128 lines
5.7 KiB
YAML
128 lines
5.7 KiB
YAML
name: Run fuzzers on stored corpus and test it with valgrind
|
|
|
|
# In the case of a pull request happening at the same time as a cron
|
|
# job, there is a risk two jobs run at the same time. Therefore,
|
|
# the corpus is only uploaded for the master branch. Pull requests will
|
|
# fuzz for a short while, but the results are not uploaded.
|
|
on:
|
|
push:
|
|
pull_request:
|
|
schedule:
|
|
- cron: 23 */8 * * *
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
allfuzzers: parser dump dump_raw_tape print_json
|
|
artifactsprefix: -artifact_prefix=fuzzfailure/
|
|
steps:
|
|
- name: Install packages necessary for building
|
|
run: |
|
|
sudo apt update
|
|
sudo apt-get install --quiet ninja-build valgrind zip unzip
|
|
wget https://apt.llvm.org/llvm.sh
|
|
chmod +x llvm.sh
|
|
sudo ./llvm.sh 9
|
|
|
|
- uses: actions/checkout@v1
|
|
- name: Create and prepare the initial seed corpus
|
|
run: |
|
|
fuzz/build_corpus.sh
|
|
mv corpus.zip seed_corpus.zip
|
|
- name: Download the corpus from the last run
|
|
run: |
|
|
wget --quiet https://dl.bintray.com/pauldreik/simdjson-fuzz-corpus/corpus/corpus.tar
|
|
tar xf corpus.tar
|
|
rm corpus.tar
|
|
- name: List clang versions
|
|
run: |
|
|
ls /usr/bin/clang*
|
|
which clang++
|
|
clang++ --version
|
|
- name: Build all the variants
|
|
run: fuzz/build_fuzzer_variants.sh
|
|
- name: Verify that the oss-fuzz seed corpus passes without problems
|
|
run: |
|
|
mkdir seedcorpus
|
|
unzip -q -d seedcorpus seed_corpus.zip
|
|
for buildvariant in noavx withavx; do
|
|
for fuzzer in $allfuzzers; do
|
|
build-ossfuzz-$buildvariant/fuzz/fuzz_$fuzzer seedcorpus -max_total_time=1
|
|
done
|
|
done
|
|
- name: Run the fastest fuzzer to explore fast
|
|
run: |
|
|
for fuzzer in $allfuzzers; do
|
|
mkdir -p out/$fuzzer # in case this is a new fuzzer, or corpus.tar is broken
|
|
build-ossfuzz-fast9/fuzz/fuzz_$fuzzer out/$fuzzer -max_total_time=30 $artifactsprefix || touch failed
|
|
# make sure the failing output is visible in the log
|
|
if [ -e failed ] ; then
|
|
ls fuzzfailure/* |xargs -n1 base64
|
|
exit 1
|
|
fi
|
|
done
|
|
- name: Run the other fuzzer variants for $fuzzer, with sanitizers etc
|
|
run: |
|
|
set -x
|
|
for fuzzer in $allfuzzers; do
|
|
build-ossfuzz-withavx/fuzz/fuzz_$fuzzer out/$fuzzer -max_total_time=20 $artifactsprefix || touch failed
|
|
build-ossfuzz-noavx/fuzz/fuzz_$fuzzer out/$fuzzer -max_total_time=10 $artifactsprefix || touch failed
|
|
build-ossfuzz-noavx9/fuzz/fuzz_$fuzzer out/$fuzzer -max_total_time=10 $artifactsprefix || touch failed
|
|
if [ -e failed ] ; then
|
|
# make sure the failing output is visible in the log
|
|
ls fuzzfailure/* |xargs -n1 base64
|
|
exit 1
|
|
fi
|
|
echo disable msan runs, it fails inside the fuzzing engine and not the fuzzed code!
|
|
echo build-ossfuzz-msan-noavx9/fuzz/fuzz_$fuzzer out/$fuzzer -max_total_time=10 -reload=0 $artifactsprefix
|
|
echo build-ossfuzz-msan-withavx9/fuzz/fuzz_$fuzzer out/$fuzzer -max_total_time=10 -reload=0 $artifactsprefix
|
|
echo now have $(ls out/$fuzzer |wc -l) files in corpus
|
|
done
|
|
- name: Minimize the corpus with the fast fuzzer
|
|
run: |
|
|
for fuzzer in $allfuzzers; do
|
|
mkdir -p out/cmin/$fuzzer
|
|
build-ossfuzz-fast9/fuzz/fuzz_$fuzzer -merge=1 out/cmin/$fuzzer out/$fuzzer
|
|
rm -rf out/$fuzzer
|
|
mv out/cmin/$fuzzer out/$fuzzer
|
|
done
|
|
- name: Package the corpus into an artifact
|
|
run: |
|
|
for fuzzer in $allfuzzers; do
|
|
tar rf corpus.tar out/$fuzzer
|
|
done
|
|
- name: Save the corpus as a github artifact
|
|
uses: actions/upload-artifact@v1
|
|
with:
|
|
name: corpus
|
|
path: corpus.tar
|
|
- name: Run the corpus through valgrind (normal build)
|
|
run: |
|
|
for fuzzer in $allfuzzers; do
|
|
find out/$fuzzer -type f |sort|xargs valgrind build-plain-noavx/fuzz/fuzz_$fuzzer 2>&1|tee valgrind-$fuzzer-noavx.txt
|
|
done
|
|
- name: Run the corpus through valgrind (noavx build)
|
|
run: |
|
|
for fuzzer in $allfuzzers; do
|
|
find out/$fuzzer -type f |sort|xargs valgrind build-plain-normal/fuzz/fuzz_$fuzzer 2>&1|tee valgrind-$fuzzer-normal.txt
|
|
done
|
|
- name: Compress the valgrind output
|
|
run: tar cf valgrind.tar valgrind-*.txt
|
|
- name: Save valgrind output as a github artifact
|
|
uses: actions/upload-artifact@v1
|
|
with:
|
|
name: valgrindresults
|
|
path: valgrind.tar
|
|
- name: Upload the corpus and results to bintray if we are on master
|
|
run: |
|
|
if [ $(git rev-parse --verify HEAD) = $(git rev-parse --verify origin/master) ] ; then
|
|
echo uploading each artifact twice, otherwise it will not be published
|
|
curl -T corpus.tar -upauldreik:${{ secrets.bintrayApiKey }} https://api.bintray.com/content/pauldreik/simdjson-fuzz-corpus/corpus/0/corpus/corpus.tar";publish=1;override=1"
|
|
curl -T corpus.tar -upauldreik:${{ secrets.bintrayApiKey }} https://api.bintray.com/content/pauldreik/simdjson-fuzz-corpus/corpus/0/corpus/corpus.tar";publish=1;override=1"
|
|
curl -T valgrind.tar -upauldreik:${{ secrets.bintrayApiKey }} https://api.bintray.com/content/pauldreik/simdjson-fuzz-corpus/corpus/0/corpus/valgrind.tar";publish=1;override=1"
|
|
curl -T valgrind.tar -upauldreik:${{ secrets.bintrayApiKey }} https://api.bintray.com/content/pauldreik/simdjson-fuzz-corpus/corpus/0/corpus/valgrind.tar";publish=1;override=1"
|
|
else
|
|
echo "not on master, won't upload to bintray"
|
|
fi
|