[PATCH uci 1/6] tests: add libFuzzer based fuzzing

[Hauke Mehrtens]

On 10/3/20 9:48 AM, Petr Štetiar wrote:
> LibFuzzer is in-process, coverage-guided, evolutionary fuzzing engine.
> 
> LibFuzzer is linked with the library under test, and feeds fuzzed inputs
> to the library via a specific fuzzing entrypoint (aka "target
> function"); the fuzzer then tracks which areas of the code are reached,
> and generates mutations on the corpus of input data in order to maximize
> the code coverage.
> 
> So lets use libFuzzer to fuzz uci_import for the start.
> 
> Ref: https://llvm.org/docs/LibFuzzer.html
> Signed-off-by: Petr Štetiar <ynezz at true.cz>
> ---
.....
> --- /dev/null
> +++ b/tests/fuzz/CMakeLists.txt
> @@ -0,0 +1,18 @@
> +FILE(GLOB test_cases "test-*.c")
> +
> +MACRO(ADD_FUZZER_TEST name)
> +  ADD_EXECUTABLE(${name} ${name}.c)
> +  TARGET_COMPILE_OPTIONS(${name} PRIVATE -g -O1 -fno-omit-frame-pointer -fsanitize=fuzzer,address,leak,undefined)
> +  TARGET_INCLUDE_DIRECTORIES(${name} PRIVATE ${PROJECT_SOURCE_DIR})
> +  TARGET_LINK_OPTIONS(${name} PRIVATE -stdlib=libc++ -fsanitize=fuzzer,address,leak,undefined)

I get a linker error when using "-stdlib=libc++" on Debian stable with
clang-7. When I remove it this links and works fine. I think this will
cause a mix up of libstdc++ and libc++ which is not supported.

> +  TARGET_LINK_LIBRARIES(${name} uci)
> +  ADD_TEST(
> +    NAME ${name}
> +	COMMAND ${name} -max_len=256 -timeout=10 -max_total_time=300 -dict=${CMAKE_CURRENT_SOURCE_DIR}/dict/uci.dict ${CMAKE_CURRENT_SOURCE_DIR}/corpus
> +  )
> +ENDMACRO(ADD_FUZZER_TEST)
> +
> +FOREACH(test_case ${test_cases})
> +  GET_FILENAME_COMPONENT(test_case ${test_case} NAME_WE)
> +  ADD_FUZZER_TEST(${test_case})
> +ENDFOREACH(test_case)
....

Hauke

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20201004/d150a889/attachment.sig>