Fuzzing integration (hyperledger-iroha#360)

ShilpaGhanashyamGore · Jun 8, 2017 · 31a4312 · 31a4312
1 parent 0ecc55b
commit 31a4312
Show file tree

Hide file tree

Showing 7 changed files with 87 additions and 1 deletion.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -9,13 +9,15 @@ set(CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake/Modules)
 
 option(BENCHMARKING "Build benchmarks" OFF)
 option(TESTING "Build tests" ON)
+option(FUZZING "Build fuzzing binaries" OFF)
 
 if (NOT CMAKE_BUILD_TYPE)
   set(CMAKE_BUILD_TYPE Debug)
 endif()
 message(STATUS "-DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE}")
 message(STATUS "-DTESTING=${TESTING}")
 message(STATUS "-DBENCHMARKING=${BENCHMARKING}")
+message(STATUS "-DFUZZING=${FUZZING}")
 
 set(IROHA_SCHEMA_DIR "${PROJECT_SOURCE_DIR}/schema")
 
@@ -42,3 +44,11 @@ endif()
 if(BENCHMARKING)
   add_subdirectory(benchmark)
 endif()
+
+if (FUZZING)
+  if ("${CMAKE_CXX_COMPILER_ID}" STREQUAL "Clang")
+    add_subdirectory(fuzz)
+  else()
+    message(Fuzzing with compilers other than clang does not supported yet)
+  endif()
+endif()
diff --git a/cmake/dependencies.cmake b/cmake/dependencies.cmake
@@ -407,4 +407,29 @@ set_target_properties(LMDB PROPERTIES
 
 if(NOT LMDB_FOUND)
   add_dependencies(LMDB lmdb_LMDB)
-endif()
+endif()
+
+
+# find_package(libFuzz)
+
+if (NOT LIBFUZZER_FOUND)
+  ExternalProject_Add(libFuzzer
+    GIT_REPOSITORY    "https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer"
+    GIT_TAG           "master"
+    CONFIGURE_COMMAND ""
+    BUILD_IN_SOURCE   1
+    BUILD_ALWAYS      1
+    BUILD_COMMAND     "./build.sh"
+    INSTALL_COMMAND   "" # remove install step
+    TEST_COMMAND      "" # remove test step
+    UPDATE_COMMAND    "" # remove update step
+    )
+  ExternalProject_Get_Property(libFuzzer source_dir)
+  set(LIBFUZZER_LIBRARIES ${source_dir}/libFuzzer.a)
+endif()
+
+add_library(fuzzer STATIC IMPORTED)
+set_target_properties(fuzzer PROPERTIES
+  IMPORTED_LOCATION ${LIBFUZZER_LIBRARIES}
+  IMPORTED_LINK_INTERFACE_LANGUAGES "CXX"
+  )
diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt
@@ -0,0 +1,4 @@
+SET(EXECUTABLE_OUTPUT_PATH ${PROJECT_BINARY_DIR}/fuzz_bin)
+SET(CMAKE_CXX_FLAGS "${LIBFUZZER_FLAGS_BASE} -fsanitize=address,undefined -fsanitize-coverage=trace-pc-guard,trace-cmp,trace-gep,trace-div")
+
+add_subdirectory(core/crypto)
diff --git a/fuzz/core/crypto/CMakeLists.txt b/fuzz/core/crypto/CMakeLists.txt
@@ -0,0 +1,12 @@
+
+add_executable(hash256_fuzz hash256_fuzz.cpp)
+add_dependencies(hash256_fuzz libFuzzer)
+target_link_libraries(hash256_fuzz fuzzer hash)
+
+add_executable(hash512_fuzz hash512_fuzz.cpp)
+add_dependencies(hash512_fuzz libFuzzer)
+target_link_libraries(hash512_fuzz fuzzer hash)
+
+add_executable(base64enc_fuzz base64enc_fuzz.cpp)
+add_dependencies(base64enc_fuzz libFuzzer)
+target_link_libraries(base64enc_fuzz fuzzer base64)
diff --git a/fuzz/core/crypto/base64enc_fuzz.cpp b/fuzz/core/crypto/base64enc_fuzz.cpp
@@ -0,0 +1,11 @@
+#include "stdint.h"
+#include "stddef.h"
+
+#include <vector>
+#include <crypto/base64.hpp>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  const std::vector<unsigned char> s(data, data + size);
+  base64::encode(s);
+  return 0;
+}
diff --git a/fuzz/core/crypto/hash256_fuzz.cpp b/fuzz/core/crypto/hash256_fuzz.cpp
@@ -0,0 +1,12 @@
+#include "stdint.h"
+#include "stddef.h"
+
+#include <string>
+#include <vector>
+#include <crypto/hash.hpp>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  std::string s((const char*)data, size);
+  hash::sha3_512_hex(s);
+  return 0;
+}
diff --git a/fuzz/core/crypto/hash512_fuzz.cpp b/fuzz/core/crypto/hash512_fuzz.cpp
@@ -0,0 +1,12 @@
+#include "stdint.h"
+#include "stddef.h"
+
+#include <string>
+#include <vector>
+#include <crypto/hash.hpp>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  std::string s((const char*)data, size);
+  hash::sha3_256_hex(s);
+  return 0;
+}