diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 170a5f47ee..450e6aae9b 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -58,7 +58,7 @@ jobs: build_artifact: Build-x64-fuzzer cxx_flags: /fsanitize-coverage=inline-bool-flag /fsanitize-coverage=edge /fsanitize-coverage=trace-cmp /fsanitize-coverage=trace-div /ZH:SHA_256 ld_flags: '"clang_rt.fuzzer_MD-x86_64.lib" "libsancov.lib"' - build_options: /p:Fuzzer='True' /t:tests\libfuzzer\execution_context_fuzzer /t:tests\libfuzzer\bpf2c_fuzzer /t:tests\libfuzzer\verifier_fuzzer + build_options: /p:Fuzzer='True' /t:tests\libfuzzer\execution_context_fuzzer /t:tests\libfuzzer\bpf2c_fuzzer /t:tests\libfuzzer\verifier_fuzzer /t:tests\libfuzzer\core_helper_fuzzer # Run the unit tests in GitHub. unit_tests: @@ -152,6 +152,20 @@ jobs: code_coverage: false gather_dumps: true + # Run the libfuzzer tests in GitHub. + fuzzing: + needs: libfuzzer + # Always run this job. + if: github.event_name == 'schedule' || github.event_name == 'pull_request' + uses: ./.github/workflows/reusable-test.yml + with: + name: fuzzing + test_command: core_helper_fuzzer ..\..\tests\libfuzzer\core_helper_fuzzer\corpus -max_len=139 -runs=3000 -use_value_profile=1 + build_artifact: Build-x64-fuzzer + environment: windows-2019 + code_coverage: false + gather_dumps: true + # Run Cilium regression tests in GitHub. cilium_tests: needs: regular diff --git a/tests/libfuzzer/README.md b/tests/libfuzzer/README.md index b5a833d630..086c210925 100644 --- a/tests/libfuzzer/README.md +++ b/tests/libfuzzer/README.md @@ -4,10 +4,20 @@ [LibFuzzer](https://www.llvm.org/docs/LibFuzzer.html) is an in-process, coverage-guided, evolutionary fuzzing engine. It uses a set of starting data (the corpus) to generate new test cases, measures the code-coverage of the new test, and re-combines it form new test cases. +There are now four libFuzzer-based binaries: + +* bpf2c_fuzzer +* core_helper_fuzzer +* execution_contet_fuzzer +* verifier_fuzzer + ## Usage 1) Copy the libFuzzer binary and existing corpus to a test machine (currently only Windows 10 and Server 2019 are supported). -2) Start the libFuzzer binary, pass the path to the corpus folder, and maximum time to run: ```execution_context_fuzzer.exe execution_context_fuzzer_corpus -use_value_profile=1 -max_total_time=1800``` -3) If the the fuzzer hits an issue, it will display the stack trace and create a file containing the input that triggered the crash. +2) Start the libFuzzer binary, pass the path to the corpus folder, and maximum time to run: + * `execution_context_fuzzer.exe execution_context_fuzzer_corpus -use_value_profile=1 -max_total_time=1800` + * `core_helper_fuzzer ..\..\tests\libfuzzer\core_helper_fuzzer\corpus -max_len=139 -runs=3000 -use_value_profile=1` + * `verifier_corpus -use_value_profile=1 -max_total_time=1800` +3) If the fuzzer hits an issue, it will display the stack trace and create a file containing the input that triggered the crash. 4) Copy any new test cases and check them into the repo. ## Reproducing a crash @@ -16,4 +26,4 @@ of the input that caused the crash. To reproduce the crash (for debugging), run name in place of the corpus folder. ## Future -Once funding is available, we should set up a OneFuzz cluster and have the CI/CD pipeline deploy to it. \ No newline at end of file +Once funding is available, we should set up a OneFuzz cluster and have the CI/CD pipeline deploy to it.