Add clusterfuzzlite integration

Signed-off-by: Jakub Sztandera <[email protected]>

Author: Kubuxu

.clusterfuzzlite/Dockerfile

@@ -0,0 +1,20 @@
+# Copyright 2021 Google LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder-rust
+COPY . $SRC/ref-fvm
+copy ./.clusterfuzzlite/build.sh $SRC
+WORKDIR $SRC

.clusterfuzzlite/build.sh

@@ -0,0 +1,45 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+cd "$SRC"
+
+declare -a PROJECTS=(amt hamt)
+declare -A PROJECT_PATHS=(
+	[amt]="ref-fvm/ipld/amt/fuzz"
+	[hamt]="ref-fvm/ipld/hamt/fuzz"
+)
+
+export CARGO_TARGET_DIR="$SRC/target"
+FUZZ_TARGET_OUTPUT_DIR="$CARGO_TARGET_DIR/x86_64-unknown-linux-gnu/release"
+
+
+for project in "${PROJECTS[@]}"; do
+	pushd "${PROJECT_PATHS[$project]}"
+
+	cargo +nightly fuzz build -O --debug-assertions
+
+	for f in fuzz_targets/*.rs; do
+		FUZZ_TARGET_NAME=$(basename "${f%.*}")
+		FUZZ_OUT_NAME="${project}_${FUZZ_TARGET_NAME}"
+
+		cp "$FUZZ_TARGET_OUTPUT_DIR/$FUZZ_TARGET_NAME" "$OUT/$FUZZ_OUT_NAME"
+	done
+
+	popd
+done
+
+exit 0

.clusterfuzzlite/project.yaml

@@ -0,0 +1,12 @@
+homepage: "https://github.com/filecoin-project/ref-fvm"
+main_repo: "https://github.com/filecoin-project/ref-fvm"
+primary_contact: "[email protected]"
+auto_ccs :
+  - "[email protected]"
+  - "[email protected]"
+  - "[email protected]"
+language: rust
+fuzzing_engines:
+  - libfuzzer
+sanitizers:
+  - address

.github/workflows/cflite_batch.yml

@@ -0,0 +1,33 @@
+name: ClusterFuzzLite batch fuzzing
+on:
+  schedule:
+    - cron: '0 0/12 * * *'  # Every 12th hour. Change this to whatever is suitable.
+permissions: read-all
+jobs:
+  BatchFuzzing:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        sanitizer:
+        - address
+    steps:
+    - name: Build Fuzzers (${{ matrix.sanitizer }})
+      id: build
+      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+      with:
+        sanitizer: ${{ matrix.sanitizer }}
+    - name: Run Fuzzers (${{ matrix.sanitizer }})
+      id: run
+      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        fuzz-seconds: 3600
+        mode: 'batch'
+        sanitizer: ${{ matrix.sanitizer }}
+        # Optional but recommended: For storing certain artifacts from fuzzing.
+        # See later section on "Git repo for storage".
+        storage-repo: https://${{ secrets.FILHELPER_PAT }}@github.com/filecoin-project/ref-fvm-fuzz-corpora.git
+        storage-repo-branch: lite
+        storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+

.github/workflows/cflite_build.yml

@@ -0,0 +1,25 @@
+name: ClusterFuzzLite continuous builds
+on:
+  push:
+    branches:
+      - master  # Use your actual default branch here.
+permissions: read-all
+jobs:
+  Build:
+   runs-on: ubuntu-latest
+   concurrency:
+     group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }}
+     cancel-in-progress: true
+   strategy:
+     fail-fast: false
+     matrix:
+        sanitizer:
+        - address
+   steps:
+   - name: Build Fuzzers (${{ matrix.sanitizer }})
+     id: build
+     uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+     with:
+       sanitizer: ${{ matrix.sanitizer }}
+       upload-build: true
+

.github/workflows/cflite_cron.yml

@@ -0,0 +1,42 @@
+name: ClusterFuzzLite cron tasks
+on:
+  schedule:
+    - cron: '0 0 * * *'  # Once a day at midnight.
+permissions: read-all
+jobs:
+  Pruning:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Build Fuzzers
+      id: build
+      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+    - name: Run Fuzzers
+      id: run
+      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        fuzz-seconds: 600
+        mode: 'prune'
+        storage-repo: https://${{ secrets.FILHELPER_PAT }}@github.com/filecoin-project/ref-fvm-fuzz-corpora.git
+        storage-repo-branch: lite
+        storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+  Coverage:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Build Fuzzers
+      id: build
+      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+      with:
+        sanitizer: coverage
+    - name: Run Fuzzers
+      id: run
+      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        fuzz-seconds: 600
+        mode: 'coverage'
+        sanitizer: 'coverage'
+        storage-repo: https://${{ secrets.FILHELPER_PAT }}@github.com/filecoin-project/ref-fvm-fuzz-corpora.git
+        storage-repo-branch: lite
+        storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+

.github/workflows/cflite_pr.yml

@@ -0,0 +1,48 @@
+name: ClusterFuzzLite PR fuzzing
+on:
+  pull_request:
+    paths:
+      - '**'
+permissions: read-all
+jobs:
+  PR:
+    runs-on: ubuntu-latest
+    concurrency:
+      group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }}
+      cancel-in-progress: true
+    strategy:
+      fail-fast: false
+      matrix:
+        sanitizer:
+        - address
+        # Override this with the sanitizers you want.
+        # - undefined
+        # - memory
+    steps:
+    - name: Build Fuzzers (${{ matrix.sanitizer }})
+      id: build
+      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        sanitizer: ${{ matrix.sanitizer }}
+        # Optional but recommended: used to only run fuzzers that are affected
+        # by the PR.
+        # See later section on "Git repo for storage".
+        storage-repo: https://${{ secrets.FILHELPER_PAT }}@github.com/filecoin-project/ref-fvm-fuzz-corpora.git
+        storage-repo-branch: lite
+        storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+    - name: Run Fuzzers (${{ matrix.sanitizer }})
+      id: run
+      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        fuzz-seconds: 600
+        mode: 'code-change'
+        sanitizer: ${{ matrix.sanitizer }}
+        # Optional but recommended: used to download the corpus produced by
+        # batch fuzzing.
+        # See later section on "Git repo for storage".
+        storage-repo: https://${{ secrets.FILHELPER_PAT }}@github.com/filecoin-project/ref-fvm-fuzz-corpora.git
+        storage-repo-branch: lite
+        storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+