From: Igor Munkin <imun@tarantool.org> To: Sergey Bronnikov <sergeyb@tarantool.org> Cc: o.piskunov@tarantool.org, tarantool-patches@dev.tarantool.org, alexander.turenko@tarantool.org Subject: Re: [Tarantool-patches] [PATCH v2] Add infrastructure for fuzzing testing and fuzzers Date: Tue, 26 May 2020 18:54:04 +0300 [thread overview] Message-ID: <20200526155404.GN5455@tarantool.org> (raw) In-Reply-To: <20200429120956.GB83580@pony.bronevichok.ru> Sergey, Thanks for the changes! Please consider my replies below. On 29.04.20, Sergey Bronnikov wrote: > Hi, Igor > > thanks a lot for review! See my answers inline. > > On 14:19 Tue 28 Apr , Igor Munkin wrote: > > Sergey, > > > > Thanks for the patch! I left several comments, please consider them. > > > > On 20.04.20, Sergey Bronnikov wrote: > > > - introduce CMake flag to enable building fuzzers > > > - add fuzzers based on LibFuzzer[1] to csv, http_parser and uri modules > > > > > > [1] https://llvm.org/docs/LibFuzzer.html > > > > > > Note: LibFuzzer requires Clang compiler > > > > > > How-To Use: > > > > > > $ mkdir build && cd build > > > $ CC=clang CXX=clang++ cmake -DENABLE_FUZZER=ON .. > > > $ make -j > > > $ ./Testing/test_csv corpus/ -max_total_time=60*60*60 -workers=4 I guess corpus directory need to be created prior to the <test_csv> run. At least I faced the following error: | $ ./Testing/test_csv corpus/ -max_total_time=60*60*60 -workers=4 | INFO: Seed: 3782841313 | INFO: Loaded 1 modules (3 inline 8-bit counters): 3 [0x574eb0, | 0x574eb3), | INFO: Loaded 1 PC tables (3 PCs): 3 [0x54f540,0x54f570), | No such file or directory: corpus/; exiting After <mkdir> everything works fine. > > > > I can't test your patch manually since this recipe doesn't work for me: > > perhaps you should install package sys-libs/compiler-rt-sanitizers [1] This package was installed. | $ $ eix sys-libs/compiler-rt-sanitizers | head -1 | [I] sys-libs/compiler-rt-sanitizers > > 1. https://packages.gentoo.org/packages/sys-libs/compiler-rt-sanitizers > > > | $ cat /etc/os-release > > | NAME=Gentoo > > | ID=gentoo > > | PRETTY_NAME="Gentoo/Linux" > > | ANSI_COLOR="1;32" > > | HOME_URL="https://www.gentoo.org/" > > | SUPPORT_URL="https://www.gentoo.org/support/" > > | BUG_REPORT_URL="https://bugs.gentoo.org/" > > | $ clang --version > > | clang version 8.0.1 (tags/RELEASE_801/final) > > | Target: x86_64-pc-linux-gnu > > | Thread model: posix > > | InstalledDir: /usr/lib/llvm/8/bin > > | $ clang++ --version > > | clang version 8.0.1 (tags/RELEASE_801/final) > > | Target: x86_64-pc-linux-gnu > > | Thread model: posix > > | InstalledDir: /usr/lib/llvm/8/bin > > | $ git status | head -1 > > | On branch ligurio/gh-1809-libfuzzer > > | $ mkdir -p libfuzzer > > | $ cd !$ > > | cd libfuzzer > > | $ CC=clang CXX=clang++ cmake -DENABLE_FUZZER=ON .. > > | -- Enabling LTO: FALSE > > | -- OpenSSL 1.1.1d found > > | -- > > | CMake Deprecation Warning at test/CMakeLists.txt:21 (cmake_policy): > > | The OLD behavior for policy CMP0037 will be removed from a future version > > | of CMake. > > | > > | The cmake-policies(7) manual explains that the OLD behaviors of all > > | policies are deprecated and that a policy should be set to OLD only under > > | specific short-term circumstances. Projects should be ported to the NEW > > | behavior and not rely on setting a policy to OLD. > > | > > | > > | -- > > | -- > > | -- Configuring done > > | -- Generating done > > | -- Build files have been written to: /home/imun/projects/tarantool > > | $ echo $? > > | 0 > > | $ make -j > > | make: *** No targets specified and no makefile found. Stop. > > I suspect the problem was due to specifying "CXX=clang++". > I have changed check for compiler and it can probably fixes your problem. Yeah, this might be the root cause. As I mentioned above, now everything is fine, thanks! > <snipped> > > > > diff --git a/src/lib/csv/test_csv.c b/src/lib/csv/test_csv.c > > > new file mode 100644 > > > index 000000000..aa1703514 > > > --- /dev/null > > > +++ b/src/lib/csv/test_csv.c > > > > This C file doesn't respect our C style guide[1], please adjust it. > > > > > @@ -0,0 +1,23 @@ > > > +#include <stdint.h> > > > +#include <stdlib.h> > > > +#include <stddef.h> > > > +#include <string.h> > > > +#include "csv.h" > > > + > > > +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { > > > + struct csv csv; > > > + csv_create(&csv); > > > + char *buf = calloc(size, sizeof(char*)); > > > + if (buf == NULL) { > > > + return -1; > > > + } > > > + memcpy(buf, data, size); > > > + buf[size] = '\0'; > > > + char *end = buf + size; > > > + csv_parse_chunk(&csv, buf, end); > > > + csv_finish_parsing(&csv); > > > + csv_destroy(&csv); > > > + free(buf); > > > + > > > + return 0; > > > > So, csv parsing succeeds regardless the input? Then what is the purpose > > of the testing? > > Yes, function LLVMFuzzerTestOneInput succeeds when csv parsing > finishes without any issues like memory corruption, buffer overflow etc. > Unfortunately these csv_* functions returns void and I cannot additionaly > check was parsing successfull or not. Anyway fuzzing is about negative testing > and our goal to check function for reliability with junk input. No, you can. Despite the void function return type you can check the error_status field in csv context structure which is set e.g. in <csv_invalid> routine (called within <csv_finish_parsing> routine). > > > > +} > > > diff --git a/src/lib/http_parser/CMakeLists.txt b/src/lib/http_parser/CMakeLists.txt > > > index a48f83cb6..7af922fbb 100644 > > > --- a/src/lib/http_parser/CMakeLists.txt > > > +++ b/src/lib/http_parser/CMakeLists.txt > > > @@ -1 +1,12 @@ > > > add_library(http_parser STATIC http_parser.c) > > > + > > > +if (ENABLE_FUZZER AND CMAKE_CXX_COMPILER_ID STREQUAL "Clang") > > > + set(TestName "test_http_parser") > > > + add_executable(${TestName} ${TestName}.c) > > > + set_target_properties(${TestName} > > > + PROPERTIES > > > + COMPILE_FLAGS "-fsanitize=fuzzer,address -g -O1" > > > + LINK_FLAGS "-fsanitize=fuzzer,address") > > > + target_link_libraries(${TestName} PRIVATE http_parser) > > > + set_target_properties(${TestName} PROPERTIES RUNTIME_OUTPUT_DIRECTORY "${TESTING_OUTPUT_DIRECTORY}") > > > > What if ${TESTING_OUTPUT_DIRECTORY} is not defined? > > Why it can be undefined if I set it in cmake/profile.cmake when ENABLE_FUZZER is enabled? Yes, but if one runs the following command, the build succeeds: | $ cmake . && make -j | -- The C compiler identification is GNU 8.3.0 | -- The CXX compiler identification is GNU 8.3.0 | -- Check for working C compiler: /usr/bin/cc | -- Check for working C compiler: /usr/bin/cc -- works | -- Detecting C compiler ABI info | -- Detecting C compiler ABI info - done | -- Detecting C compile features | -- Detecting C compile features - done | -- Check for working CXX compiler: /usr/bin/c++ | -- Check for working CXX compiler: /usr/bin/c++ -- works | -- Detecting CXX compiler ABI info | -- Detecting CXX compiler ABI info - done | -- Detecting CXX compile features | -- Detecting CXX compile features - done | CMake Warning (dev) in CMakeLists.txt: | No cmake_minimum_required command is present. A line of code such as | | cmake_minimum_required(VERSION 3.14) | | should be added at the top of the file. The version specified may be lower | if you wish to support older CMake versions for this project. For more | information run "cmake --help-policy CMP0000". | This warning is for project developers. Use -Wno-dev to suppress it. | | -- Configuring done | -- Generating done | -- Build files have been written to: <tarantool-path>/src/lib/http_parser | Scanning dependencies of target http_parser | [ 50%] Building C object CMakeFiles/http_parser.dir/http_parser.o | [100%] Linking C static library libhttp_parser.a | [100%] Built target http_parser At the same time the following command fails due to invalid compiler/linker flags: | $ cmake -DENABLE_FUZZER=ON . && make -j | -- The C compiler identification is GNU 8.3.0 | -- The CXX compiler identification is GNU 8.3.0 | -- Check for working C compiler: /usr/bin/cc | -- Check for working C compiler: /usr/bin/cc -- works | -- Detecting C compiler ABI info | -- Detecting C compiler ABI info - done | -- Detecting C compile features | -- Detecting C compile features - done | -- Check for working CXX compiler: /usr/bin/c++ | -- Check for working CXX compiler: /usr/bin/c++ -- works | -- Detecting CXX compiler ABI info | -- Detecting CXX compiler ABI info - done | -- Detecting CXX compile features | -- Detecting CXX compile features - done | CMake Warning (dev) in CMakeLists.txt: | No cmake_minimum_required command is present. A line of code such as | | cmake_minimum_required(VERSION 3.14) | | should be added at the top of the file. The version specified may be lower | if you wish to support older CMake versions for this project. For more | information run "cmake --help-policy CMP0000". | This warning is for project developers. Use -Wno-dev to suppress it. | | -- Configuring done | -- Generating done | -- Build files have been written to: <tarantool-path>/src/lib/http_parser | Scanning dependencies of target http_parser | [ 25%] Building C object CMakeFiles/http_parser.dir/http_parser.o | [ 50%] Linking C static library libhttp_parser.a | [ 50%] Built target http_parser | Scanning dependencies of target test_http_parser | [ 75%] Building C object CMakeFiles/test_http_parser.dir/test_http_parser.o | cc: error: unrecognized argument to -fsanitize= option: 'fuzzer' | make[2]: *** [CMakeFiles/test_http_parser.dir/build.make:63: CMakeFiles/test_http_parser.dir/test_http_parser.o] Error 1 | make[1]: *** [CMakeFiles/Makefile2:110: CMakeFiles/test_http_parser.dir/all] Error 2 | make: *** [Makefile:84: all] Error 2 So cmake respects the given options but has no check for toolchain. OK, when the proper toolchain is set <make> command succeeds and test_http_parser is build in the project root directory: | $ CC=clang CXX=clang++ cmake -DENABLE_FUZZER=ON . && make -j | -- The C compiler identification is Clang 8.0.1 | -- The CXX compiler identification is Clang 8.0.1 | -- Check for working C compiler: /usr/lib/llvm/8/bin/clang | -- Check for working C compiler: /usr/lib/llvm/8/bin/clang -- works | -- Detecting C compiler ABI info | -- Detecting C compiler ABI info - done | -- Detecting C compile features | -- Detecting C compile features - done | -- Check for working CXX compiler: /usr/lib/llvm/8/bin/clang++ | -- Check for working CXX compiler: /usr/lib/llvm/8/bin/clang++ -- works | -- Detecting CXX compiler ABI info | -- Detecting CXX compiler ABI info - done | -- Detecting CXX compile features | -- Detecting CXX compile features - done | CMake Warning (dev) in CMakeLists.txt: | No cmake_minimum_required command is present. A line of code such as | | cmake_minimum_required(VERSION 3.14) | | should be added at the top of the file. The version specified may be lower | if you wish to support older CMake versions for this project. For more | information run "cmake --help-policy CMP0000". | This warning is for project developers. Use -Wno-dev to suppress it. | | -- Configuring done | -- Generating done | -- Build files have been written to: <tarantool-path>/src/lib/http_parser | Scanning dependencies of target http_parser | [ 25%] Building C object CMakeFiles/http_parser.dir/http_parser.o | [ 50%] Linking C static library libhttp_parser.a | [ 50%] Built target http_parser | Scanning dependencies of target test_http_parser | [ 75%] Building C object CMakeFiles/test_http_parser.dir/test_http_parser.o | [100%] Linking C executable test_http_parser | [100%] Built target test_http_parser And this is the case I was writing about. Do you consider this as a bug? Side note: this *might* be the main reason, why unit tests aren't placed alongside with the corresponding libs but grouped within a separate directory as Serge mentioned in his review. > <snipped> > > -- > sergeyb@ -- Best regards, IM
next prev parent reply other threads:[~2020-05-26 16:02 UTC|newest] Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-04-20 8:47 Sergey Bronnikov 2020-04-24 13:56 ` Serge Petrenko 2020-04-29 9:28 ` Sergey Bronnikov 2020-04-30 11:10 ` Serge Petrenko 2020-04-30 11:40 ` Sergey Bronnikov 2020-04-30 13:01 ` Serge Petrenko 2020-04-28 11:19 ` Igor Munkin 2020-04-29 12:09 ` Sergey Bronnikov 2020-05-26 15:54 ` Igor Munkin [this message] 2020-12-01 16:22 ` Sergey Bronnikov
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200526155404.GN5455@tarantool.org \ --to=imun@tarantool.org \ --cc=alexander.turenko@tarantool.org \ --cc=o.piskunov@tarantool.org \ --cc=sergeyb@tarantool.org \ --cc=tarantool-patches@dev.tarantool.org \ --subject='Re: [Tarantool-patches] [PATCH v2] Add infrastructure for fuzzing testing and fuzzers' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox