Skip to content

Commit

Permalink
build: support msan and asan for fuzzing locally
Browse files Browse the repository at this point in the history
  • Loading branch information
bboilot-ledger committed Dec 31, 2024
1 parent 649aa60 commit 3a1dd71
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 4 deletions.
9 changes: 8 additions & 1 deletion tests/fuzzing/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,14 @@ endif()

# compatible with ClusterFuzzLite
if (NOT DEFINED ENV{LIB_FUZZING_ENGINE})
set(COMPILATION_FLAGS -g -O0 -Wall -Wextra -fsanitize=fuzzer,address,undefined -fprofile-instr-generate -fcoverage-mapping)
set(COMPILATION_FLAGS -g -O0 -Wall -Wextra -fprofile-instr-generate -fcoverage-mapping)
if (SANITIZER MATCHES "address")
set(COMPILATION_FLAGS ${COMPILATION_FLAGS} -fsanitize=fuzzer,address,undefined)
elseif (SANITIZER MATCHES "memory")
set(COMPILATION_FLAGS ${COMPILATION_FLAGS} -fsanitize=fuzzer,memory,undefined -fsanitize-memory-track-origins -fsanitize=fuzzer-no-link)
else()
message(FATAL_ERROR "Unkown sanitizer type. It must be set to `address` or `memory`.")
endif()
else()
set(COMPILATION_FLAGS "$ENV{LIB_FUZZING_ENGINE} $ENV{CFLAGS}")
separate_arguments(COMPILATION_FLAGS)
Expand Down
4 changes: 2 additions & 2 deletions tests/fuzzing/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ Once in the container, go into the `tests/fuzzing` folder to compile the fuzzer:
cd tests/fuzzing

# cmake initialization
cmake -DBOLOS_SDK=/opt/ledger-secure-sdk -DCMAKE_C_COMPILER=/usr/bin/clang -Bbuild -S.
cmake -DBOLOS_SDK=/opt/ledger-secure-sdk -DCMAKE_C_COMPILER=/usr/bin/clang -DSANITIZER=[address|memory] -B build -S .

# Fuzzer compilation
cmake --build build
Expand All @@ -48,7 +48,7 @@ cmake --build build
./build/fuzzer -max_len=8192
```

If you want to do a fuzzing campain on more than one core and compute the coverage results, you can use the `local_run.sh` script within the container.
If you want to do a fuzzing campain on more than one core and compute the coverage results, you can use the `local_run.sh` script within the container (it'll only run the address and UB sanitizers).

## Full usage based on `clusterfuzzlite` container

Expand Down
2 changes: 1 addition & 1 deletion tests/fuzzing/local_run.sh
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
rm -rf build

# Build the fuzzer
cmake -B build -S . -DCMAKE_C_COMPILER=/usr/bin/clang
cmake -B build -S . -DCMAKE_C_COMPILER=/usr/bin/clang -DSANITIZER=address
cmake --build build

# Create the corpus directory if it doesn't exist
Expand Down

0 comments on commit 3a1dd71

Please sign in to comment.