99# different architectures or even different OS versions, which come with
1010# different library packages, but this is left as a future improvement.
1111
12- export FUZZ_INPUTS_DIR= " fuzz_seed_corpus "
12+ export FUZZ_CORPORA_DIR= " fuzz_corpora "
1313
1414set -e
1515
@@ -18,7 +18,7 @@ export DEBIAN_FRONTEND=noninteractive
1818apt update
1919apt install -y \
2020 git \
21- build-essential libtool autotools-dev automake pkg-config bsdmainutils python3 \
21+ build-essential pkg-config bsdmainutils python3 cmake \
2222 libsqlite3-dev libevent-dev libboost-dev \
2323 lsb-release wget software-properties-common gnupg
2424
@@ -33,7 +33,7 @@ make -C AFLplusplus LLVM_CONFIG=llvm-config-$LLVM_VERSION PERFORMANCE=1 install
3333git clone --depth=1 https://github.com/bitcoin-core/qa-assets.git
3434(
3535 cd qa-assets
36- mv ./" ${FUZZ_INPUTS_DIR } "
36+ mv ./" ${FUZZ_CORPORA_DIR } "
3737 git config user.name " delete_nonreduced_inputs script"
3838 git config user.email
" [email protected] " 3939 git commit -a -m " Delete fuzz inputs"
@@ -43,44 +43,47 @@ git clone --depth=1 https://github.com/bitcoin/bitcoin.git
4343(
4444 cd bitcoin
4545
46- ./autogen.sh
47-
4846 echo " Adding reduced seeds with afl-cmin"
4947
50- ./configure LDFLAGS=" -fuse-ld=lld"
51- make clean
52- make -j $( nproc)
48+ rm -rf build_fuzz/
49+ export LDFLAGS=" -fuse-ld=lld"
50+ cmake -B build_fuzz \
51+ -DCMAKE_C_COMPILER=afl-clang-fast -DCMAKE_CXX_COMPILER=afl-clang-fast++ \
52+ -DBUILD_FOR_FUZZING=ON
53+ cmake --build build_fuzz -j$( nproc)
5354
54- WRITE_ALL_FUZZ_TARGETS_AND_ABORT=" /tmp/a" " ./src/test/fuzz/fuzz" || true
55+ WRITE_ALL_FUZZ_TARGETS_AND_ABORT=" /tmp/a" " ./build_fuzz/ src/test/fuzz/fuzz" || true
5556 readarray FUZZ_TARGETS < " /tmp/a"
5657 for fuzz_target in ${FUZZ_TARGETS[@]} ; do
5758 if [ -d " ../all_inputs/$fuzz_target " ; then
58- mkdir --parents ../qa-assets/" ${FUZZ_INPUTS_DIR } " $fuzz_target
59+ mkdir --parents ../qa-assets/" ${FUZZ_CORPORA_DIR } " $fuzz_target
5960 # Allow timeouts and crashes with "-A", "-T all" to use all available cores
60- FUZZ=$fuzz_target afl-cmin -T all -A -i ../all_inputs/$fuzz_target -o ../qa-assets/" ${FUZZ_INPUTS_DIR } " $fuzz_target -- ./src/test/fuzz/fuzz
61+ FUZZ=$fuzz_target afl-cmin -T all -A -i ../all_inputs/$fuzz_target -o ../qa-assets/" ${FUZZ_CORPORA_DIR } " $fuzz_target -- ./build_fuzz /src/test/fuzz/fuzz
6162 else
6263 echo " No input corpus for $fuzz_target (ignoring)"
6364 fi
6465 done
6566
6667 (
6768 cd ../qa-assets
68- git add " ${FUZZ_INPUTS_DIR } "
69+ git add " ${FUZZ_CORPORA_DIR } "
6970 git commit -m " Reduced inputs for afl-cmin"
7071 )
7172
7273 for sanitizer in {" fuzzer" " fuzzer,address,undefined,integer" ; do
7374 echo " Adding reduced seeds for sanitizer=${sanitizer} "
7475
75- ./configure LDFLAGS=" -fuse-ld=lld" $LLVM_VERSION CXX=clang++-$LLVM_VERSION --enable-fuzz --with-sanitizers=" ${sanitizer} "
76- make clean
77- make -j $( nproc)
76+ rm -rf build_fuzz/
77+ cmake -B build_fuzz \
78+ -DCMAKE_C_COMPILER=clang-$LLVM_VERSION -DCMAKE_CXX_COMPILER=clang++-$LLVM_VERSION \
79+ -DBUILD_FOR_FUZZING=ON -DSANITIZERS=" $sanitizer "
80+ cmake --build build_fuzz -j$( nproc)
7881
79- ./test/fuzz/test_runner.py -l DEBUG --par=$( nproc) " ${FUZZ_INPUTS_DIR} "
82+ ( cd build_fuzz ; ./test/fuzz/test_runner.py -l DEBUG --par=$( nproc) ../ all_inputs ../../ qa-assets/" ${FUZZ_CORPORA_DIR} " )
8083
8184 (
8285 cd ../qa-assets
83- git add " ${FUZZ_INPUTS_DIR } "
86+ git add " ${FUZZ_CORPORA_DIR } "
8487 git commit -m " Reduced inputs for ${sanitizer} "
8588 )
8689 done
0 commit comments