rust-lightning/fuzz/ci-fuzz.sh at b49141284ebf8b8e547188015dc3fe8dd1eb7ff7 · lightningdevkit/rust-lightning · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
#!/bin/bash
set -e
set -x

log_time() {
	echo ":::: $(date '+%Y-%m-%d %H:%M:%S') $1"
}

log_time "Verifying generated targets"
pushd src/msg_targets
rm msg_*.rs
./gen_target.sh
[ "$(git diff)" != "" ] && exit 1
popd
pushd src/bin
rm *_target.rs
./gen_target.sh
[ "$(git diff)" != "" ] && exit 1
popd

export RUSTFLAGS="--cfg=secp256k1_fuzz --cfg=hashes_fuzz"

log_time "Generating write-seeds"
mkdir -p hfuzz_workspace/full_stack_target/input
pushd write-seeds
RUSTFLAGS="$RUSTFLAGS --cfg=fuzzing" cargo run ../hfuzz_workspace/full_stack_target/input
cargo clean
popd

log_time "Installing honggfuzz"
cargo install --color always --force honggfuzz --no-default-features

# Because we're fuzzing relatively few iterations, the maximum possible
# compiler optimizations aren't necessary, so we turn off LTO
sed -i 's/lto = true//' Cargo.toml

export HFUZZ_BUILD_ARGS="--features honggfuzz_fuzz"

log_time "Building fuzz targets"
cargo --color always hfuzz build -j8

SUMMARY=""

log_time "Starting fuzz runs"
for TARGET in src/bin/*.rs; do
	FILENAME=$(basename $TARGET)
	FILE="${FILENAME%.*}"
	CORPUS_DIR="hfuzz_workspace/$FILE/input"
	CORPUS_COUNT=$(find "$CORPUS_DIR" -type f 2>/dev/null | wc -l)
	ITERATIONS=$((CORPUS_COUNT * 8 + 1000))
	log_time "Fuzzing $FILE (corpus: $CORPUS_COUNT, iterations: $ITERATIONS)"
	HFUZZ_RUN_ARGS="--exit_upon_crash -q -n8 -N $ITERATIONS --run_time 600"
	if [ "$FILE" = "chanmon_consistency_target" ]; then
		HFUZZ_RUN_ARGS="$HFUZZ_RUN_ARGS -F 64 -t 3"
	elif [ "$FILE" = "fs_store_target" ]; then
		HFUZZ_RUN_ARGS="$HFUZZ_RUN_ARGS -F 64"
	fi
	export HFUZZ_RUN_ARGS
	FUZZ_START=$(date +%s)
	cargo --color always hfuzz run $FILE
	FUZZ_END=$(date +%s)
	FUZZ_TIME=$((FUZZ_END - FUZZ_START))
	FUZZ_CORPUS_COUNT=$(find "$CORPUS_DIR" -type f 2>/dev/null | wc -l)
	if [ -f hfuzz_workspace/$FILE/HONGGFUZZ.REPORT.TXT ]; then
		cat hfuzz_workspace/$FILE/HONGGFUZZ.REPORT.TXT
		for CASE in hfuzz_workspace/$FILE/SIG*; do
			cat $CASE | xxd -p
		done
		exit 1
	fi
	if [ "$GITHUB_REF" = "refs/heads/main" ] || true; then
		HFUZZ_RUN_ARGS="-M -q -n8 -t 3"
		export HFUZZ_RUN_ARGS
		MIN_START=$(date +%s)
		cargo --color always hfuzz run $FILE
		MIN_END=$(date +%s)
		MIN_TIME=$((MIN_END - MIN_START))
		MIN_CORPUS_COUNT=$(find "$CORPUS_DIR" -type f 2>/dev/null | wc -l)
		SUMMARY="${SUMMARY}${FILE}|${ITERATIONS}|${CORPUS_COUNT}|${FUZZ_CORPUS_COUNT}|${FUZZ_TIME}|${MIN_CORPUS_COUNT}|${MIN_TIME}\n"
	else
		SUMMARY="${SUMMARY}${FILE}|${ITERATIONS}|${CORPUS_COUNT}|${FUZZ_CORPUS_COUNT}|${FUZZ_TIME}\n"
	fi
done

log_time "Done"

fmt_time() {
	local secs=$1
	printf "%dm%ds" $((secs / 60)) $((secs % 60))
}

# Print summary table
set +x
echo ""
echo "==== Fuzz Summary ===="
if [ "$GITHUB_REF" = "refs/heads/main" ]; then
	printf "%-40s %8s %8s %8s %8s %8s %8s\n" "Target" "Iters" "Corpus" "Fuzzed" "FTime" "Minimzd" "MTime"
	printf "%-40s %8s %8s %8s %8s %8s %8s\n" "------" "-----" "------" "------" "-----" "-------" "-----"
	echo -e "$SUMMARY" | while IFS='|' read -r name iters orig fuzzed ftime minimized mtime; do
		[ -z "$name" ] && continue
		printf "%-40s %8s %8s %8s %8s %8s %8s\n" "$name" "$iters" "$orig" "$fuzzed" "$(fmt_time "$ftime")" "$minimized" "$(fmt_time "$mtime")"
	done
else
	printf "%-40s %8s %8s %8s %8s\n" "Target" "Iters" "Corpus" "Fuzzed" "FTime"
	printf "%-40s %8s %8s %8s %8s\n" "------" "-----" "------" "------" "-----"
	echo -e "$SUMMARY" | while IFS='|' read -r name iters orig fuzzed ftime; do
		[ -z "$name" ] && continue
		printf "%-40s %8s %8s %8s %8s\n" "$name" "$iters" "$orig" "$fuzzed" "$(fmt_time "$ftime")"
	done
fi
echo "======================"