[Go] Add logic in FI (#1890)

* [Go] Add logic in FI

Signed-off-by: Arthur Chan <[email protected]>

* Fix formatting

Signed-off-by: Arthur Chan <[email protected]>

---------

Signed-off-by: Arthur Chan <[email protected]>

Author: arthurscchan

src/fuzz_introspector/analysis.py

@@ -338,6 +338,14 @@ def get_node_coverage_hitcount(demangled_name: str, callstack: Dict[int, str],
                              hit_count_cov)
                 if n_line_number == node.src_linenumber and hit_count_cov > 0:
                     node_hitcount = hit_count_cov
+        elif profile.target_lang == "go":
+            coverage_data = profile.coverage.get_hit_details(
+                callstack_get_parent(node, callstack))
+            for (n_line_number, hit_count_cov) in coverage_data:
+                logger.debug("  - iterating %d : %d", n_line_number,
+                             hit_count_cov)
+                if n_line_number == node.src_linenumber and hit_count_cov > 0:
+                    node_hitcount = hit_count_cov
         node.cov_parent = callstack_get_parent(node, callstack)
     else:
         logger.error(
@@ -1018,6 +1026,8 @@ def extract_all_sources(language):
         test_extensions = ['.py']
     elif language == 'rust':
         test_extensions = ['.rs']
+    elif language == 'go':
+        test_extensions = ['.go', '.cgo']
     else:
         test_extensions = ['.cc', '.cpp', '.cxx', '.c++', '.c', '.h', '.hpp']
 

src/fuzz_introspector/code_coverage.py

@@ -30,6 +30,7 @@
 
 from fuzz_introspector import utils
 from fuzz_introspector import exceptions
+from fuzz_introspector.datatypes import function_profile
 
 COVERAGE_SWITCH_REGEX = re.compile(r'.*\|.*\sswitch.*\(.*\)')
 COVERAGE_CASE_REGEX = re.compile(r'.*\|.*\scase.*:')
@@ -671,6 +672,93 @@ def load_python_json_coverage(json_file: str,
     return cp
 
 
+def load_go_coverage(target_dir: str,
+                     functions: Dict[str, function_profile.FunctionProfile],
+                     target_name: Optional[str] = None) -> CoverageProfile:
+    """Find and load fuzz.cov, a go coverage summary generated by the
+    gocovmerge tool used in oss-fuzz.
+
+    Each line (except the first line) contains a coverage information in
+    the following format:
+    "<A>:<B>.<C>,<D>.<E> <F> <G>"
+    A: Target file name
+    B: Code range start line
+    C: Code range start column
+    D: Code range end line
+    E: Code range end column
+    F: Number of statements within the code range
+    G: Total number of runtime coveage of this code range
+
+    For example, here is a sample fuzz.cov
+
+    mode: set
+    test.go:18.67,20.27 2 1
+    test.go:20.28,21.32 2 0
+
+    It means that from line 18 to line 21 in test.go,
+    line 18 column 67 to line 20 column 27 has 1 hit count
+    line 20 column 28 to line 21 column 32 has no hit count
+
+    return a Coverage Profile
+    """
+    cp = CoverageProfile()
+    cp.set_type('function')
+
+    # Retrieve all fuzz.cov coverage summary
+    coverage_summary = utils.get_all_files_in_tree_with_regex(
+        target_dir, 'fuzz.cov')
+    logger.info(f"FOUND fuzz.cov COVERAGE FILES: {str(coverage_summary)}")
+
+    if len(coverage_summary) > 0:
+        cov_file = coverage_summary[0]
+    else:
+        logger.info("Found no coverage files")
+        return cp
+
+    # Extract the fuzz.cov coverage line information
+    cp.coverage_files.append(cov_file)
+    with open(cov_file, 'r') as f:
+        cov_line = f.readlines()[1:]
+
+    # Process line coverage from fuzz.cov
+    line_coverage: Dict[str, Dict[int, int]] = {}
+    for line in cov_line:
+        # Line format
+        # <file>:<start_line>.<start_col>,<end_line>.<end_col> <stmts> <hit>
+        file_name, data = line.split(':', 1)
+        line_split = re.split('[:., ]', data)
+        start_line = int(line_split[0])
+        end_line = int(line_split[2])
+        hit_count = int(line_split[5])
+
+        line_dict = line_coverage.get(file_name, {})
+        for count in range(start_line, end_line + 1):
+            hit_count = max(hit_count, line_dict.get(count, -1))
+            line_dict[count] = hit_count
+
+        line_coverage[file_name] = line_dict
+
+    # Process coverage of each functions
+    for function in functions.values():
+        name = function.function_name
+        start_line = int(function.function_linenumber)
+        end_line = int(function.function_line_number_end)
+        source_file = function.function_source_file.split('/source-files')[-1]
+
+        # Only process when we have correct start and end line number
+        # for the function
+        if start_line > 0 and end_line > 0:
+            cp.covmap[name] = []
+            for file, coverage in line_coverage.items():
+                if file.endswith(source_file):
+                    for line_no in range(start_line, end_line + 1):
+                        cp.covmap[name].append(
+                            (line_no, coverage.get(line_no, 0)))
+
+    print(cp.covmap)
+    return cp
+
+
 def load_jvm_coverage(target_dir: str,
                       target_name: Optional[str] = None) -> CoverageProfile:
     """Find and load jacoco.xml, a jvm xml coverage report file
@@ -774,7 +862,7 @@ def load_jvm_coverage(target_dir: str,
                 # Store lines, hit_time into the covmap under the target method
                 cp.covmap[name] = []
                 # Add source code line and hitcount to coverage map of current function
-                logger.debug(f"reading coverage: {name} -- {line_list[count]}")
+                logger.debug(f"reading coverage: {name} -- {line_list}")
                 for count in range(start_item, end_item):
                     cp.covmap[name].append(line_list[count])
 

src/fuzz_introspector/datatypes/fuzzer_profile.py

@@ -73,7 +73,7 @@ def __init__(self,
             self.entrypoint_mod = frontend_yaml['ep']['module']
 
         # Read entrypoint of fuzzer if this is a jvm module
-        if target_lang == "jvm":
+        if target_lang == "jvm" or target_lang == "go":
             self.entrypoint_method = frontend_yaml['Fuzzing method']
 
         self._set_function_list(frontend_yaml)
@@ -107,6 +107,8 @@ def entrypoint_function(self):
             # macro and we manually considered it as
             # function in the frontend.
             return "fuzz_target"
+        elif self.target_lang == "go":
+            return self.entrypoint_method
         else:
             return None
 
@@ -124,6 +126,13 @@ def identifier(self):
             # Class name is used for jvm identifier
             return os.path.basename(self.fuzzer_source_file)
 
+        elif self._target_lang == "rust":
+            return os.path.basename(self.fuzzer_source_file).replace(".rs", "")
+
+        elif self._target_lang == "go":
+            fuzzer_base_name = os.path.basename(self.fuzzer_source_file)
+            return fuzzer_base_name.replace(".go", "").replace(".cgo", "")
+
         return self.fuzzer_source_file
 
     @property
@@ -149,6 +158,11 @@ def has_entry_point(self) -> bool:
                 if name.startswith(self.entrypoint_function):
                     return True
 
+        elif self.target_lang == "go":
+            for name in self.all_class_functions:
+                if name == self.entrypoint_function:
+                    return True
+
         return False
 
     def func_is_entrypoint(self, demangled_func_name: str) -> bool:
@@ -447,8 +461,8 @@ def _set_all_reached_functions(self) -> None:
         the fuzzer. This is based on identifying all functions reached by the
         fuzzer entrypoint function, e.g. LLVMFuzzerTestOneInput in C/C++.
         """
-        # Find C/CPP/Rust entry point
-        if self._target_lang == "c-cpp" or self.target_lang == "rust":
+        # Find C/CPP/Rust/Go entry point
+        if self._target_lang == "c-cpp" or self.target_lang == "rust" or self.target_lang == "go":
             if self.entrypoint_function in self.all_class_functions:
                 self.functions_reached_by_fuzzer = (self.all_class_functions[
                     self.entrypoint_function].functions_reached)
@@ -511,6 +525,9 @@ def _load_coverage(self, target_folder: str) -> None:
         elif self.target_lang == "rust":
             self.coverage = code_coverage.load_llvm_coverage(
                 target_folder, self.identifier, True)
+        elif self.target_lang == "go":
+            self.coverage = code_coverage.load_go_coverage(
+                target_folder, self.all_class_functions)
         else:
             raise DataLoaderError(
                 "The profile target has no coverage loading support")

src/fuzz_introspector/html_helpers.py

@@ -183,6 +183,8 @@ def create_pfc_button(profiles: List[fuzzer_profile.FuzzerProfile],
             target_coverage_url += "/index.html"
         elif profile.target_lang == "rust":
             target_coverage_url += "/report.html"
+        elif profile.target_lang == "go":
+            target_coverage_url += "/index.html"
 
         html_string += f"""
             <a href="{target_coverage_url}">
@@ -208,6 +210,8 @@ def html_get_table_of_contents(
         cov_index = "index.html"
     elif proj_profile.target_lang == "rust":
         cov_index = "report.html"
+    elif proj_profile.target_lang == "go":
+        cov_index = "index.html"
 
     html_toc_string = ""
     html_toc_string += f"""<div class="left-sidebar">\