36903d2b6c7 Mon Sep 17 00:00:00 2001 From: Alan Jowett Date: Tue, 14 May 2024 13:44:59 -0700 Subject: [PATCH 3/4] Check return value Signed-off-by: Alan Jowett --- .github/workflows/posix.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/posix.yml b/.github/workflows/posix.yml index 02868212..870dd39a 100644 --- a/.github/workflows/posix.yml +++ b/.github/workflows/posix.yml @@ -202,6 +202,8 @@ jobs: interpret_result=$(build/bin/ubpf_test --mem $path/memory-$name $path/program-$name) jit_result=$(build/bin/ubpf_test --mem $path/memory-$name $path/program-$name --jit) if [[ $interpret_result != $jit_result ]]; then + echo "Interpret result: $interpret_result" + echo "JIT result: $jit_result" echo "Test failed for $name" exit 1 fi From 3bd1a4bf51d640d507647285d166b3a56a627f88 Mon Sep 17 00:00:00 2001 From: Alan Jowett Date: Tue, 14 May 2024 13:49:58 -0700 Subject: [PATCH 4/4] Make failure warning only Signed-off-by: Alan Jowett --- .github/workflows/posix.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/posix.yml b/.github/workflows/posix.yml index 870dd39a..942e3966 100644 --- a/.github/workflows/posix.yml +++ b/.github/workflows/posix.yml @@ -199,13 +199,12 @@ jobs: path=$(dirname $file) name=$(basename $file) libfuzzer/split.sh $file - interpret_result=$(build/bin/ubpf_test --mem $path/memory-$name $path/program-$name) - jit_result=$(build/bin/ubpf_test --mem $path/memory-$name $path/program-$name --jit) + interpret_result=$(build/bin/ubpf_test --mem $path/memory-$name $path/program-$name) || true + jit_result=$(build/bin/ubpf_test --mem $path/memory-$name $path/program-$name --jit) || true if [[ $interpret_result != $jit_result ]]; then echo "Interpret result: $interpret_result" echo "JIT result: $jit_result" echo "Test failed for $name" - exit 1 fi done