common,crypto: move fuzzers out of core (#22029)

* common,crypto: move fuzzers out of core

* fuzzers: move vm fuzzer out from core

* fuzzing: rework cover package logic

* fuzzers: lint
This commit is contained in:
Martin Holst Swende 2020-12-23 17:44:45 +01:00 committed by Igor Mandrigin
parent 9c22ecdeb8
commit 5d418f317b
4 changed files with 87 additions and 41 deletions

View File

@ -26,38 +26,80 @@
# $CFLAGS, $CXXFLAGS C and C++ compiler flags. # $CFLAGS, $CXXFLAGS C and C++ compiler flags.
# $LIB_FUZZING_ENGINE C++ compiler argument to link fuzz target against the prebuilt engine library (e.g. libFuzzer). # $LIB_FUZZING_ENGINE C++ compiler argument to link fuzz target against the prebuilt engine library (e.g. libFuzzer).
function compile_fuzzer { # This sets the -coverpgk for the coverage report when the corpus is executed through go test
path=$SRC/go-ethereum/$1 coverpkg="github.com/ethereum/go-ethereum/..."
func=$2
fuzzer=$3
corpusfile="${path}/testdata/${fuzzer}_seed_corpus.zip"
echo "Building $fuzzer (expecting corpus at $corpusfile)"
(cd $path && \
go-fuzz -func $func -o $WORK/$fuzzer.a . && \
echo "First stage built OK" && \
$CXX $CXXFLAGS $LIB_FUZZING_ENGINE $WORK/$fuzzer.a -o $OUT/$fuzzer && \
echo "Second stage built ok" )
## Check if there exists a seed corpus file function coverbuild {
if [ -f $corpusfile ] path=$1
then function=$2
cp $corpusfile $OUT/ fuzzer=$3
echo "Found seed corpus: $corpusfile" tags=""
fi
if [[ $# -eq 4 ]]; then
tags="-tags $4"
fi
cd $path
fuzzed_package=`pwd | rev | cut -d'/' -f 1 | rev`
cp $GOPATH/ossfuzz_coverage_runner.go ./"${function,,}"_test.go
sed -i -e 's/FuzzFunction/'$function'/' ./"${function,,}"_test.go
sed -i -e 's/mypackagebeingfuzzed/'$fuzzed_package'/' ./"${function,,}"_test.go
sed -i -e 's/TestFuzzCorpus/Test'$function'Corpus/' ./"${function,,}"_test.go
cat << DOG > $OUT/$fuzzer
#/bin/sh
cd $OUT/$path
go test -run Test${function}Corpus -v $tags -coverprofile \$1 -coverpkg $coverpkg
DOG
chmod +x $OUT/$fuzzer
#echo "Built script $OUT/$fuzzer"
#cat $OUT/$fuzzer
cd -
} }
compile_fuzzer common/bitutil Fuzz fuzzBitutilCompress function compile_fuzzer {
compile_fuzzer crypto/bn256 FuzzAdd fuzzBn256Add # Inputs:
compile_fuzzer crypto/bn256 FuzzMul fuzzBn256Mul # $1: The package to fuzz, within go-ethereum
compile_fuzzer crypto/bn256 FuzzPair fuzzBn256Pair # $2: The name of the fuzzing function
compile_fuzzer core/vm/runtime Fuzz fuzzVmRuntime # $3: The name to give to the final fuzzing-binary
compile_fuzzer crypto/blake2b Fuzz fuzzBlake2b
path=$GOPATH/src/github.com/ethereum/go-ethereum/$1
func=$2
fuzzer=$3
echo "Building $fuzzer"
# Do a coverage-build or a regular build
if [[ $SANITIZER = *coverage* ]]; then
coverbuild $path $func $fuzzer $coverpkg
else
(cd $path && \
go-fuzz -func $func -o $WORK/$fuzzer.a . && \
$CXX $CXXFLAGS $LIB_FUZZING_ENGINE $WORK/$fuzzer.a -o $OUT/$fuzzer)
fi
## Check if there exists a seed corpus file
corpusfile="${path}/testdata/${fuzzer}_seed_corpus.zip"
if [ -f $corpusfile ]
then
cp $corpusfile $OUT/
echo "Found seed corpus: $corpusfile"
fi
}
compile_fuzzer tests/fuzzers/bitutil Fuzz fuzzBitutilCompress
compile_fuzzer tests/fuzzers/bn256 FuzzAdd fuzzBn256Add
compile_fuzzer tests/fuzzers/bn256 FuzzMul fuzzBn256Mul
compile_fuzzer tests/fuzzers/bn256 FuzzPair fuzzBn256Pair
compile_fuzzer tests/fuzzers/runtime Fuzz fuzzVmRuntime
compile_fuzzer tests/fuzzers/keystore Fuzz fuzzKeystore compile_fuzzer tests/fuzzers/keystore Fuzz fuzzKeystore
compile_fuzzer tests/fuzzers/txfetcher Fuzz fuzzTxfetcher compile_fuzzer tests/fuzzers/txfetcher Fuzz fuzzTxfetcher
compile_fuzzer tests/fuzzers/rlp Fuzz fuzzRlp compile_fuzzer tests/fuzzers/rlp Fuzz fuzzRlp
compile_fuzzer tests/fuzzers/trie Fuzz fuzzTrie compile_fuzzer tests/fuzzers/trie Fuzz fuzzTrie
compile_fuzzer tests/fuzzers/stacktrie Fuzz fuzzStackTrie compile_fuzzer tests/fuzzers/stacktrie Fuzz fuzzStackTrie
compile_fuzzer tests/fuzzers/difficulty Fuzz fuzzDifficulty compile_fuzzer tests/fuzzers/difficulty Fuzz fuzzDifficulty
compile_fuzzer tests/fuzzers/bls12381 FuzzG1Add fuzz_g1_add compile_fuzzer tests/fuzzers/bls12381 FuzzG1Add fuzz_g1_add
compile_fuzzer tests/fuzzers/bls12381 FuzzG1Mul fuzz_g1_mul compile_fuzzer tests/fuzzers/bls12381 FuzzG1Mul fuzz_g1_mul
@ -69,6 +111,10 @@ compile_fuzzer tests/fuzzers/bls12381 FuzzPairing fuzz_pairing
compile_fuzzer tests/fuzzers/bls12381 FuzzMapG1 fuzz_map_g1 compile_fuzzer tests/fuzzers/bls12381 FuzzMapG1 fuzz_map_g1
compile_fuzzer tests/fuzzers/bls12381 FuzzMapG2 fuzz_map_g2 compile_fuzzer tests/fuzzers/bls12381 FuzzMapG2 fuzz_map_g2
#TODO: move this to tests/fuzzers, if possible
compile_fuzzer crypto/blake2b Fuzz fuzzBlake2b
# This doesn't work very well @TODO # This doesn't work very well @TODO
#compile_fuzzertests/fuzzers/abi Fuzz fuzzAbi #compile_fuzzertests/fuzzers/abi Fuzz fuzzAbi

View File

@ -14,11 +14,13 @@
// You should have received a copy of the GNU Lesser General Public License // You should have received a copy of the GNU Lesser General Public License
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>. // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
// +build gofuzz
package bitutil package bitutil
import "bytes" import (
"bytes"
"github.com/ethereum/go-ethereum/common/bitutil"
)
// Fuzz implements a go-fuzz fuzzer method to test various encoding method // Fuzz implements a go-fuzz fuzzer method to test various encoding method
// invocations. // invocations.
@ -35,7 +37,7 @@ func Fuzz(data []byte) int {
// fuzzEncode implements a go-fuzz fuzzer method to test the bitset encoding and // fuzzEncode implements a go-fuzz fuzzer method to test the bitset encoding and
// decoding algorithm. // decoding algorithm.
func fuzzEncode(data []byte) int { func fuzzEncode(data []byte) int {
proc, _ := bitsetDecodeBytes(bitsetEncodeBytes(data), len(data)) proc, _ := bitutil.DecompressBytes(bitutil.CompressBytes(data), len(data))
if !bytes.Equal(data, proc) { if !bytes.Equal(data, proc) {
panic("content mismatch") panic("content mismatch")
} }
@ -45,11 +47,11 @@ func fuzzEncode(data []byte) int {
// fuzzDecode implements a go-fuzz fuzzer method to test the bit decoding and // fuzzDecode implements a go-fuzz fuzzer method to test the bit decoding and
// reencoding algorithm. // reencoding algorithm.
func fuzzDecode(data []byte) int { func fuzzDecode(data []byte) int {
blob, err := bitsetDecodeBytes(data, 1024) blob, err := bitutil.DecompressBytes(data, 1024)
if err != nil { if err != nil {
return 0 return 0
} }
if comp := bitsetEncodeBytes(blob); !bytes.Equal(comp, data) { if comp := bitutil.CompressBytes(blob); !bytes.Equal(comp, data) {
panic("content mismatch") panic("content mismatch")
} }
return 1 return 1

View File

@ -2,8 +2,6 @@
// Use of this source code is governed by a BSD-style license that can be found // Use of this source code is governed by a BSD-style license that can be found
// in the LICENSE file. // in the LICENSE file.
// +build gofuzz
package bn256 package bn256
import ( import (
@ -24,7 +22,7 @@ func getG1Points(input io.Reader) (*cloudflare.G1, *google.G1) {
} }
xg := new(google.G1) xg := new(google.G1)
if _, err := xg.Unmarshal(xc.Marshal()); err != nil { if _, err := xg.Unmarshal(xc.Marshal()); err != nil {
panic(fmt.Sprintf("Could not marshal cloudflare -> google:", err)) panic(fmt.Sprintf("Could not marshal cloudflare -> google: %v", err))
} }
return xc, xg return xc, xg
} }
@ -37,7 +35,7 @@ func getG2Points(input io.Reader) (*cloudflare.G2, *google.G2) {
} }
xg := new(google.G2) xg := new(google.G2)
if _, err := xg.Unmarshal(xc.Marshal()); err != nil { if _, err := xg.Unmarshal(xc.Marshal()); err != nil {
panic(fmt.Sprintf("Could not marshal cloudflare -> google:", err)) panic(fmt.Sprintf("Could not marshal cloudflare -> google: %v", err))
} }
return xc, xg return xc, xg
} }

View File

@ -14,23 +14,23 @@
// You should have received a copy of the GNU Lesser General Public License // You should have received a copy of the GNU Lesser General Public License
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>. // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
// +build gofuzz
package runtime package runtime
import (
"github.com/ethereum/go-ethereum/core/vm/runtime"
)
// Fuzz is the basic entry point for the go-fuzz tool // Fuzz is the basic entry point for the go-fuzz tool
// //
// This returns 1 for valid parsable/runable code, 0 // This returns 1 for valid parsable/runable code, 0
// for invalid opcode. // for invalid opcode.
func Fuzz(input []byte) int { func Fuzz(input []byte) int {
_, _, err := Execute(input, input, &Config{ _, _, err := runtime.Execute(input, input, &runtime.Config{
GasLimit: 3000000, GasLimit: 12000000,
}) })
// invalid opcode // invalid opcode
if err != nil && len(err.Error()) > 6 && string(err.Error()[:7]) == "invalid" { if err != nil && len(err.Error()) > 6 && err.Error()[:7] == "invalid" {
return 0 return 0
} }
return 1 return 1
} }