[sw] Add a fuzzer for the spi_flash library

+ Adds @rules_fuzzing dependency to Bazel. + Adds command-line flag --config=asan-libfuzzer via `.bazelrc`. + Adds a fuzzer for the spi_flash library. The fuzzer generates a sequence of SPI commands. To run the fuzzer: ``` ./bazelisk.sh run --config=asan-libfuzzer //sw/device/silicon_creator/lib:spi_flash_fuzz_test_run ``` Signed-off-by: Dan McArdle <dmcardle@opentitan.org>
lowRISC · Jul 6, 2023 · 65971c4 · 65971c4
1 parent 7e9c7e2
commit 65971c4
Show file tree

Hide file tree

Showing 7 changed files with 41 additions and 0 deletions.
diff --git a/.bazelrc b/.bazelrc
@@ -50,6 +50,14 @@ build --workspace_status_command=util/get_workspace_status.sh
 # --config=riscv32
 build:riscv32 --platforms=@crt//platforms/riscv32:opentitan
 
+# These options are required to build `cc_fuzz_test` targets. Enable with
+# --config=asan-libfuzzer
+build:asan-libfuzzer --action_env=CC=clang
+build:asan-libfuzzer --action_env=CXX=clang++
+build:asan-libfuzzer --@rules_fuzzing//fuzzing:cc_engine=@rules_fuzzing//fuzzing/engines:libfuzzer
+build:asan-libfuzzer --@rules_fuzzing//fuzzing:cc_engine_instrumentation=libfuzzer
+build:asan-libfuzzer --@rules_fuzzing//fuzzing:cc_engine_sanitizer=asan
+
 # Shared configuration for clang's source-based coverage instrumentation.
 # Bazel seems to support this only partially, thus we have to perform some
 # additional processing. See

diff --git a/sw/device/silicon_creator/lib/BUILD b/sw/device/silicon_creator/lib/BUILD
@@ -6,6 +6,7 @@ load("//rules:opentitan.bzl", "OPENTITAN_CPU")
 load("//rules:autogen.bzl", "autogen_chip_info")
 load("//rules:opentitan_test.bzl", "cw310_params", "opentitan_functest", "verilator_params")
 load("//rules:cross_platform.bzl", "dual_cc_device_library_of", "dual_cc_library", "dual_inputs")
+load("@rules_fuzzing//fuzzing:cc_defs.bzl", "cc_fuzz_test")
 
 package(default_visibility = ["//visibility:public"])
 
@@ -368,6 +369,23 @@ cc_library(
     ],
 )
 
+# To build this target, you must specify `--config fuzzer` in Bazel's args.
+cc_fuzz_test(
+    name = "spi_flash_fuzz_test",
+    srcs = ["spi_flash_fuzz_test.cc"],
+    tags = [
+        "fuzzer",
+        "manual",
+    ],
+    deps = [
+        ":spi_flash_test_util",
+        "//sw/device/lib/base:hardened",
+        "//sw/device/lib/base:macros",
+        "@com_google_absl//absl/types:optional",
+        "@com_google_absl//absl/types:span",
+    ],
+)
+
 dual_cc_library(
     name = "crc32",
     srcs = dual_inputs(

diff --git a/sw/device/silicon_creator/lib/drivers/mock_flash_ctrl.h b/sw/device/silicon_creator/lib/drivers/mock_flash_ctrl.h
@@ -44,6 +44,7 @@ class MockFlashCtrl : public global_mock::GlobalMock<MockFlashCtrl> {
 }  // namespace internal
 
 using MockFlashCtrl = testing::StrictMock<internal::MockFlashCtrl>;
+using NiceMockFlashCtrl = testing::NiceMock<internal::MockFlashCtrl>;
 
 }  // namespace rom_test
 

diff --git a/sw/device/silicon_creator/lib/drivers/mock_rstmgr.h b/sw/device/silicon_creator/lib/drivers/mock_rstmgr.h
@@ -25,6 +25,7 @@ class MockRstmgr : public global_mock::GlobalMock<MockRstmgr> {
 }  // namespace internal
 
 using MockRstmgr = testing::StrictMock<internal::MockRstmgr>;
+using NiceMockRstmgr = testing::NiceMock<internal::MockRstmgr>;
 
 }  // namespace rom_test
 

diff --git a/sw/device/silicon_creator/lib/drivers/mock_spi_device.h b/sw/device/silicon_creator/lib/drivers/mock_spi_device.h
@@ -25,6 +25,7 @@ class MockSpiDevice : public global_mock::GlobalMock<MockSpiDevice> {
 }  // namespace internal
 
 using MockSpiDevice = testing::StrictMock<internal::MockSpiDevice>;
+using NiceMockSpiDevice = testing::NiceMock<internal::MockSpiDevice>;
 
 }  // namespace rom_test
 

diff --git a/third_party/google/deps.bzl b/third_party/google/deps.bzl
@@ -4,10 +4,15 @@
 
 load("@rules_pkg//:deps.bzl", "rules_pkg_dependencies")
 load("@rules_foreign_cc//foreign_cc:repositories.bzl", "rules_foreign_cc_dependencies")
+load("@rules_fuzzing//fuzzing:repositories.bzl", "rules_fuzzing_dependencies")
+load("@rules_fuzzing//fuzzing:init.bzl", "rules_fuzzing_init")
 
 def google_deps():
     rules_pkg_dependencies()
 
     # Finish setting up rules_foreign_cc, per instructions:
     # https://bazelbuild.github.io/rules_foreign_cc/0.9.0/index.html
     rules_foreign_cc_dependencies()
+
+    rules_fuzzing_dependencies()
+    rules_fuzzing_init()
diff --git a/third_party/google/repos.bzl b/third_party/google/repos.bzl
@@ -49,3 +49,10 @@ def google_repos(
         sha256 = "2a4d07cd64b0719b39a7c12218a3e507672b82a97b98c6a89d38565894cf7c51",
         url = "https://github.com/bazelbuild/rules_foreign_cc/archive/refs/tags/0.9.0.tar.gz",
     )
+
+    http_archive_or_local(
+        name = "rules_fuzzing",
+        sha256 = "f85dc70bb9672af0e350686461fe6fdd0d61e10e75645f9e44fedf549b21e369",
+        strip_prefix = "rules_fuzzing-0.3.2",
+        urls = ["https://github.com/bazelbuild/rules_fuzzing/archive/v0.3.2.tar.gz"],
+    )