-
Show log
Commit
-
Hash : 60e610a2
Author :
Date : 2018-01-04T15:36:22
fuzzers: add build support and instructions This change adds support for building a fuzz target for exercising the packfile parser, as well as documentation. It also runs the fuzzers in Travis to avoid regressions.
-
Properties
-
Git HTTP https://git.kmx.io/thodg/libgit2.git Git SSH git@git.kmx.io:thodg/libgit2.git Public access ? public Description Users
Tags - v1.5.0
- v1.4.4
- v1.4.3
- v1.4.2
- v1.4.1
- v1.4.0
- v1.3.2
- v1.3.1
- v1.3.0
- v1.2.0
- v1.1.1
- v1.1.0
- v1.0.1
- v1.0.0
- v0.99.0
- v0.8.0
- v0.3.0
- v0.28.5
- v0.28.4
- v0.28.3
- v0.28.2
- v0.28.1
- v0.28.0-rc1
- v0.28.0
- v0.27.9
- v0.27.8
- v0.27.7
- v0.27.6
- v0.27.5
- v0.27.4
- v0.27.3
- v0.27.2
- v0.27.10
- v0.27.1
- v0.27.0-rc3
- v0.27.0-rc2
- v0.27.0-rc1
- v0.27.0
- v0.26.8
- v0.26.7
- v0.26.6
- v0.26.5
- v0.26.4
- v0.26.3
- v0.26.2
- v0.26.1
- v0.26.0-rc2
- v0.26.0-rc1
- v0.26.0
- v0.25.1
- v0.25.0-rc2
- v0.25.0-rc1
- v0.25.0
- v0.24.6
- v0.24.5
- v0.24.4
- v0.24.3
- v0.24.2
- v0.24.1
- v0.24.0-rc1
- v0.24.0
- v0.23.4
- v0.23.3
- v0.23.2
- v0.23.1
- v0.23.0-rc2
- v0.23.0-rc1
- v0.23.0
- v0.22.3
- v0.22.2
- v0.22.1
- v0.22.0-rc2
- v0.22.0-rc1
- v0.22.0
- v0.21.5
- v0.21.4
- v0.21.3
- v0.21.2
- v0.21.1
- v0.21.0-rc2
- v0.21.0-rc1
- v0.21.0
- v0.20.0
- v0.2.0
- v0.19.0
- v0.18.0
- v0.17.0
- v0.16.0
- v0.15.0
- v0.14.0
- v0.13.0
- v0.12.0
- v0.11.0
- v0.10.0
- v0.1.0
-
README.md
-
Fuzzing
libgit2 is currently using libFuzzer to perform automated fuzz testing. libFuzzer only works with clang.
Prerequisites** for building fuzz targets:
- All the prerequisites for building libgit2.
- A recent version of clang. 6.0 is preferred. pre-build Debian/Ubuntu packages
Build
-
Create a build directory beneath the libgit2 source directory, and change
into it:
mkdir build && cd build -
Choose one sanitizers to add. The currently supported sanitizers are
address,undefined, andleak/address,leak. -
Create the cmake build environment and configure the build with the
sanitizer chosen:
CC=/usr/bin/clang-6.0 cmake -DBUILD_CLAR=OFF -DBUILD_FUZZERS=ON -DUSE_SANIZER=address -DCMAKE_EXE_LINKER_FLAGS="-fsanitize=fuzzer" -DCMAKE_BUILD_TYPE=RelWithDebInfo ... Note that building the fuzzer targets is incompatible with the tests and examples. -
Build libgit2:
cmake --build . -
Exit the cmake build environment:
cd ..
Run the fuzz targets
-
ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolize-6.0 LSAN_OPTIONS=allocator_may_return_null=1 ASAN_OPTIONS=allocator_may_return_null=1 ./build/fuzz/fuzz_packfile_raw fuzz/corpora/fuzz_packfile_raw/
The
LSAN_OPTIONSandASAN_OPTIONSare there to allowmalloc(3)to returnNULL. TheLLVM_PROFILE_FILEis there to override the path where libFuzzer will write the coverage report.Get coverage
In order to get coverage information, you also need to add the
-DUSE_COVERAGE=ONflag tocmake, and then run the fuzz target with-runs=0. That will produce a file calleddefault.profraw(this behavior can be overridden by setting theLLVM_PROFILE_FILE="yourfile.profraw"environment variable).-
llvm-profdata-6.0 merge -sparse default.profraw -o fuzz_packfile_raw.profdatatransforms the data from a sparse representation into a format that can be used by the other tools. -
llvm-cov-6.0 report ./build/fuzz/fuzz_packfile_raw -instr-profile=fuzz_packfile_raw.profdatashows a high-level per-file coverage report. -
llvm-cov-6.0 show ./build/fuzz/fuzz_packfile_raw -instr-profile=fuzz_packfile_raw.profdata [source file]shows a line-by-line coverage analysis of all the codebase (or a single source file).
Standalone mode
In order to ensure that there are no regresions, each fuzzer target can be run in a standalone mode. This can be done by passing
-DUSE_STANDALONE_FUZZERS=ONtocmakewithout setting-DCMAKE_EXE_LINKER_FLAGS. This makes it compatible with gcc. This does not use the fuzzing engine, but just invokes every file in the chosen corpus.In order to get full coverage, though, you might want to also enable one of the sanitizers. You might need a recent version of clang to get full support.
References
- libFuzzer documentation.
- Source-based Code Coverage.