-
Notifications
You must be signed in to change notification settings - Fork 717
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci: add more libcryptos for fuzz batch & follow cmake idioms #4795
Changes from all commits
8ce9f26
687e920
764a564
3337157
94268dc
e9c2b53
c38b095
99dc431
29f77e1
0fb3b4b
7a78285
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -22,14 +22,15 @@ usage() { | |
exit 1 | ||
} | ||
|
||
if [ "$#" -ne "4" ]; then | ||
if [ "$#" -ne "5" ]; then | ||
usage | ||
fi | ||
|
||
TEST_NAME=$1 | ||
FUZZ_TIMEOUT_SEC=$2 | ||
CORPUS_UPLOAD_LOC=$3 | ||
ARTIFACT_UPLOAD_LOC=$4 | ||
BUILD_DIR_PATH=$3 | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Are these arguments going to be updated in a future PR? or rather, can I review how this script is being called somewhere ? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This script is getting called in CMakeList.txt here:
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Only in CMakeList.txt? No existing codebuild job is calling it? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is only ran in CMake after we migrated away from make. codebuild jobs will indirectly call it through cmake. |
||
CORPUS_UPLOAD_LOC=$4 | ||
ARTIFACT_UPLOAD_LOC=$5 | ||
MIN_TEST_PER_SEC="1000" | ||
MIN_FEATURES_COVERED="100" | ||
|
||
|
@@ -47,8 +48,8 @@ UBSAN_OPTIONS+="print_stacktrace=1" | |
NUM_CPU_THREADS=$(nproc) | ||
LIBFUZZER_ARGS+="-timeout=5 -max_len=4096 -print_final_stats=1 -jobs=${NUM_CPU_THREADS} -workers=${NUM_CPU_THREADS} -max_total_time=${FUZZ_TIMEOUT_SEC}" | ||
|
||
TEST_SPECIFIC_OVERRIDES="${PWD}/LD_PRELOAD/${TEST_NAME}_overrides.so" | ||
GLOBAL_OVERRIDES="${PWD}/LD_PRELOAD/global_overrides.so" | ||
TEST_SPECIFIC_OVERRIDES="${BUILD_DIR_PATH}/lib/lib${TEST_NAME}_overrides.so" | ||
GLOBAL_OVERRIDES="${BUILD_DIR_PATH}/lib/libglobal_overrides.so" | ||
|
||
FUZZCOV_SOURCES="${S2N_ROOT}/api ${S2N_ROOT}/bin ${S2N_ROOT}/crypto ${S2N_ROOT}/error ${S2N_ROOT}/stuffer ${S2N_ROOT}/tls ${S2N_ROOT}/utils" | ||
|
||
|
@@ -104,9 +105,13 @@ fi | |
if [[ "$FUZZ_COVERAGE" == "true" ]]; then | ||
mkdir -p "./profiles/${TEST_NAME}" | ||
rm -f ./profiles/${TEST_NAME}/*.profraw | ||
LLVM_PROFILE_FILE="./profiles/${TEST_NAME}/${TEST_NAME}.%p.profraw" ./${TEST_NAME} ${LIBFUZZER_ARGS} ${TEMP_CORPUS_DIR} > ${TEST_NAME}_output.txt 2>&1 || ACTUAL_TEST_FAILURE=1 | ||
LLVM_PROFILE_FILE="./profiles/${TEST_NAME}/${TEST_NAME}.%p.profraw" \ | ||
${BUILD_DIR_PATH}/bin/${TEST_NAME} ${LIBFUZZER_ARGS} ${TEMP_CORPUS_DIR} \ | ||
> ${TEST_NAME}_output.txt 2>&1 || ACTUAL_TEST_FAILURE=1 | ||
else | ||
env LD_PRELOAD="$LD_PRELOAD_" ./${TEST_NAME} ${LIBFUZZER_ARGS} ${TEMP_CORPUS_DIR} > ${TEST_NAME}_output.txt 2>&1 || ACTUAL_TEST_FAILURE=1 | ||
env LD_PRELOAD="$LD_PRELOAD_" \ | ||
${BUILD_DIR_PATH}/bin/${TEST_NAME} ${LIBFUZZER_ARGS} ${TEMP_CORPUS_DIR} \ | ||
> ${TEST_NAME}_output.txt 2>&1 || ACTUAL_TEST_FAILURE=1 | ||
fi | ||
|
||
TEST_INFO=$( | ||
|
@@ -171,7 +176,8 @@ then | |
else | ||
# TEMP_CORPUS_DIR may contain many new inputs that only covers a small set of new branches. | ||
# Instead of copying all new inputs to the corpus directory, only copy back minimum number of new inputs that reach new branches. | ||
./${TEST_NAME} -merge=1 "./corpus/${TEST_NAME}" "${TEMP_CORPUS_DIR}" > ${TEST_NAME}_results.txt 2>&1 | ||
${BUILD_DIR_PATH}/bin/${TEST_NAME} -merge=1 "./corpus/${TEST_NAME}" "${TEMP_CORPUS_DIR}" \ | ||
> ${TEST_NAME}_results.txt 2>&1 | ||
|
||
# Print number of new files and branches found in new Inputs (if any) | ||
RESULTS=`grep -Eo "[0-9]+ new files .*$" ${TEST_NAME}_results.txt | tail -1` | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you know why it was using specific folders before? Was is possibly due to concerns about name collisions / to avoid overwriting a non-fuzzing library or binary?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was a result of inheriting make build configuration. CMake by default stores executables and libraries under build/ folder. In order to mimic the behavior of make, I had to specify specific folder to store these files. Now that I am making things a bit more "cmaky", I am removing that logic.
I couldn't find any mention of the original intention for where to store these files, but that is a good call-out. Should we store all the fuzz-related binaries under a specific folder, something like build/fuzz/bin for executables and build/fuzz/lib for libraries?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd prefer to keep the cmake standard paths, but we should make sure LD_PRELOAD is getting set to the actual libraries and not just the
build/lib
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you mean by this? Currently the .so files are being generated in build/lib, and we set the LD_PRELOAD path to be
"${BUILD_DIR_PATH}/lib/lib${TEST_NAME}_overrides.so"
and"${BUILD_DIR_PATH}/lib/libglobal_overrides.so"
. Do you suggest storing the .so files elsewhere?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nope, that's great.
To Lindsay's point, moving everything to a generic
build/lib
would have been a problem if we were only specifying the LD_PRELOAD by folder (LD_PRELOAD=build/lib/
), because then shenanigans would ensue, and all of the test specific overrides would be pulled in for all tests.