Create fuzz test examples (#19)
Add licensing information on source files; define a plain cc_fuzz_test() Starlark macro. Set up an examples/ directory with fuzz targets; create bazelrc file with a libFuzzer+ASAN configuration. Use clang for all build, delete dummy_test.cc and hello_world.cc
diff --git a/.bazelrc b/.bazelrc
new file mode 100644
index 0000000..04e7893
--- /dev/null
+++ b/.bazelrc
@@ -0,0 +1,32 @@
+#
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Common flags for Clang
+build:clang --action_env=CC=clang
+build:clang --action_env=CXX=clang++
+
+# Flags for Clang with ASAN and libfuzzer
+build:asan-libfuzzer --config=clang
+build:asan-libfuzzer --linkopt=-fsanitize=fuzzer,address
+build:asan-libfuzzer --copt=-fsanitize=fuzzer,address
+
+# Flags for Clang with MSAN and libfuzzer
+build:msan-libfuzzer --config=clang
+build:msan-libfuzzer --linkopt=-fsanitize=memory,fuzzer
+build:msan-libfuzzer --copt=-fsanitize=memory,fuzzer
+
+# Flags for Clang with MSAN and libfuzzer, outputting detailed report
+build:msan-libfuzzer-repro --config=msan-libfuzzer
+build:msan-libfuzzer-repro --copt=-fsanitize-memory-track-origins=2
diff --git a/.github/workflows/bazel_test.yml b/.github/workflows/bazel_test.yml
index 0a06a08..c945a6a 100644
--- a/.github/workflows/bazel_test.yml
+++ b/.github/workflows/bazel_test.yml
@@ -1,14 +1,33 @@
+#
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
name: Bazel Test
on: [push, pull_request]
jobs:
- linux:
+ bazel_test:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Run all tests
working-directory: ./
+ # Build //examples/...
+ # Add "bazel test --config=clang //... --test_tag_filters=test"in the future if any test rules are added
+ # The -FDP is for filtering out the files which contains "#include <fuzzer/FuzzedDataProvider.h>",
+ # The "<fuzzer/FDP...>" is only supported since clang-10 while the clang version in github runner is 9
run: |
- bazel test //...
+ bazel build --verbose_failures --build_tag_filters=fuzz_test,-FDP --config=asan-libfuzzer //examples/...
diff --git a/BUILD b/BUILD
index ae73d0b..12ffde7 100644
--- a/BUILD
+++ b/BUILD
@@ -1,12 +1,14 @@
-#Simple Bazel build file that will be replaced with the actual fuzz target rule functionality.
-load("@rules_cc//cc:defs.bzl", "cc_binary")
-
-cc_binary(
- name = "hello_world",
- srcs = ["hello_world.cc"],
-)
-
-cc_test(
- name = "dummy_test",
- srcs = ["dummy_test.cc"],
-)
+#
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
diff --git a/CODEOWNERS b/CODEOWNERS
index f27aae8..1ffd777 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -1 +1,16 @@
+#
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
* @asraa @stefanbucur @tengpengli
diff --git a/WORKSPACE b/WORKSPACE
index e69de29..14949c2 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -0,0 +1,14 @@
+#
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
diff --git a/dummy_test.cc b/dummy_test.cc
deleted file mode 100644
index 914a386..0000000
--- a/dummy_test.cc
+++ /dev/null
@@ -1,5 +0,0 @@
-//This is an example file that will be replaced with the actual test functionality.
-
-int main(int argc, char** argv) {
- return 0;
-}
diff --git a/examples/BUILD b/examples/BUILD
new file mode 100644
index 0000000..8805062
--- /dev/null
+++ b/examples/BUILD
@@ -0,0 +1,49 @@
+#
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Simple fuzz targets that demonstrate the Bazel extension functionality and serve as regression tests.
+
+load("//:fuzz_test.bzl", "cc_fuzz_test")
+
+cc_fuzz_test(
+ name = "buffer_overflow_fuzz_test",
+ srcs = ["buffer_overflow_fuzz_test.cc"],
+)
+
+cc_fuzz_test(
+ name = "empty_fuzz_test",
+ srcs = ["empty_fuzz_test.cc"],
+)
+
+cc_fuzz_test(
+ name = "fuzzed_data_provider_fuzz_test",
+ srcs = ["fuzzed_data_provider_fuzz_test.cc"],
+ tags = ["FDP"],
+)
+
+cc_fuzz_test(
+ name = "hang_fuzz_test",
+ srcs = ["hang_fuzz_test.cc"],
+)
+
+cc_fuzz_test(
+ name = "msan_fuzz_test",
+ srcs = ["msan_fuzz_test.cc"],
+)
+
+cc_fuzz_test(
+ name = "oom_fuzz_test",
+ srcs = ["oom_fuzz_test.cc"],
+)
diff --git a/examples/buffer_overflow_fuzz_test.cc b/examples/buffer_overflow_fuzz_test.cc
new file mode 100644
index 0000000..9cfa7b1
--- /dev/null
+++ b/examples/buffer_overflow_fuzz_test.cc
@@ -0,0 +1,32 @@
+//
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// A fuzz target that causes an ASAN buffer overflow for a particular input.
+
+#include <cstdint>
+#include <cstddef>
+
+bool TriggerBufferOverflow(const uint8_t *data, size_t size) {
+ return size >= 3 &&
+ data[0] == 'F' &&
+ data[1] == 'U' &&
+ data[2] == 'Z' &&
+ data[3] == 'Z'; // :‑<
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ TriggerBufferOverflow(data, size);
+ return 0;
+}
diff --git a/examples/empty_fuzz_test.cc b/examples/empty_fuzz_test.cc
new file mode 100644
index 0000000..12f53ae
--- /dev/null
+++ b/examples/empty_fuzz_test.cc
@@ -0,0 +1,23 @@
+//
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// A plain fuzz target that does nothing (just returns).
+
+#include <cstdint>
+#include <cstddef>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ return 0;
+}
diff --git a/examples/fuzzed_data_provider_fuzz_test.cc b/examples/fuzzed_data_provider_fuzz_test.cc
new file mode 100644
index 0000000..7e9a250
--- /dev/null
+++ b/examples/fuzzed_data_provider_fuzz_test.cc
@@ -0,0 +1,32 @@
+//
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// A fuzz target that demonstrates the use of FuzzeddataProvider.
+
+#include <fuzzer/FuzzedDataProvider.h>
+#include <cstdint>
+#include <cstddef>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ FuzzedDataProvider fuzzed_data(data, size);
+
+ const auto first_part_size = fuzzed_data.ConsumeIntegral<uint16_t>();
+ std::vector<uint8_t> first_part =
+ fuzzed_data.ConsumeBytes<uint8_t>(first_part_size);
+ std::vector<uint8_t> second_part =
+ fuzzed_data.ConsumeRemainingBytes<uint8_t>();
+
+ return 0;
+}
diff --git a/examples/hang_fuzz_test.cc b/examples/hang_fuzz_test.cc
new file mode 100644
index 0000000..5daf84f
--- /dev/null
+++ b/examples/hang_fuzz_test.cc
@@ -0,0 +1,27 @@
+//
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// A fuzz target that hangs.
+
+#include <cstdint>
+#include <cstddef>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ while (true) {
+ continue;
+ }
+
+ return 0;
+}
diff --git a/examples/msan_fuzz_test.cc b/examples/msan_fuzz_test.cc
new file mode 100644
index 0000000..4bb0990
--- /dev/null
+++ b/examples/msan_fuzz_test.cc
@@ -0,0 +1,25 @@
+//
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// A fuzz target that causes an MSAN error (e.g., uninitialized variables).
+
+#include <cstdint>
+#include <cstddef>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ int a;
+ if (a) ++a;
+ return 0;
+}
diff --git a/examples/oom_fuzz_test.cc b/examples/oom_fuzz_test.cc
new file mode 100644
index 0000000..6ce9fda
--- /dev/null
+++ b/examples/oom_fuzz_test.cc
@@ -0,0 +1,35 @@
+//
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// A fuzz target that creates a memory leak and causes OOM errors.
+
+#include <cstdint>
+#include <cstddef>
+
+void LeakMemory() {
+ int* zombie_ptr = new int(100);
+ zombie_ptr[0] = 0;
+}
+
+void TriggerOomError() {
+ for (size_t i = 0; i < (1 << 30); ++i) {
+ LeakMemory();
+ }
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ TriggerOomError();
+ return 0;
+}
diff --git a/fuzz_test.bzl b/fuzz_test.bzl
new file mode 100644
index 0000000..875da1a
--- /dev/null
+++ b/fuzz_test.bzl
@@ -0,0 +1,38 @@
+#
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+""" This file contains basic functions for fuzz test. """
+
+load("@rules_cc//cc:defs.bzl", "cc_test")
+
+def cc_fuzz_test(
+ name,
+ srcs,
+ copts = [],
+ linkopts = [],
+ deps = [],
+ tags = [],
+ visibility = None):
+ """ At present this cc_fuzz_test is just a wrapper of cc_test """
+
+ cc_test(
+ name = name,
+ srcs = srcs,
+ copts = ["-fsanitize=fuzzer"] + copts,
+ linkopts = ["-fsanitize=fuzzer"] + linkopts,
+ deps = deps,
+ tags = tags + ["fuzz_test"],
+ visibility = visibility,
+ )
diff --git a/hello_world.cc b/hello_world.cc
deleted file mode 100644
index 2ef2da8..0000000
--- a/hello_world.cc
+++ /dev/null
@@ -1,7 +0,0 @@
-//This is an example file that will be replaced with the actual fuzz target rule functionality.
-#include <iostream>
-
-int main(int argc, char** argv) {
- std::cout << "hello world!" << std::endl;
- return 0;
-}
