Makefile: run fuzzing corpora as normal unit tests in non-fuzzing mode.

This means we can make sure the compile and run in normal builds.

Side note: tests/fuzz/fuzz-addr.c called common_setup(), which means
we called it twice, to hilarious effect.  Assert that we don't do that,
and don't do that.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

Author: rustyrussell

Makefile

@@ -383,10 +383,7 @@ include cln-grpc/Makefile
 endif
 include plugins/Makefile
 include tests/plugins/Makefile
-
-ifneq ($(FUZZING),0)
-	include tests/fuzz/Makefile
-endif
+include tests/fuzz/Makefile
 
 ifneq ($V,1)
 MSGGEN_ARGS := -s
@@ -699,9 +696,12 @@ endif
 
 # We special case the fuzzing target binaries, as they need to link against libfuzzer,
 # which brings its own main().
+ifneq ($(FUZZING),0)
 FUZZ_LDFLAGS = -fsanitize=fuzzer
+endif
+
 $(ALL_FUZZ_TARGETS):
-	@$(call VERBOSE, "ld $@", $(LINK.o) $(filter-out %.a,$^) $(LOADLIBES) $(EXTERNAL_LDLIBS) $(LDLIBS) libccan.a $(FUZZ_LDFLAGS) -o $@)
+	@$(call VERBOSE, "ld $@", $(LINK.o) $(filter-out %.a,$^) libcommon.a libccan.a $(LOADLIBES) $(EXTERNAL_LDLIBS) $(LDLIBS) $(FUZZ_LDFLAGS) -o $@)
 ifeq ($(OS),Darwin)
 	@$(call VERBOSE, "dsymutil $@", dsymutil $@)
 endif

common/peer_failed.h

@@ -3,6 +3,7 @@
 #include "config.h"
 #include <ccan/compiler/compiler.h>
 #include <ccan/short_types/short_types.h>
+#include <ccan/take/take.h>
 
 struct channel_id;
 struct per_peer_state;

common/utils.c

@@ -1,4 +1,5 @@
 #include "config.h"
+#include <assert.h>
 #include <bitcoin/chainparams.h>
 #include <ccan/list/list.h>
 #include <ccan/mem/mem.h>
@@ -99,6 +100,8 @@ void setup_locale(void)
 /* Initial creation of tmpctx. */
 void setup_tmpctx(void)
 {
+	/* Don't call me twice! */
+	assert(!tmpctx);
 	tmpctx = tal_arr_label(NULL, char, 0, "tmpctx");
 }
 

tests/fuzz/Makefile

@@ -13,8 +13,13 @@ FUZZ_TARGETS_SRC := $(wildcard tests/fuzz/fuzz-*.c)
 FUZZ_TARGETS_OBJS := $(FUZZ_TARGETS_SRC:.c=.o)
 FUZZ_TARGETS_BIN := $(FUZZ_TARGETS_SRC:.c=)
 
-$(FUZZ_TARGETS_OBJS): $(COMMON_HEADERS) $(WIRE_HEADERS) $(COMMON_SRC)
+$(FUZZ_TARGETS_OBJS): $(COMMON_HEADERS) $(WIRE_HEADERS) $(COMMON_SRC) tests/fuzz/libfuzz.h
 $(FUZZ_TARGETS_BIN): $(LIBFUZZ_OBJS) libcommon.a
 
 ALL_C_SOURCES += $(FUZZ_TARGETS_SRC) $(LIBFUZZ_SRC)
 ALL_FUZZ_TARGETS += $(FUZZ_TARGETS_BIN)
+
+# In non-fuzzing builds, these become normal tests.
+ifneq ($(FUZZING),1)
+check-units: $(FUZZ_TARGETS_BIN:%=unittest/%)
+endif

tests/fuzz/fuzz-addr.c

@@ -9,7 +9,9 @@
 void init(int *argc, char ***argv)
 {
 	chainparams = chainparams_for_network("bitcoin");
-	common_setup("fuzzer");
+	/* Don't call this if we're in unit-test mode, as libfuzz.c does it */
+	if (!tmpctx)
+		common_setup("fuzzer");
 }
 
 void run(const uint8_t *data, size_t size)

tests/fuzz/libfuzz.c

@@ -2,10 +2,18 @@
 
 #include <assert.h>
 #include <ccan/isaac/isaac64.h>
+#include <ccan/short_types/short_types.h>
+#include <ccan/tal/grab_file/grab_file.h>
+#include <ccan/tal/path/path.h>
+#include <ccan/tal/tal.h>
 #include <common/pseudorand.h>
+#include <common/setup.h>
+#include <dirent.h>
 #include <stdlib.h>
 #include <string.h>
+#include <sys/types.h>
 #include <tests/fuzz/libfuzz.h>
+#include <unistd.h>
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
 int LLVMFuzzerInitialize(int *argc, char ***argv);
@@ -118,3 +126,38 @@ size_t cross_over(const u8 *in1, size_t in1_size, const u8 *in2,
 				   max_out_size);
 	return overwrite_part(in1, in1_size, in2, in2_size, out, max_out_size);
 }
+
+/* In non-fuzzing builds, these become unit tests which just run the corpora:
+ * this is also good for attaching a debugger to! */
+#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+int main(int argc, char *argv[])
+{
+	DIR *d;
+	struct dirent *di;
+
+	common_setup(argv[0]);
+	assert(chdir("tests/fuzz/corpora") == 0);
+	assert(chdir(path_basename(tmpctx, argv[0])) == 0);
+
+	/* FIXME: Support explicit path args? */
+	init(&argc, &argv);
+	d = opendir(".");
+	while ((di = readdir(d)) != NULL) {
+		u8 *contents;
+		if (streq(di->d_name, ".") || streq(di->d_name, ".."))
+			continue;
+		contents = grab_file(tmpctx, di->d_name);
+		assert(contents);
+		run(contents, tal_bytelen(contents)-1);
+	}
+	closedir(d);
+	common_shutdown();
+}
+
+/* We never call any functions which might call these */
+size_t LLVMFuzzerMutate(uint8_t *data, size_t size, size_t max_size);
+size_t LLVMFuzzerMutate(uint8_t *data, size_t size, size_t max_size)
+{
+	abort();
+}
+#endif /* !FUZZING */