Skip to content

Commit

Permalink
Update docs and CI/CD
Browse files Browse the repository at this point in the history
Signed-off-by: Dave Thaler <[email protected]>
  • Loading branch information
dthaler committed May 27, 2022
1 parent 7bb82ee commit a990040
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 4 deletions.
16 changes: 15 additions & 1 deletion .github/workflows/cicd.yml
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ jobs:
build_artifact: Build-x64-fuzzer
cxx_flags: /fsanitize-coverage=inline-bool-flag /fsanitize-coverage=edge /fsanitize-coverage=trace-cmp /fsanitize-coverage=trace-div /ZH:SHA_256
ld_flags: '"clang_rt.fuzzer_MD-x86_64.lib" "libsancov.lib"'
build_options: /p:Fuzzer='True' /t:tests\libfuzzer\execution_context_fuzzer /t:tests\libfuzzer\bpf2c_fuzzer /t:tests\libfuzzer\verifier_fuzzer
build_options: /p:Fuzzer='True' /t:tests\libfuzzer\execution_context_fuzzer /t:tests\libfuzzer\bpf2c_fuzzer /t:tests\libfuzzer\verifier_fuzzer /t:tests\libfuzzer\core_helper_fuzzer

# Run the unit tests in GitHub.
unit_tests:
Expand Down Expand Up @@ -152,6 +152,20 @@ jobs:
code_coverage: false
gather_dumps: true

# Run the libfuzzer tests in GitHub.
fuzzing:
needs: libfuzzer
# Always run this job.
if: github.event_name == 'schedule' || github.event_name == 'pull_request'
uses: ./.github/workflows/reusable-test.yml
with:
name: fuzzing
test_command: core_helper_fuzzer ..\..\tests\libfuzzer\core_helper_fuzzer\corpus -max_len=139 -runs=3000 -use_value_profile=1
build_artifact: Build-x64-fuzzer
environment: windows-2019
code_coverage: false
gather_dumps: true

# Run Cilium regression tests in GitHub.
cilium_tests:
needs: regular
Expand Down
16 changes: 13 additions & 3 deletions tests/libfuzzer/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,20 @@
[LibFuzzer](https://www.llvm.org/docs/LibFuzzer.html) is an in-process, coverage-guided, evolutionary fuzzing engine. It uses a set of starting data (the corpus)
to generate new test cases, measures the code-coverage of the new test, and re-combines it form new test cases.

There are now four libFuzzer-based binaries:

* bpf2c_fuzzer
* core_helper_fuzzer
* execution_contet_fuzzer
* verifier_fuzzer

## Usage
1) Copy the libFuzzer binary and existing corpus to a test machine (currently only Windows 10 and Server 2019 are supported).
2) Start the libFuzzer binary, pass the path to the corpus folder, and maximum time to run: ```execution_context_fuzzer.exe execution_context_fuzzer_corpus -use_value_profile=1 -max_total_time=1800```
3) If the the fuzzer hits an issue, it will display the stack trace and create a file containing the input that triggered the crash.
2) Start the libFuzzer binary, pass the path to the corpus folder, and maximum time to run:
* `execution_context_fuzzer.exe execution_context_fuzzer_corpus -use_value_profile=1 -max_total_time=1800`
* `core_helper_fuzzer ..\..\tests\libfuzzer\core_helper_fuzzer\corpus -max_len=139 -runs=3000 -use_value_profile=1`
* `verifier_corpus -use_value_profile=1 -max_total_time=1800`
3) If the fuzzer hits an issue, it will display the stack trace and create a file containing the input that triggered the crash.
4) Copy any new test cases and check them into the repo.

## Reproducing a crash
Expand All @@ -16,4 +26,4 @@ of the input that caused the crash. To reproduce the crash (for debugging), run
name in place of the corpus folder.

## Future
Once funding is available, we should set up a OneFuzz cluster and have the CI/CD pipeline deploy to it.
Once funding is available, we should set up a OneFuzz cluster and have the CI/CD pipeline deploy to it.

0 comments on commit a990040

Please sign in to comment.