systemd/travis-ci/managers/fuzzit.sh

#!/bin/bash

set -e
set -x
set -u

# This should help to protect the systemd organization on Fuzzit from forks
# that are activated on Travis CI.
[[ "$TRAVIS_REPO_SLUG" = "systemd/systemd" ]] || exit 0

REPO_ROOT=${REPO_ROOT:-$(pwd)}

sudo bash -c "echo 'deb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted universe multiverse' >>/etc/apt/sources.list"
sudo apt-get update -y
sudo apt-get build-dep systemd -y
sudo apt-get install -y ninja-build python3-pip python3-setuptools
pip3 install meson

cd $REPO_ROOT
export PATH="$HOME/.local/bin/:$PATH"

# We use a subset of https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html#available-checks instead of "undefined"
# because our fuzzers crash with "pointer-overflow" and "float-cast-overflow":
# https://github.com/systemd/systemd/pull/12771#issuecomment-502139157
# https://github.com/systemd/systemd/pull/12812#issuecomment-502780455
# TODO: figure out what to do about unsigned-integer-overflow: https://github.com/google/oss-fuzz/issues/910
export SANITIZER="address -fsanitize=alignment,array-bounds,bool,bounds,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,nonnull-attribute,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,unsigned-integer-overflow,vla-bound,vptr -fno-sanitize-recover=alignment,array-bounds,bool,bounds,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,nonnull-attribute,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr"
tools/oss-fuzz.sh

FUZZING_TYPE=${1:-regression}
if [ "$TRAVIS_PULL_REQUEST" = "false" ]; then
    FUZZIT_BRANCH="${TRAVIS_BRANCH}"
else
    FUZZIT_BRANCH="PR-${TRAVIS_PULL_REQUEST}"
fi

# Because we want Fuzzit to run on every pull-request and Travis/Azure doesnt support encrypted keys
# on pull-request we use a write-only key which is ok for now. maybe there will be a better solution in the future
export FUZZIT_API_KEY=af6992074353998676713818cc6435ef4a750439932dab58b51e9354d6742c54d740a3cd9fc1fc001db82f51734a24bc
FUZZIT_ADDITIONAL_FILES="./out/src/shared/libsystemd-shared-*.so"

# ASan options are borrowed almost verbatim from OSS-Fuzz
ASAN_OPTIONS=redzone=32:print_summary=1:handle_sigill=1:allocator_release_to_os_interval_ms=500:print_suppressions=0:strict_memcmp=1:allow_user_segv_handler=0:allocator_may_return_null=1:use_sigaltstack=1:handle_sigfpe=1:handle_sigbus=1:detect_stack_use_after_return=1:alloc_dealloc_mismatch=0:detect_leaks=1:print_scariness=1:max_uar_stack_size_log=16:handle_abort=1:check_malloc_usable_size=0:quarantine_size_mb=64:detect_odr_violation=0:handle_segv=1:fast_unwind_on_fatal=0
UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1:silence_unsigned_overflow=1
FUZZIT_ARGS="--type ${FUZZING_TYPE} --branch ${FUZZIT_BRANCH} --revision ${TRAVIS_COMMIT} -e ASAN_OPTIONS=${ASAN_OPTIONS} -e UBSAN_OPTIONS=${UBSAN_OPTIONS}"
wget -O fuzzit https://github.com/fuzzitdev/fuzzit/releases/latest/download/fuzzit_Linux_x86_64
chmod +x fuzzit

find out/ -maxdepth 1 -name 'fuzz-*' -executable -type f -exec basename '{}' \; | xargs --verbose -n1 -I%FUZZER% ./fuzzit create job ${FUZZIT_ARGS} %FUZZER%-asan-ubsan out/%FUZZER% ${FUZZIT_ADDITIONAL_FILES}

export SANITIZER="memory -fsanitize-memory-track-origins"
FUZZIT_ARGS="--type ${FUZZING_TYPE} --branch ${FUZZIT_BRANCH} --revision ${TRAVIS_COMMIT}"
tools/oss-fuzz.sh

find out/ -maxdepth 1 -name 'fuzz-*' -executable -type f -exec basename '{}' \; | xargs --verbose -n1 -I%FUZZER% ./fuzzit create job ${FUZZIT_ARGS} %FUZZER%-msan out/%FUZZER% ${FUZZIT_ADDITIONAL_FILES}
Continuous Fuzzing Integration with Fuzzit includes two travis ci steps: 1) Every pull-request/push all fuzzing targets will do a quick sanity run on the generated corpus and crashes (via Fuzzit) 2) On a daily basis the fuzzing targets will be compiled (from master) and will and their respectible fuzzing job on Fuzzit will be updated to the new binary. 2019-06-11 09:25:45 +03:00			`#!/bin/bash`

			`set -e`
			`set -x`
			`set -u`

travis: protect the systemd organization on Fuzzit from forks Now that v243 is out, the script has been pulled by forks that are activated on Travis CI. As a result, all those forks have started to send their fuzzers to Fuzzit inadvertantly consuming our CPUs along the way. Let's prevent this by bailing out early if the script is run outside of the systemd repository. 2019-09-06 04:44:52 +03:00			`# This should help to protect the systemd organization on Fuzzit from forks`
			`# that are activated on Travis CI.`
			`[[ "$TRAVIS_REPO_SLUG" = "systemd/systemd" ]] \|\| exit 0`

Continuous Fuzzing Integration with Fuzzit includes two travis ci steps: 1) Every pull-request/push all fuzzing targets will do a quick sanity run on the generated corpus and crashes (via Fuzzit) 2) On a daily basis the fuzzing targets will be compiled (from master) and will and their respectible fuzzing job on Fuzzit will be updated to the new binary. 2019-06-11 09:25:45 +03:00			`REPO_ROOT=${REPO_ROOT:-$(pwd)}`

			`sudo bash -c "echo 'deb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted universe multiverse' >>/etc/apt/sources.list"`
			`sudo apt-get update -y`
			`sudo apt-get build-dep systemd -y`
			`sudo apt-get install -y ninja-build python3-pip python3-setuptools`
			`pip3 install meson`

			`cd $REPO_ROOT`
			`export PATH="$HOME/.local/bin/:$PATH"`
travis: use UBSan checks from OSS-Fuzz This should help to silence UBSan reports mentioned in https://github.com/systemd/systemd/pull/12771#issuecomment-502139157 for now. 2019-06-15 01:44:27 +03:00
			`# We use a subset of https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html#available-checks instead of "undefined"`
tests: turn on the "object-size" UBSan check on Fuzzit Now that 2eb1c19881678851a7e is merged it should be safe. 2019-07-11 16:32:05 +03:00			`# because our fuzzers crash with "pointer-overflow" and "float-cast-overflow":`
travis: turn on all default UBSan checks except for pointer-overflow, object-size and float-cast-overflow 2019-06-17 20:08:48 +03:00			`# https://github.com/systemd/systemd/pull/12771#issuecomment-502139157`
			`# https://github.com/systemd/systemd/pull/12812#issuecomment-502780455`
travis: use UBSan checks from OSS-Fuzz This should help to silence UBSan reports mentioned in https://github.com/systemd/systemd/pull/12771#issuecomment-502139157 for now. 2019-06-15 01:44:27 +03:00			`# TODO: figure out what to do about unsigned-integer-overflow: https://github.com/google/oss-fuzz/issues/910`
tests: turn on the "object-size" UBSan check on Fuzzit Now that 2eb1c19881678851a7e is merged it should be safe. 2019-07-11 16:32:05 +03:00			export SANITIZER="address -fsanitize=alignment,array-bounds,bool,bounds,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,nonnull-attribute,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,unsigned-integer-overflow,vla-bound,vptr -fno-sanitize-recover=alignment,array-bounds,bool,bounds,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,nonnull-attribute,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr"
Continuous Fuzzing Integration with Fuzzit includes two travis ci steps: 1) Every pull-request/push all fuzzing targets will do a quick sanity run on the generated corpus and crashes (via Fuzzit) 2) On a daily basis the fuzzing targets will be compiled (from master) and will and their respectible fuzzing job on Fuzzit will be updated to the new binary. 2019-06-11 09:25:45 +03:00			`tools/oss-fuzz.sh`

travis: switch to the latest version of the fuzzit CLI I was informed that fuzzit-1.1 is going to be deprecated soon. Generally the latest version isn't recommened because it's still in beta and theoretically might be backwards incompatible but let's try rolling forward to avoid PRs like this going forward. We can always roll it back :-) 2019-09-06 20:29:10 +03:00			`FUZZING_TYPE=${1:-regression}`
Continuous Fuzzing Integration with Fuzzit includes two travis ci steps: 1) Every pull-request/push all fuzzing targets will do a quick sanity run on the generated corpus and crashes (via Fuzzit) 2) On a daily basis the fuzzing targets will be compiled (from master) and will and their respectible fuzzing job on Fuzzit will be updated to the new binary. 2019-06-11 09:25:45 +03:00			`if [ "$TRAVIS_PULL_REQUEST" = "false" ]; then`
travis: clean up bash variables a bit in preparation for adding more ASan options 2019-06-15 02:16:07 +03:00			`FUZZIT_BRANCH="${TRAVIS_BRANCH}"`
Continuous Fuzzing Integration with Fuzzit includes two travis ci steps: 1) Every pull-request/push all fuzzing targets will do a quick sanity run on the generated corpus and crashes (via Fuzzit) 2) On a daily basis the fuzzing targets will be compiled (from master) and will and their respectible fuzzing job on Fuzzit will be updated to the new binary. 2019-06-11 09:25:45 +03:00			`else`
travis: clean up bash variables a bit in preparation for adding more ASan options 2019-06-15 02:16:07 +03:00			`FUZZIT_BRANCH="PR-${TRAVIS_PULL_REQUEST}"`
Continuous Fuzzing Integration with Fuzzit includes two travis ci steps: 1) Every pull-request/push all fuzzing targets will do a quick sanity run on the generated corpus and crashes (via Fuzzit) 2) On a daily basis the fuzzing targets will be compiled (from master) and will and their respectible fuzzing job on Fuzzit will be updated to the new binary. 2019-06-11 09:25:45 +03:00			`fi`

			`# Because we want Fuzzit to run on every pull-request and Travis/Azure doesnt support encrypted keys`
			`# on pull-request we use a write-only key which is ok for now. maybe there will be a better solution in the future`
fuzzit: export the API key instead of using `auth` "We removed some cahing related code that auth used and caused problems" 2019-09-12 13:34:26 +03:00			`export FUZZIT_API_KEY=af6992074353998676713818cc6435ef4a750439932dab58b51e9354d6742c54d740a3cd9fc1fc001db82f51734a24bc`
fuzzit: ignore library version 2019-07-23 22:50:52 +03:00			`FUZZIT_ADDITIONAL_FILES="./out/src/shared/libsystemd-shared-*.so"`
travis: add more ASan options 2019-06-15 03:07:17 +03:00
			`# ASan options are borrowed almost verbatim from OSS-Fuzz`
			`ASAN_OPTIONS=redzone=32:print_summary=1:handle_sigill=1:allocator_release_to_os_interval_ms=500:print_suppressions=0:strict_memcmp=1:allow_user_segv_handler=0:allocator_may_return_null=1:use_sigaltstack=1:handle_sigfpe=1:handle_sigbus=1:detect_stack_use_after_return=1:alloc_dealloc_mismatch=0:detect_leaks=1:print_scariness=1:max_uar_stack_size_log=16:handle_abort=1:check_malloc_usable_size=0:quarantine_size_mb=64:detect_odr_violation=0:handle_segv=1:fast_unwind_on_fatal=0`
travis: clean up bash variables a bit in preparation for adding more ASan options 2019-06-15 02:16:07 +03:00			`UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1:silence_unsigned_overflow=1`
travis: switch to the latest version of the fuzzit CLI I was informed that fuzzit-1.1 is going to be deprecated soon. Generally the latest version isn't recommened because it's still in beta and theoretically might be backwards incompatible but let's try rolling forward to avoid PRs like this going forward. We can always roll it back :-) 2019-09-06 20:29:10 +03:00			`FUZZIT_ARGS="--type ${FUZZING_TYPE} --branch ${FUZZIT_BRANCH} --revision ${TRAVIS_COMMIT} -e ASAN_OPTIONS=${ASAN_OPTIONS} -e UBSAN_OPTIONS=${UBSAN_OPTIONS}"`
			`wget -O fuzzit https://github.com/fuzzitdev/fuzzit/releases/latest/download/fuzzit_Linux_x86_64`
Continuous Fuzzing Integration with Fuzzit includes two travis ci steps: 1) Every pull-request/push all fuzzing targets will do a quick sanity run on the generated corpus and crashes (via Fuzzit) 2) On a daily basis the fuzzing targets will be compiled (from master) and will and their respectible fuzzing job on Fuzzit will be updated to the new binary. 2019-06-11 09:25:45 +03:00			`chmod +x fuzzit`

travis: switch to the latest version of the fuzzit CLI I was informed that fuzzit-1.1 is going to be deprecated soon. Generally the latest version isn't recommened because it's still in beta and theoretically might be backwards incompatible but let's try rolling forward to avoid PRs like this going forward. We can always roll it back :-) 2019-09-06 20:29:10 +03:00			`find out/ -maxdepth 1 -name 'fuzz-*' -executable -type f -exec basename '{}' \; \| xargs --verbose -n1 -I%FUZZER% ./fuzzit create job ${FUZZIT_ARGS} %FUZZER%-asan-ubsan out/%FUZZER% ${FUZZIT_ADDITIONAL_FILES}`
fuzzit: unleash MSan on all the fuzzers 2019-08-08 00:45:19 +03:00
fuzzit: get MSan to track origins It's just a follow-up to https://github.com/systemd/systemd/pull/13281 that should make it a little bit easier to make sense of MSan reports. https://clang.llvm.org/docs/MemorySanitizer.html#origin-tracking 2019-08-08 21:30:44 +03:00			`export SANITIZER="memory -fsanitize-memory-track-origins"`
fuzzit: unleash MSan on all the fuzzers 2019-08-08 00:45:19 +03:00			`FUZZIT_ARGS="--type ${FUZZING_TYPE} --branch ${FUZZIT_BRANCH} --revision ${TRAVIS_COMMIT}"`
			`tools/oss-fuzz.sh`

travis: switch to the latest version of the fuzzit CLI I was informed that fuzzit-1.1 is going to be deprecated soon. Generally the latest version isn't recommened because it's still in beta and theoretically might be backwards incompatible but let's try rolling forward to avoid PRs like this going forward. We can always roll it back :-) 2019-09-06 20:29:10 +03:00			`find out/ -maxdepth 1 -name 'fuzz-*' -executable -type f -exec basename '{}' \; \| xargs --verbose -n1 -I%FUZZER% ./fuzzit create job ${FUZZIT_ARGS} %FUZZER%-msan out/%FUZZER% ${FUZZIT_ADDITIONAL_FILES}`