diff options
author | Catena cyber <35799796+catenacyber@users.noreply.github.com> | 2022-07-07 17:00:39 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-07-07 17:00:39 +0200 |
commit | 74762513ad565f46a4502f390cb0cb64bc9bdf21 (patch) | |
tree | 9e276b0049543ad9e604af4147a5c9c22471359e | |
parent | 02659954bea618ae269bb9d554e2283f94650cf8 (diff) |
infra: have timeout per fuzz target for coverage (#7831)
* infra: have timeout per fuzz target for coverage
As is done for other languages
* ngolo-fuzzing: remove temporary workaround
now that https://github.com/golang/go/issues/53190 is closed
* ngolo-fuzzing: use built go toolchain in its directory
without copying it to /root/.go/
in order to get coverage for std lib in the end
* infra: ability to get coverage for additional golang package
And uses it with ngolo-fuzzing :
ngolo-fuzzing fuzz targets live in a different repository than
the code being fuzzed, and we we want to get the coverage, for
both the fuzz target and the package being fuzzed
* fixup bash unbound
* fixup ngolo-fuzzing only match at beginning for std package
* stricter check for every additional go package
-rwxr-xr-x | infra/base-images/base-builder/compile_go_fuzzer | 11 | ||||
-rwxr-xr-x | infra/base-images/base-runner/coverage | 10 | ||||
-rwxr-xr-x | projects/ngolo-fuzzing/build.sh | 13 |
3 files changed, 21 insertions, 13 deletions
diff --git a/infra/base-images/base-builder/compile_go_fuzzer b/infra/base-images/base-builder/compile_go_fuzzer index dd8c9f6a..df7d3e24 100755 --- a/infra/base-images/base-builder/compile_go_fuzzer +++ b/infra/base-images/base-builder/compile_go_fuzzer @@ -48,7 +48,16 @@ if [[ $SANITIZER = *coverage* ]]; then abspath_repo=`go list -m $tags -f {{.Dir}} $fuzzed_repo || go list $tags -f {{.Dir}} $fuzzed_repo` # give equivalence to absolute paths in another file, as go test -cover uses golangish pkg.Dir echo "s=$fuzzed_repo"="$abspath_repo"= > $OUT/$fuzzer.gocovpath - go test -run Test${function}Corpus -v $tags -coverpkg $fuzzed_repo/... -c -o $OUT/$fuzzer $path + # Additional packages for which to get coverage. + pkgaddcov="" + # to prevent bash from failing about unbound variable + GO_COV_ADD_PKG_SET=${GO_COV_ADD_PKG:-} + if [[ -n "${GO_COV_ADD_PKG_SET}" ]]; then + pkgaddcov=","$GO_COV_ADD_PKG + abspath_repo=`go list -m $tags -f {{.Dir}} $GO_COV_ADD_PKG || go list $tags -f {{.Dir}} $GO_COV_ADD_PKG` + echo "s=^$GO_COV_ADD_PKG"="$abspath_repo"= >> $OUT/$fuzzer.gocovpath + fi + go test -run Test${function}Corpus -v $tags -coverpkg $fuzzed_repo/...$pkgaddcov -c -o $OUT/$fuzzer $path else # Compile and instrument all Go files relevant to this fuzz target. echo "Running go-fuzz $tags -func $function -o $fuzzer.a $path" diff --git a/infra/base-images/base-runner/coverage b/infra/base-images/base-runner/coverage index 6b662dbf..fa2292ca 100755 --- a/infra/base-images/base-runner/coverage +++ b/infra/base-images/base-runner/coverage @@ -138,9 +138,13 @@ function run_go_fuzz_target { echo "Running go target $target" export FUZZ_CORPUS_DIR="$CORPUS_DIR/${target}/" export FUZZ_PROFILE_NAME="$DUMPS_DIR/$target.perf" - - $OUT/$target -test.coverprofile $DUMPS_DIR/$target.profdata &> $LOGS_DIR/$target.log - + + timeout $TIMEOUT $OUT/$target -test.coverprofile $DUMPS_DIR/$target.profdata &> $LOGS_DIR/$target.log + if (( $? != 0 )); then + echo "Error occured while running $target:" + cat $LOGS_DIR/$target.log + fi + # The Go 1.18 fuzzers are renamed to "*_fuzz_.go" during "infra/helper.py build_fuzzers". # They are are therefore refered to as "*_fuzz_.go" in the profdata files. # Since the copies named "*_fuzz_.go" do not exist in the file tree during diff --git a/projects/ngolo-fuzzing/build.sh b/projects/ngolo-fuzzing/build.sh index e2abec43..7c06d1f0 100755 --- a/projects/ngolo-fuzzing/build.sh +++ b/projects/ngolo-fuzzing/build.sh @@ -18,15 +18,10 @@ # compile latest go from git ( cd $SRC/goroot/src -( -# temporary workaround for https://github.com/golang/go/issues/53190 -cd runtime -grep nosplit libfuzzer.go || sed -i 's/func libfuzzerTraceConstCmp/\n\/\/go:nosplit\nfunc libfuzzerTraceConstCmp/' libfuzzer.go -) ./make.bash ) rm -Rf /root/.go/ -mv $SRC/goroot /root/.go +export PATH=$PATH:$SRC/goroot/bin/ compile_package () { pkg=$1 @@ -53,7 +48,7 @@ compile_package () { continue fi cd fuzz_ng_$pkg_flat - compile_go_fuzzer . FuzzNG_unsure fuzz_ngo_$pkg_flat + GO_COV_ADD_PKG="$pkg" compile_go_fuzzer . FuzzNG_unsure fuzz_ngo_$pkg_flat ) else ( @@ -75,8 +70,8 @@ go build ) # maybe we should git clone --depth 1 https://github.com/golang/go.git -find /root/.go/src/ -type d | cut -d/ -f5- | while read pkg; do - if [[ `ls /root/.go/src/$pkg/*.go | wc -l` == '0' ]]; then +find $SRC/goroot/src/ -type d | cut -d/ -f5- | while read pkg; do + if [[ `ls $SRC/goroot/src/$pkg/*.go | wc -l` == '0' ]]; then continue fi if [[ `echo $pkg | grep internal | wc -l` == '1' ]]; then |