Skip to content

Commit

Permalink
Add fuzzing tests
Browse files Browse the repository at this point in the history
  • Loading branch information
XuJiandong committed May 9, 2024
1 parent 107d411 commit dc11758
Show file tree
Hide file tree
Showing 24 changed files with 3,130 additions and 0 deletions.
11 changes: 11 additions & 0 deletions bindings/c/include/molecule_reader.h
Original file line number Diff line number Diff line change
Expand Up @@ -235,6 +235,17 @@ MOLECULE_API_DECORATOR mol_seg_t mol_fixvec_slice_raw_bytes(const mol_seg_t *inp
return seg;
}

// Check if a segment(`part`) is contained by `total`
MOLECULE_API_DECORATOR bool mol_contained_by(const mol_seg_t *part, const mol_seg_t* total) {
if (part->ptr < total->ptr) {
return MOL_ERR_OFFSET;
}
if ((part->ptr + part->size) > (total->ptr + total->size)) {
return MOL_ERR_OFFSET;
}
return MOL_OK;
}

/*
* Undef macros which are internal use only.
*/
Expand Down
3 changes: 3 additions & 0 deletions fuzzing/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
target
corpus
artifacts
7 changes: 7 additions & 0 deletions fuzzing/c/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
fuzzer
coverage
fuzz-*.log
crash-*
*.profraw
coverage_dir
manually-gen
53 changes: 53 additions & 0 deletions fuzzing/c/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@

NPROC?=$(shell nproc)
CC=clang-16
LLVM_PROFDATA=llvm-profdata-16
LLVM_COV=llvm-cov-16
CORPUS_DIR=corpus

FUZZER_FLAGS=-g -O1 -fsanitize=fuzzer,address,undefined -I ../bindings/c/include -I .

COVERAGE_DIR=coverage_dir
COVERAGE_FLAGS=-g -fprofile-instr-generate -fcoverage-mapping -I ../bindings/c/include -I .

EXTERNAL_HEADERS=./fuzzer_func.h ../bindings/c/include/molecule_reader.h

all: fuzzer coverage

show: $(COVERAGE_DIR)/fuzzer.profdata
$(LLVM_COV) show --instr-profile=$(COVERAGE_DIR)/fuzzer.profdata coverage

report: $(COVERAGE_DIR)/fuzzer.profdata coverage $(EXTERNAL_HEADERS)
$(LLVM_COV) report --show-functions --instr-profile=$(COVERAGE_DIR)/fuzzer.profdata coverage $(EXTERNAL_HEADERS)

fuzzer: $(EXTERNAL_HEADERS)
$(CC) $(FUZZER_FLAGS) fuzzer.c -o fuzzer

coverage: $(EXTERNAL_HEADERS)
$(CC) $(COVERAGE_FLAGS) coverage.c fuzzer.c -o coverage

start-fuzzer: fuzzer
./fuzzer -max_len=255 -workers=$(NPROC) -jobs=$(NPROC) corpus

clean:
rm -rf fuzzer coverage

gen:
moleculec --language c --schema-file definitions.mol | clang-format > definitions.h

manually-gen:
$(CC) -I ../bindings/c/include -I . manually-gen.c -o manually-gen
./manually-gen

fmt:
clang-format -style="{BasedOnStyle: google, IndentWidth: 4, SortIncludes: false}" -i *.c *.h

%.profraw: coverage
LLVM_PROFILE_FILE=$@ ./coverage $(CORPUS_DIR)/*

%.profdata: %.profraw
$(LLVM_PROFDATA) merge --sparse $< -o $@

.PHONY: all fuzzer coverage report

.PRECIOUS: $(COVERAGE_DIR)/fuzzer.profraw $(COVERAGE_DIR)/fuzzer.profdata
19 changes: 19 additions & 0 deletions fuzzing/c/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@


### Requirement

* Linux
* LLVM version 16


### Build

```
make all
```

### Run

```
make start-fuzzer
```
1 change: 1 addition & 0 deletions fuzzing/c/corpus/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
*
35 changes: 35 additions & 0 deletions fuzzing/c/coverage.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
//===----------------------------------------------------------------------===//
// This main() function can be linked to a fuzz target (i.e. a library
// that exports LLVMFuzzerTestOneInput() and possibly LLVMFuzzerInitialize())
// instead of libFuzzer. This main() function will not perform any fuzzing
// but will simply feed all input files one by one to the fuzz target.
//
// Use this file to provide reproducers for bugs when linking against libFuzzer
// or other fuzzing engine is undesirable.
//===----------------------------------------------------------------------===*/
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>

extern int LLVMFuzzerTestOneInput(const unsigned char *data, size_t size);
__attribute__((weak)) extern int LLVMFuzzerInitialize(int *argc, char ***argv);

int main(int argc, char **argv) {
fprintf(stderr, "StandaloneFuzzTargetMain: running %d inputs\n", argc - 1);
if (LLVMFuzzerInitialize) LLVMFuzzerInitialize(&argc, &argv);
for (int i = 1; i < argc; i++) {
fprintf(stderr, "Running: %s\n", argv[i]);
FILE *f = fopen(argv[i], "r");
assert(f);
fseek(f, 0, SEEK_END);
size_t len = ftell(f);
fseek(f, 0, SEEK_SET);
unsigned char *buf = (unsigned char *)malloc(len);
size_t n_read = fread(buf, 1, len, f);
fclose(f);
assert(n_read == len);
LLVMFuzzerTestOneInput(buf, len);
free(buf);
fprintf(stderr, "Done: %s: (%zd bytes)\n", argv[i], n_read);
}
}
Loading

0 comments on commit dc11758

Please sign in to comment.