fix fuzz.sh and cycle.sh to use generated lists of targets

This commit is contained in:
Andrew Poelstra 2023-03-22 13:55:08 +00:00
parent 6534f22362
commit f093765efe
No known key found for this signature in database
GPG Key ID: C588D63CE41B97C1
4 changed files with 58 additions and 35 deletions

6
.gitignore vendored
View File

@ -16,7 +16,5 @@ hashes/target
bitcoin/dep_test bitcoin/dep_test
# Fuzz artifacts # Fuzz artifacts
bitcoin/fuzz/hfuzz_target hfuzz_target
bitcoin/fuzz/hfuzz_workspace hfuzz_workspace
hashes/fuzz/hfuzz_target
hashes/fuzz/hfuzz_workspace

View File

@ -1,23 +1,26 @@
#!/bin/bash #!/usr/bin/env bash
# Continuosly cycle over fuzz targets running each for 1 hour. # Continuosly cycle over fuzz targets running each for 1 hour.
# It uses chrt SCHED_IDLE so that other process takes priority. # It uses chrt SCHED_IDLE so that other process takes priority.
# #
# For hfuzz options see https://github.com/google/honggfuzz/blob/master/docs/USAGE.md # For hfuzz options see https://github.com/google/honggfuzz/blob/master/docs/USAGE.md
export HFUZZ_BUILD_ARGS='--features honggfuzz_fuzz' set -e
REPO_DIR=$(git rev-parse --show-toplevel)
# shellcheck source=./fuzz-util.sh
source "$REPO_DIR/fuzz/fuzz-util.sh"
export HFUZZ_BUILD_ARGS='--features honggfuzz_fuzz'
while : while :
do do
for FILE in fuzz_targets/*; for targetFile in $(listTargetFiles); do
do targetName=$(targetFileToName "$targetFile")
TARGET=$(echo $FILE | cut -c 14- | cut -f 1 -d '.') echo "Fuzzing target $targetName ($targetFile)"
# fuzz for one hour # fuzz for one hour
HFUZZ_RUN_ARGS='--run_time 3600' chrt -i 0 cargo hfuzz run $TARGET HFUZZ_RUN_ARGS='--run_time 3600' chrt -i 0 cargo hfuzz run "$targetName"
# minimize the corpus # minimize the corpus
HFUZZ_RUN_ARGS="-i hfuzz_workspace/$TARGET/input/ -P -M" chrt -i 0 cargo hfuzz run $TARGET HFUZZ_RUN_ARGS="-i hfuzz_workspace/$targetName/input/ -P -M" chrt -i 0 cargo hfuzz run "$targetName"
done done
done done

View File

@ -17,10 +17,36 @@ targetFileToName() {
| sed 's/\//_/g' | sed 's/\//_/g'
} }
targetFileToHFuzzInputArg() {
baseName=$(basename "$1")
dirName="${baseName%.*}"
if [ -d "hfuzz_input/$dirName" ]; then
echo "HFUZZ_INPUT_ARGS=\"-f hfuzz_input/$FILE/input\""
fi
}
listTargetNames() { listTargetNames() {
for target in $(listTargetFiles); do for target in $(listTargetFiles); do
targetFileToName "$target" targetFileToName "$target"
done done
} }
# Utility function to avoid CI failures on Windows
checkWindowsFiles() {
incorrectFilenames=$(find . -type f -name "*,*" -o -name "*:*" -o -name "*<*" -o -name "*>*" -o -name "*|*" -o -name "*\?*" -o -name "*\**" -o -name "*\"*" | wc -l)
if [ "$incorrectFilenames" -gt 0 ]; then
exit 2
fi
}
# Checks whether a fuzz case output some report, and dumps it in hex
checkReport() {
reportFile="hfuzz_workspace/$1/HONGGFUZZ.REPORT.TXT"
if [ -f "$reportFile" ]; then
cat "$reportFile"
for CASE in "hfuzz_workspace/$1/SIG"*; do
xxd -p -c10000 < "$CASE"
done
exit 1
fi
}

View File

@ -1,17 +1,18 @@
#!/bin/bash #!/usr/bin/env bash
set -e set -e
# Check that input files are correct Windows file names REPO_DIR=$(git rev-parse --show-toplevel)
incorrectFilenames=$(find . -type f -name "*,*" -o -name "*:*" -o -name "*<*" -o -name "*>*" -o -name "*|*" -o -name "*\?*" -o -name "*\**" -o -name "*\"*" | wc -l)
if [ ${incorrectFilenames} -gt 0 ]; then # shellcheck source=./fuzz-util.sh
exit 2 source "$REPO_DIR/fuzz/fuzz-util.sh"
fi
# Check that input files are correct Windows file names
checkWindowsFiles
if [ "$1" == "" ]; then if [ "$1" == "" ]; then
TARGETS=fuzz_targets/* targetFiles="$(listTargetFiles)"
else else
TARGETS=fuzz_targets/"$1".rs targetFiles=fuzz_targets/"$1".rs
fi fi
cargo --version cargo --version
@ -19,20 +20,15 @@ rustc --version
# Testing # Testing
cargo install --force honggfuzz --no-default-features cargo install --force honggfuzz --no-default-features
for TARGET in $TARGETS; do for targetFile in $targetFiles; do
echo "Fuzzing target $TARGET" targetName=$(targetFileToName "$targetFile")
FILENAME=$(basename $TARGET) echo "Fuzzing target $targetName ($targetFile)"
FILE="${FILENAME%.*}" if [ -d "hfuzz_input/$targetName" ]; then
if [ -d hfuzz_input/$FILE ]; then HFUZZ_INPUT_ARGS="-f hfuzz_input/$targetName/input\""
HFUZZ_INPUT_ARGS="-f hfuzz_input/$FILE/input" else
HFUZZ_INPUT_ARGS=""
fi fi
HFUZZ_BUILD_ARGS="--features honggfuzz_fuzz" HFUZZ_RUN_ARGS="--run_time 30 --exit_upon_crash -v $HFUZZ_INPUT_ARGS" cargo hfuzz run $FILE HFUZZ_BUILD_ARGS="--features honggfuzz_fuzz" HFUZZ_RUN_ARGS="--run_time 30 --exit_upon_crash -v $HFUZZ_INPUT_ARGS" cargo hfuzz run "$targetName"
if [ -f hfuzz_workspace/$FILE/HONGGFUZZ.REPORT.TXT ]; then checkReport "$targetName"
cat hfuzz_workspace/$FILE/HONGGFUZZ.REPORT.TXT
for CASE in hfuzz_workspace/$FILE/SIG*; do
cat $CASE | xxd -p
done
exit 1
fi
done done