Merge #169: delete_nonreduced_fuzz_inputs: llvm 18, afl-cmin

fanquake · fanquake · commit e1c91d39b947 · 2024-09-04T11:42:29.000+01:00
56730ca delete_nonreduced_fuzz_inputs: also reduce with afl-cmin (dergoegge) 75c040f delete_nonreduced_fuzz_inputs: use llvm 18 (dergoegge) Pull request description: * Use llvm 18 * Minimize corpora with both afl++ and libfuzzer (#167) ACKs for top commit: maflcko: tested ACK 56730ca Tree-SHA512: d3b6b4a40b55ee012392f21fe68776b1c101b4820fac5b49db1d1cb292ac87e474acd96f35bb4de3dc6e821042726e067e5261d89ed30b79ccb014741360b3fd
diff --git a/delete_nonreduced_fuzz_inputs.sh b/delete_nonreduced_fuzz_inputs.sh
@@ -20,7 +20,15 @@ apt install -y \
   git \
   build-essential libtool autotools-dev automake pkg-config bsdmainutils python3 \
   libsqlite3-dev libevent-dev libboost-dev \
-  clang llvm
+  lsb-release wget software-properties-common gnupg
+
+export LLVM_VERSION=18
+wget https://apt.llvm.org/llvm.sh && chmod +x ./llvm.sh
+./llvm.sh $LLVM_VERSION all
+ln -s $(which llvm-symbolizer-$LLVM_VERSION) /usr/bin/llvm-symbolizer
+
+git clone --branch stable https://github.com/AFLplusplus/AFLplusplus
+make -C AFLplusplus LLVM_CONFIG=llvm-config-$LLVM_VERSION PERFORMANCE=1 install -j$(nproc)
 
 git clone --depth=1 https://github.com/bitcoin-core/qa-assets.git
 (
@@ -37,10 +45,34 @@ git clone --depth=1 https://github.com/bitcoin/bitcoin.git
 
   ./autogen.sh
 
+  echo "Adding reduced seeds with afl-cmin"
+
+  ./configure LDFLAGS="-fuse-ld=lld" CC=afl-clang-fast CXX=afl-clang-fast++ --enable-fuzz
+  make clean
+  make -j $(nproc)
+
+  WRITE_ALL_FUZZ_TARGETS_AND_ABORT="/tmp/a" "./src/test/fuzz/fuzz" || true
+  readarray FUZZ_TARGETS < "/tmp/a"
+  for fuzz_target in ${FUZZ_TARGETS[@]}; do
+    if [ -d "../all_inputs/$fuzz_target" ]; then
+      mkdir --parents ../qa-assets/"${FUZZ_INPUTS_DIR}"/$fuzz_target
+      # Allow timeouts and crashes with "-A", "-T all" to use all available cores
+      FUZZ=$fuzz_target afl-cmin -T all -A -i ../all_inputs/$fuzz_target -o ../qa-assets/"${FUZZ_INPUTS_DIR}"/$fuzz_target -- ./src/test/fuzz/fuzz
+    else
+      echo "No input corpus for $fuzz_target (ignoring)"
+    fi
+  done
+
+  (
+    cd ../qa-assets
+    git add "${FUZZ_INPUTS_DIR}"
+    git commit -m "Reduced inputs for afl-cmin"
+  )
+
   for sanitizer in {"fuzzer","fuzzer,address,undefined,integer"}; do
     echo "Adding reduced seeds for sanitizer=${sanitizer}"
 
-    ./configure CC=clang CXX=clang++ --enable-fuzz --with-sanitizers="${sanitizer}"
+    ./configure LDFLAGS="-fuse-ld=lld" CC=clang-$LLVM_VERSION CXX=clang++-$LLVM_VERSION --enable-fuzz --with-sanitizers="${sanitizer}"
     make clean
     make -j $(nproc)
 
