Merge pull request #411 from filecoin-project/feat/clusterfuzzlite

Kubuxu · web-flow · commit ca1f3f74c067 · 2022-03-27T20:44:06.000+02:00
Add clusterfuzzlite integration
diff --git a/.clusterfuzzlite/Dockerfile b/.clusterfuzzlite/Dockerfile
@@ -0,0 +1,20 @@
+# Copyright 2021 Google LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder-rust
+COPY . $SRC/ref-fvm
+copy ./.clusterfuzzlite/build.sh $SRC
+WORKDIR $SRC
diff --git a/.clusterfuzzlite/build.sh b/.clusterfuzzlite/build.sh
@@ -0,0 +1,45 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+cd "$SRC"
+
+declare -a PROJECTS=(amt hamt)
+declare -A PROJECT_PATHS=(
+	[amt]="ref-fvm/ipld/amt/fuzz"
+	[hamt]="ref-fvm/ipld/hamt/fuzz"
+)
+
+export CARGO_TARGET_DIR="$SRC/target"
+FUZZ_TARGET_OUTPUT_DIR="$CARGO_TARGET_DIR/x86_64-unknown-linux-gnu/release"
+
+
+for project in "${PROJECTS[@]}"; do
+	pushd "${PROJECT_PATHS[$project]}"
+
+	cargo +nightly fuzz build -O --debug-assertions
+
+	for f in fuzz_targets/*.rs; do
+		FUZZ_TARGET_NAME=$(basename "${f%.*}")
+		FUZZ_OUT_NAME="${project}_${FUZZ_TARGET_NAME}"
+
+		cp "$FUZZ_TARGET_OUTPUT_DIR/$FUZZ_TARGET_NAME" "$OUT/$FUZZ_OUT_NAME"
+	done
+
+	popd
+done
+
+exit 0
diff --git a/.clusterfuzzlite/project.yaml b/.clusterfuzzlite/project.yaml
@@ -0,0 +1,12 @@
+homepage: "https://github.com/filecoin-project/ref-fvm"
+main_repo: "https://github.com/filecoin-project/ref-fvm"
+primary_contact: "security@filecoin.org"
+auto_ccs :
+  - "kubuxu@protocol.ai"
+  - "raul@protocol.ai"
+  - "stebalien@protocol.ai"
+language: rust
+fuzzing_engines:
+  - libfuzzer
+sanitizers:
+  - address
diff --git a/.github/workflows/README.md b/.github/workflows/README.md
@@ -0,0 +1,13 @@
+### Fuzzing setup
+
+ref-fvm uses [ClusterFuzzLite](https://google.github.io/clusterfuzzlite/) for contious fuzzing.
+This consists of four workflows:
+  - `cflite_pr.yml` - responsible for running fuzzing for PRs, it will only fuzz targets when diff affects files covered by given fuzzing target
+  - `cflite_build.yml` - responsible for building fuzzing targets on master branch and storing them for recall. These recalled targets are used to detect if crasher is a new thing caused by changes or a newely discovered input which will also cause crash on master.
+  - `cflite_batch.yml` - periodically (every 6h for 1h) runs fuzzing to develop the corpus which will be used for other on-demand fuzzing and as seed corpus for OSS-Fuzz.
+  - `cflite_cron.yml` - every day generates coverage reports, as well as, prunes and mimizes the corpus.
+
+
+Corpus and coverage data is stored within https://github.com/filecoin-project/ref-fvm-fuzz-corpora 
+
+
diff --git a/.github/workflows/cflite_batch.yml b/.github/workflows/cflite_batch.yml
@@ -0,0 +1,31 @@
+name: ClusterFuzzLite batch fuzzing
+on:
+  schedule:
+    - cron: '0 0/6 * * *'  # Every 6th hour. Change this to whatever is suitable.
+permissions: read-all
+jobs:
+  BatchFuzzing:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        sanitizer:
+          - address
+    steps:
+    - name: Build Fuzzers (${{ matrix.sanitizer }})
+      id: build
+      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+      with:
+        sanitizer: ${{ matrix.sanitizer }}
+    - name: Run Fuzzers (${{ matrix.sanitizer }})
+      id: run
+      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        fuzz-seconds: 3600
+        mode: 'batch'
+        sanitizer: ${{ matrix.sanitizer }}
+        storage-repo: https://${{ secrets.FILHELPER_PAT }}@github.com/filecoin-project/ref-fvm-fuzz-corpora.git
+        storage-repo-branch: master
+        storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+
diff --git a/.github/workflows/cflite_build.yml b/.github/workflows/cflite_build.yml
@@ -0,0 +1,25 @@
+name: ClusterFuzzLite continuous builds
+on:
+  push:
+    branches:
+      - master
+permissions: read-all
+jobs:
+  Build:
+   runs-on: ubuntu-latest
+   concurrency:
+     group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }}
+     cancel-in-progress: true
+   strategy:
+     fail-fast: false
+     matrix:
+        sanitizer:
+          - address
+   steps:
+   - name: Build Fuzzers (${{ matrix.sanitizer }})
+     id: build
+     uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+     with:
+       sanitizer: ${{ matrix.sanitizer }}
+       upload-build: true
+
diff --git a/.github/workflows/cflite_cron.yml b/.github/workflows/cflite_cron.yml
@@ -0,0 +1,42 @@
+name: ClusterFuzzLite cron tasks
+on:
+  schedule:
+    - cron: '30 1 * * *'  # Once a day at 1:30 to run past batch job
+permissions: read-all
+jobs:
+  Pruning:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Build Fuzzers
+      id: build
+      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+    - name: Run Fuzzers
+      id: run
+      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        fuzz-seconds: 600
+        mode: 'prune'
+        storage-repo: https://${{ secrets.FILHELPER_PAT }}@github.com/filecoin-project/ref-fvm-fuzz-corpora.git
+        storage-repo-branch: master
+        storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+  Coverage:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Build Fuzzers
+      id: build
+      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+      with:
+        sanitizer: coverage
+    - name: Run Fuzzers
+      id: run
+      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        fuzz-seconds: 600
+        mode: 'coverage'
+        sanitizer: 'coverage'
+        storage-repo: https://${{ secrets.FILHELPER_PAT }}@github.com/filecoin-project/ref-fvm-fuzz-corpora.git
+        storage-repo-branch: master
+        storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+
diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml
@@ -0,0 +1,39 @@
+name: ClusterFuzzLite PR fuzzing
+on:
+  pull_request:
+    paths:
+      - '**'
+permissions: read-all
+jobs:
+  PR:
+    runs-on: ubuntu-latest
+    concurrency:
+      group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }}
+      cancel-in-progress: true
+    strategy:
+      fail-fast: false
+      matrix:
+        sanitizer:
+          - address
+    steps:
+    - name: Build Fuzzers (${{ matrix.sanitizer }})
+      id: build
+      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        sanitizer: ${{ matrix.sanitizer }}
+        storage-repo: https://${{ secrets.FILHELPER_PAT }}@github.com/filecoin-project/ref-fvm-fuzz-corpora.git
+        storage-repo-branch: master
+        storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+    - name: Run Fuzzers (${{ matrix.sanitizer }})
+      id: run
+      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        fuzz-seconds: 600
+        mode: 'code-change'
+        sanitizer: ${{ matrix.sanitizer }}
+        storage-repo: https://${{ secrets.FILHELPER_PAT }}@github.com/filecoin-project/ref-fvm-fuzz-corpora.git
+        storage-repo-branch: master
+        storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+
diff --git a/ipld/amt/fuzz/.gitignore b/ipld/amt/fuzz/.gitignore
@@ -1,6 +1,5 @@
 
 target
-corpus
 artifacts
 Cargo.lock
 /fuzz-*
diff --git a/ipld/amt/fuzz/corpus b/ipld/amt/fuzz/corpus
diff --git a/ipld/amt/fuzz/corpus/equivalence b/ipld/amt/fuzz/corpus/equivalence
@@ -0,0 +1 @@
+../../../testing/fuzz-corpora/corpus/amt_equivalence/
diff --git a/ipld/amt/fuzz/corpus/simple b/ipld/amt/fuzz/corpus/simple
@@ -0,0 +1 @@
+../../../testing/fuzz-corpora/corpus/amt_simple
diff --git a/ipld/hamt/fuzz/.gitignore b/ipld/hamt/fuzz/.gitignore
@@ -1,6 +1,5 @@
 
 target
-corpus
 artifacts
 Cargo.lock
 /fuzz-*
diff --git a/ipld/hamt/fuzz/corpus b/ipld/hamt/fuzz/corpus
diff --git a/ipld/hamt/fuzz/corpus/simple b/ipld/hamt/fuzz/corpus/simple
@@ -0,0 +1 @@
+../../../testing/fuzz-corpora/corpus/hamt_simple
diff --git a/testing/fuzz-corpora b/testing/fuzz-corpora
@@ -1 +1 @@
-Subproject commit 61fc4f5aa6fdb8addd4db4273c6d912d1412af34
+Subproject commit a016437ca08b45dd5d7a96bb93d20c79de739694

-Original file line number
+Diff line change
@@ @@ -1,6 +1,5 @@ @@
 target
 -corpus
 artifacts
 Cargo.lock
 /fuzz-*