Skip to content

Commit

Permalink
Add function_filter fuzzer based on centipede (#1476)
Browse files Browse the repository at this point in the history
* Add function_filter fuzzer based on centipede

* Reuse centipede integration

* fix lint

* use centipede's weak
  • Loading branch information
Navidem authored Aug 30, 2022
1 parent ef22740 commit f8d6fab
Show file tree
Hide file tree
Showing 4 changed files with 94 additions and 0 deletions.
1 change: 1 addition & 0 deletions .github/workflows/fuzzers.yml
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,7 @@ jobs:
- libfuzzer_focus_idx6
- libfuzzer_focus_idx7
- libfuzzer_focus_idx8
- centipede_function_filter

benchmark_type:
- oss-fuzz
Expand Down
31 changes: 31 additions & 0 deletions fuzzers/centipede_function_filter/builder.Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

ARG parent_image
FROM $parent_image

ENV CENTIPEDE_SRC=/src/centipede

# Build centipede.
RUN git clone -n \
https://github.com/google/centipede.git "$CENTIPEDE_SRC" && \
echo 'build --client_env=CC=clang --cxxopt=-std=c++17 ' \
'--cxxopt=-stdlib=libc++ --linkopt=-lc++' >> ~/.bazelrc && \
(cd "$CENTIPEDE_SRC" && \
git checkout 2a2c78a2c161d99f5962b9710bce61feb00acc3d && \
./install_dependencies_debian.sh && \
bazel build -c opt :all) && \
cp "$CENTIPEDE_SRC/bazel-bin/centipede" '/out/centipede'

RUN /clang/bin/clang "$CENTIPEDE_SRC/weak_sancov_stubs.cc" -c -o /lib/weak.o
40 changes: 40 additions & 0 deletions fuzzers/centipede_function_filter/fuzzer.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Integration code for centipede fuzzer."""

import os
import yaml

from fuzzers.centipede import fuzzer


def build():
"""Build benchmark."""
fuzzer.build()


def fuzz(input_corpus, output_corpus, target_binary):
"""Run fuzzer. Wrapper that uses the defaults when calling run_fuzzer."""
with open('/focus_map.yaml', 'r') as focus_file:
focus_map = yaml.safe_load(focus_file)
benchmark = os.getenv('BENCHMARK', None)
if benchmark not in focus_map:
return
focus_list = focus_map[benchmark]
focus_filter = ','.join(focus_list)
print("DEBUG: ", focus_filter)
fuzzer.run_fuzzer(input_corpus,
output_corpus,
target_binary,
extra_flags=[f'--function_filter={focus_filter}'])
22 changes: 22 additions & 0 deletions fuzzers/centipede_function_filter/runner.Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

FROM gcr.io/oss-fuzz-base/base-clang@sha256:30706816922bf9c141b15ff4a5a44af8c0ec5700d4b46e0572029c15e495d45b AS base-clang
FROM gcr.io/fuzzbench/base-image

RUN apt-get update && apt-get install -y wget && \
wget https://storage.googleapis.com/oss-fuzz-introspector-testing/focus_map.yaml && \
apt-get remove --purge -y wget

COPY --from=base-clang /usr/local/bin/llvm-symbolizer /usr/local/bin/

0 comments on commit f8d6fab

Please sign in to comment.