simplecpp/.github/workflows/fuzz.yml at aeb03a16c31404ea44f2ca03009b3a4576651ec3 · cppcheck-opensource/simplecpp · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# Syntax reference https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions
# Environment reference https://help.github.com/en/actions/reference/virtual-environments-for-github-hosted-runners
name: fuzz
on: [pull_request]

permissions:
  contents: read

jobs:
  fuzz:
    runs-on: ubuntu-24.04
    if: ${{ github.repository_owner == 'danmar' }}

    steps:
      - uses: actions/checkout@v6
        with:
          persist-credentials: false

      # the man-db trigger causes package installations to stall for several minutes at times. so just drop the package.
      # see https://github.com/actions/runner/issues/4030
      - name: Remove man-db package
        run: |
          sudo apt-get update
          sudo apt-get remove man-db

      - name: Install missing software
        run: |
          sudo apt-get update
          sudo apt-get install -y make

      - name: Install clang
        run: |
          wget https://apt.llvm.org/llvm.sh
          chmod +x llvm.sh
          sudo ./llvm.sh 22

      - name: Generate corpus
        run: |
          mkdir corpus_test
          make testrunner CXXOPTS="-DSTORE_INPUT_DIR=\"\\\"$(pwd)/corpus_test\\\"\""
          ./testrunner

      - name: Upload corpus (testrunner)
        uses: actions/upload-artifact@v6
        with:
          name: corpus_test
          path: ./corpus_test

      - name: Build fuzzer
        id: build
        run: |
          make clean
          # TODO: test O/LTO for best speed
          # TODO: use -stdlib=libc++ -lc++
          make -j$(nproc) CXXOPTS="-O3 -flto -fno-omit-frame-pointer -g -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address,undefined -fsanitize-address-use-after-scope -fno-sanitize=integer -fno-sanitize-recover=undefined" LDOPTS="-flto" LIB_FUZZING_ENGINE="-fsanitize=fuzzer" fuzz
        env:
          CXX: clang++-22

      - name: Run fuzzer
        run: |
          mkdir corpus
          mkdir artifacts
          ./fuzz -only_ascii=1 -timeout=5 -fork=$(nproc) -use_value_profile=1 -reduce_inputs=0 -timeout_exitcode=0 -max_total_time=60 -artifact_prefix=./artifacts/ corpus corpus_test
          # if a crash happens with a file from the corpus the fuzzer will not fail - so fail if any artifacts have been written
          test $(find ./artifacts -type f | wc -l) -eq 0
        env:
          ASAN_OPTIONS: detect_stack_use_after_return=1
          UBSAN_OPTIONS: print_stacktrace=1:halt_on_error=1:report_error_type=1

      - name: Upload corpus
        if: success() || failure()
        uses: actions/upload-artifact@v6
        with:
          name: corpus
          path: ./corpus

      - name: Upload artifacts
        if: success() || failure()
        uses: actions/upload-artifact@v6
        with:
          name: artifacts
          path: ./artifacts