Skip to content

Commit

Permalink
tests/fuzzers: update fuzzers to be based on go-native fuzzing (#28352)
Browse files Browse the repository at this point in the history
This change modifies the fuzzers to use the native golang fuzzing framework instead of go-fuzz
  • Loading branch information
MariusVanDerWijden authored Oct 18, 2023
1 parent da55b23 commit d10a2f6
Show file tree
Hide file tree
Showing 38 changed files with 641 additions and 562 deletions.
58 changes: 0 additions & 58 deletions crypto/blake2b/blake2b_f_fuzz.go

This file was deleted.

58 changes: 58 additions & 0 deletions crypto/blake2b/blake2b_f_test.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package blake2b

import (
"encoding/binary"
"fmt"
"reflect"
"testing"
Expand Down Expand Up @@ -57,3 +58,60 @@ var testVectorsF = []testVector{
},
},
}

func Fuzz(f *testing.F) {
f.Fuzz(func(t *testing.T, data []byte) {
fuzz(data)
})
}

func fuzz(data []byte) {
// Make sure the data confirms to the input model
if len(data) != 211 {
return
}
// Parse everything and call all the implementations
var (
rounds = binary.BigEndian.Uint16(data[0:2])

h [8]uint64
m [16]uint64
t [2]uint64
f uint64
)

for i := 0; i < 8; i++ {
offset := 2 + i*8
h[i] = binary.LittleEndian.Uint64(data[offset : offset+8])
}
for i := 0; i < 16; i++ {
offset := 66 + i*8
m[i] = binary.LittleEndian.Uint64(data[offset : offset+8])
}
t[0] = binary.LittleEndian.Uint64(data[194:202])
t[1] = binary.LittleEndian.Uint64(data[202:210])

if data[210]%2 == 1 { // Avoid spinning the fuzzer to hit 0/1
f = 0xFFFFFFFFFFFFFFFF
}

// Run the blake2b compression on all instruction sets and cross reference
want := h
fGeneric(&want, &m, t[0], t[1], f, uint64(rounds))

have := h
fSSE4(&have, &m, t[0], t[1], f, uint64(rounds))
if have != want {
panic("SSE4 mismatches generic algo")
}
have = h
fAVX(&have, &m, t[0], t[1], f, uint64(rounds))
if have != want {
panic("AVX mismatches generic algo")
}
have = h
fAVX2(&have, &m, t[0], t[1], f, uint64(rounds))
if have != want {
panic("AVX2 mismatches generic algo")
}
}
56 changes: 30 additions & 26 deletions oss-fuzz.sh
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#/bin/bash -eu
# Copyright 2020 Google Inc.
#!/bin/bash -eu
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand All @@ -15,17 +15,6 @@
#
################################################################################

# This file is for integration with Google OSS-Fuzz.
# The following ENV variables are available when executing on OSS-fuzz:
#
# /out/ $OUT Directory to store build artifacts (fuzz targets, dictionaries, options files, seed corpus archives).
# /src/ $SRC Directory to checkout source files.
# /work/ $WORK Directory to store intermediate files.
#
# $CC, $CXX, $CCC The C and C++ compiler binaries.
# $CFLAGS, $CXXFLAGS C and C++ compiler flags.
# $LIB_FUZZING_ENGINE C++ compiler argument to link fuzz target against the prebuilt engine library (e.g. libFuzzer).

# This sets the -coverpgk for the coverage report when the corpus is executed through go test
coverpkg="github.com/ethereum/go-ethereum/..."

Expand Down Expand Up @@ -59,25 +48,38 @@ DOG
cd -
}

function compile_fuzzer {
# Inputs:
# $1: The package to fuzz, within go-ethereum
# $2: The name of the fuzzing function
# $3: The name to give to the final fuzzing-binary
function build_native_go_fuzzer() {
fuzzer=$1
function=$2
path=$3
tags="-tags gofuzz"

if [[ $SANITIZER == *coverage* ]]; then
coverbuild $path $function $fuzzer $coverpkg
else
go-118-fuzz-build $tags -o $fuzzer.a -func $function $path
$CXX $CXXFLAGS $LIB_FUZZING_ENGINE $fuzzer.a -o $OUT/$fuzzer
fi
}

function compile_fuzzer() {
path=$GOPATH/src/github.com/ethereum/go-ethereum/$1
func=$2
function=$2
fuzzer=$3

echo "Building $fuzzer"
cd $path

# Install build dependencies
go install github.com/AdamKorcz/go-118-fuzz-build@latest
go get github.com/AdamKorcz/go-118-fuzz-build/testing

# Do a coverage-build or a regular build
if [[ $SANITIZER = *coverage* ]]; then
coverbuild $path $func $fuzzer $coverpkg
# Test if file contains a line with "func $function(" and "testing.F".
if [ $(grep -r "func $function(" $path | grep "testing.F" | wc -l) -eq 1 ]
then
build_native_go_fuzzer $fuzzer $function $path
else
(cd $path && \
go-fuzz -func $func -o $WORK/$fuzzer.a . && \
$CXX $CXXFLAGS $LIB_FUZZING_ENGINE $WORK/$fuzzer.a -o $OUT/$fuzzer)
echo "Could not find the function: func ${function}(f *testing.F)"
fi

## Check if there exists a seed corpus file
Expand All @@ -87,9 +89,11 @@ function compile_fuzzer {
cp $corpusfile $OUT/
echo "Found seed corpus: $corpusfile"
fi
cd -
}

compile_fuzzer tests/fuzzers/bitutil Fuzz fuzzBitutilCompress
compile_fuzzer tests/fuzzers/bitutil FuzzEncoder fuzzBitutilEncoder
compile_fuzzer tests/fuzzers/bitutil FuzzDecoder fuzzBitutilDecoder
compile_fuzzer tests/fuzzers/bn256 FuzzAdd fuzzBn256Add
compile_fuzzer tests/fuzzers/bn256 FuzzMul fuzzBn256Mul
compile_fuzzer tests/fuzzers/bn256 FuzzPair fuzzBn256Pair
Expand Down
170 changes: 0 additions & 170 deletions tests/fuzzers/abi/abifuzzer.go

This file was deleted.

Loading

0 comments on commit d10a2f6

Please sign in to comment.