-
Notifications
You must be signed in to change notification settings - Fork 456
Expand file tree
/
Copy pathci-fuzz.sh
More file actions
executable file
·111 lines (99 loc) · 3.46 KB
/
ci-fuzz.sh
File metadata and controls
executable file
·111 lines (99 loc) · 3.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
#!/bin/bash
set -e
set -x
pushd src/msg_targets
rm msg_*.rs
./gen_target.sh
[ "$(git diff)" != "" ] && exit 1
popd
pushd src/bin
rm *_target.rs
./gen_target.sh
[ "$(git diff)" != "" ] && exit 1
popd
export RUSTFLAGS="--cfg=secp256k1_fuzz --cfg=hashes_fuzz --cfg=chacha20_poly1305_fuzz"
mkdir -p hfuzz_workspace/full_stack_target/input
pushd write-seeds
RUSTFLAGS="$RUSTFLAGS --cfg=fuzzing" cargo run ../hfuzz_workspace/full_stack_target/input
cargo clean
popd
cargo install --color always --force honggfuzz --no-default-features
# Because we're fuzzing relatively few iterations, the maximum possible
# compiler optimizations aren't necessary, so we turn off LTO
sed -i 's/lto = true//' Cargo.toml
export HFUZZ_BUILD_ARGS="--features honggfuzz_fuzz"
cargo --color always hfuzz build -j8
SUMMARY=""
check_crash() {
local FILE=$1
if [ -f "hfuzz_workspace/$FILE/HONGGFUZZ.REPORT.TXT" ]; then
cat "hfuzz_workspace/$FILE/HONGGFUZZ.REPORT.TXT"
for CASE in "hfuzz_workspace/$FILE"/SIG*; do
cat "$CASE" | xxd -p
done
exit 1
fi
}
for TARGET in src/bin/*.rs; do
FILENAME=$(basename $TARGET)
FILE="${FILENAME%.*}"
CORPUS_DIR="hfuzz_workspace/$FILE/input"
CORPUS_COUNT=$(find "$CORPUS_DIR" -type f 2>/dev/null | wc -l)
# Run 8x the corpus size plus a baseline, ensuring full corpus replay
# with room for new mutations. The 10-minute hard cap (--run_time 600)
# prevents slow-per-iteration targets from running too long.
ITERATIONS=$((CORPUS_COUNT * 8 + 1000))
HFUZZ_RUN_ARGS="--exit_upon_crash -q -n8 -t 3 -N $ITERATIONS --run_time 600"
if [ "$FILE" = "chanmon_consistency_target" -o "$FILE" = "fs_store_target" ]; then
HFUZZ_RUN_ARGS="$HFUZZ_RUN_ARGS -F 64"
fi
export HFUZZ_RUN_ARGS
FUZZ_START=$(date +%s)
cargo --color always hfuzz run $FILE
FUZZ_END=$(date +%s)
FUZZ_TIME=$((FUZZ_END - FUZZ_START))
FUZZ_CORPUS_COUNT=$(find "$CORPUS_DIR" -type f 2>/dev/null | wc -l)
check_crash "$FILE"
if [ "$GITHUB_REF" = "refs/heads/main" ] || [ "$FUZZ_MINIMIZE" = "true" ]; then
HFUZZ_RUN_ARGS="-M -q -n8 -t 3"
export HFUZZ_RUN_ARGS
MIN_START=$(date +%s)
cargo --color always hfuzz run $FILE
MIN_END=$(date +%s)
MIN_TIME=$((MIN_END - MIN_START))
MIN_CORPUS_COUNT=$(find "$CORPUS_DIR" -type f 2>/dev/null | wc -l)
check_crash "$FILE"
SUMMARY="${SUMMARY}${FILE}|${ITERATIONS}|${CORPUS_COUNT}|${FUZZ_CORPUS_COUNT}|${FUZZ_TIME}|${MIN_CORPUS_COUNT}|${MIN_TIME}\n"
else
SUMMARY="${SUMMARY}${FILE}|${ITERATIONS}|${CORPUS_COUNT}|${FUZZ_CORPUS_COUNT}|${FUZZ_TIME}|-|-\n"
fi
done
fmt_time() {
local secs=$1
local m=$((secs / 60))
local s=$((secs % 60))
if [ "$m" -gt 0 ]; then
printf "%dm %ds" "$m" "$s"
else
printf "%ds" "$s"
fi
}
# Print summary table
set +x
echo ""
echo "==== Fuzz Summary ===="
HDR="%-40s %7s %7s %-15s %9s %-15s %9s\n"
FMT="%-40s %7s %7s %6s %-9s %9s %6s %-9s %9s\n"
printf "$HDR" "Target" "Iters" "Corpus" " Fuzzed" "Fuzz time" " Minimized" "Min. time"
printf "$HDR" "------" "-----" "------" "---------------" "---------" "---------------" "---------"
echo -e "$SUMMARY" | while IFS='|' read -r name iters orig fuzzed ftime minimized mtime; do
[ -z "$name" ] && continue
fuzz_delta=$((fuzzed - orig))
if [ "$minimized" = "-" ]; then
printf "$FMT" "$name" "$iters" "$orig" "$fuzzed" "(+$fuzz_delta)" "$(fmt_time "$ftime")" "-" "" "-"
else
min_delta=$((minimized - fuzzed))
printf "$FMT" "$name" "$iters" "$orig" "$fuzzed" "(+$fuzz_delta)" "$(fmt_time "$ftime")" "$minimized" "($min_delta)" "$(fmt_time "$mtime")"
fi
done
echo "======================"