centipede/dso_example/build_and_run.sh - third_party/github/google/fuzztest - Git at Google

 #!/bin/bash

 # Copyright 2022 The Centipede Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #      https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.

 # This script demonstrates how to use Centipede for the following use case:
 # * The code we want to fuzz resides in a separate shared library.
 # * (optionally) the shared library needs to be built with GCC and is thus
 #   limited to using the legacy trace-pc instrumentation.
 # * The main binary is not instrumented. It passes inputs to the library.
 # * The instrumented library is dlopen-ed by the main binary.

 # Run this script in its own directory.
 set -ue

 echo "Building Centipede and copying files to /tmp"
 cd ..
 bazel build -c opt //...
 cp -vf bazel-bin/{centipede,centipede_runner_no_main.so} /tmp
 cd -

 # The following instructions should work both with GCC and Clang.
 CC=gcc # or clang
 CXX=g++ # or clang++

 echo "CC=${CC} CXX=${CXX}"

 # Build the shared library with the coverage instrumentation.
 # Here we use the legacy trace-pc instrumentation supported by GCC and Clang.
 # https://clang.llvm.org/docs/SanitizerCoverage.html#tracing-pcs.
 # But you can use other instrumentation as well.
 echo "Building the instrumented shared library"
 ${CC} -O2 -g -fPIC -shared fuzz_me.cc -fsanitize-coverage=trace-pc -o fuzz_me.so

 # Build the main binary without instrumentation.
 echo "Building the non-instrumented binary"
 ${CXX} -O2 -g main.cc -o main_executable

 echo "Preparing to run fuzzing"
 rm -rf /tmp/wd
 mkdir /tmp/wd

 # Run fuzzing.
 # The centipede run-time is LD_PRELOAD-ed.
 # The instrumented library fuzz_me.so is `dlopen()`-ed.
 echo "Fuzzing until the first crash"
 /tmp/centipede --workdir=/tmp/wd \
   --binary="LD_PRELOAD=/tmp/centipede_runner_no_main.so FUZZ_ME_PATH=./fuzz_me.so ./main_executable @@" \
   --exit_on_crash=1 \
   --coverage_binary="${PWD}/fuzz_me.so" --runner_dl_path_suffix="/fuzz_me.so"
	#!/bin/bash

	# Copyright 2022 The Centipede Authors.
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# https://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	# This script demonstrates how to use Centipede for the following use case:
	# * The code we want to fuzz resides in a separate shared library.
	# * (optionally) the shared library needs to be built with GCC and is thus
	# limited to using the legacy trace-pc instrumentation.
	# * The main binary is not instrumented. It passes inputs to the library.
	# * The instrumented library is dlopen-ed by the main binary.

	# Run this script in its own directory.
	set -ue

	echo "Building Centipede and copying files to /tmp"
	cd ..
	bazel build -c opt //...
	cp -vf bazel-bin/{centipede,centipede_runner_no_main.so} /tmp
	cd -

	# The following instructions should work both with GCC and Clang.
	CC=gcc # or clang
	CXX=g++ # or clang++

	echo "CC=${CC} CXX=${CXX}"

	# Build the shared library with the coverage instrumentation.
	# Here we use the legacy trace-pc instrumentation supported by GCC and Clang.
	# https://clang.llvm.org/docs/SanitizerCoverage.html#tracing-pcs.
	# But you can use other instrumentation as well.
	echo "Building the instrumented shared library"
	${CC} -O2 -g -fPIC -shared fuzz_me.cc -fsanitize-coverage=trace-pc -o fuzz_me.so

	# Build the main binary without instrumentation.
	echo "Building the non-instrumented binary"
	${CXX} -O2 -g main.cc -o main_executable

	echo "Preparing to run fuzzing"
	rm -rf /tmp/wd
	mkdir /tmp/wd

	# Run fuzzing.
	# The centipede run-time is LD_PRELOAD-ed.
	# The instrumented library fuzz_me.so is `dlopen()`-ed.
	echo "Fuzzing until the first crash"
	/tmp/centipede --workdir=/tmp/wd \
	--binary="LD_PRELOAD=/tmp/centipede_runner_no_main.so FUZZ_ME_PATH=./fuzz_me.so ./main_executable @@" \
	--exit_on_crash=1 \
	--coverage_binary="${PWD}/fuzz_me.so" --runner_dl_path_suffix="/fuzz_me.so"