github/prysm
1
1
Fork 0
mirror of https://github.com/OffchainLabs/prysm.git synced 2026-01-08 23:18:15 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add beacon state unmarshal fuzzer, afl support (#6625)

Browse Source 
* Add AFL third_party libraries

* add beacon state fuzzing, add afl fuzz bundle

* rm fuzzing engine

* fix and lint

* Check for array out of bounds when calculating proposer delta

* failing test

* fix

* Checkpoint progress

* Add requirement that inclusion distance is not zero, add regression test

* No need for HTR since that is covered in process slots

* Removing some fuzzit logic, old fuzz tests

* Add ssz encoder test and fix

* Fuzzing checkpoint, adding fuzzing to the p2p layer

* ignore some libfuzzer files

* Full testing of p2p processing of blocks, with some mocked stuff

* use tmpdir and always process blocks

* use checkptr

* Update ethereumapis

* go mod tidy

* benchmarks for ferran's fast ssz hash tree root

* Update fastssz

* fmt

* gaz

* goimports

* Fix

* fix ethereumapis

* fix again

* kafka

* fix gen file

* fix compute signing root

* gofmt

* checkpoint progress

* progress

* checkpoint

* updates

* updates

* merge fix

* WIP

* merge

* fix build

* fix merge related issues

* cleanup

* revert unrelated

* lint

* lint

* lint

* manual tags for fuzz

* Commentary on upload script

* some import fixes, but not all

* fix //fuzz:fuzz_tests

* rm unused test

* update generated ssz

* Set // +build libfuzzer

* remove debug code

* A bit of refactoring ot explain why there is a committee_disabled file

Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com>
This commit is contained in:
Preston Van Loon
2020-09-14 13:42:08 -05:00
committed by GitHub
parent e477df321c
commit cebb62997d
55 changed files with 11761 additions and 883 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tools/go/def.bzl
View File

@@ -8,7 +8,7 @@ def go_library(name, **kwargs):
go_goopts = kwargs["gc_goopts"]
gc_goopts += select({
"@prysm//tools/go:libfuzz_enabled": ["-d=libfuzzer"],
"@prysm//tools/go:libfuzz_enabled": ["-d=libfuzzer,checkptr"],
"//conditions:default": [],
})

103
tools/go/fuzz.bzl
View File

@@ -38,7 +38,7 @@ func main() {
def _gen_fuzz_main_impl(ctx):
if ctx.var.get("gotags") != "libfuzzer":
fail("gotags must be set to libfuzzer. Use --config=fuzz or --config=fuzzit.")
if ctx.var.get("gc_goopts") != "-d=libfuzzer":
if "libfuzzer" not in ctx.var.get("gc_goopts"):
fail("gc_goopts must be set to -d=libfuzzer. Use --config=fuzz or --config=fuzzit.")
pkg = ctx.attr.target_pkg
@@ -57,6 +57,40 @@ gen_fuzz_main = rule(
},
)
fuzzer_options_tpl = """[libfuzzer]
max_len=%d
"""
def _generate_libfuzzer_config(ctx):
output_file_name = ctx.label.name + ".options"
output = fuzzer_options_tpl % (
ctx.attr.max_len,
)
output_file = ctx.actions.declare_file(output_file_name)
ctx.actions.write(output_file, output)
return [DefaultInfo(files = depset([output_file]))]
gen_libfuzzer_config = rule(
implementation = _generate_libfuzzer_config,
attrs = {
"max_len": attr.int(default = 0),
},
)
def _upload_to_gcp_impl(ctx):
return [
DefaultInfo(),
]
upload_to_gcp = rule(
implementation = _upload_to_gcp_impl,
attrs = {
"gcp_bucket": attr.string(mandatory = True),
"libfuzzer_bundle": attr.label(mandatory = True),
"afl_bundle": attr.label(mandatory = True),
},
)
def go_fuzz_test(
name,
corpus,
@@ -64,7 +98,8 @@ def go_fuzz_test(
importpath,
func = "Fuzz",
repository = "",
input_size = 0,
max_len = 0,
gcp_bucket = "gs://builds.prysmaticlabs.appspot.com",
size = "medium",
tags = [],
**kwargs):
@@ -85,6 +120,10 @@ def go_fuzz_test(
testonly = 1,
visibility = ["//visibility:private"],
)
gen_libfuzzer_config(
name = name + "_options",
max_len = max_len,
)
go_binary(
name = name + "_binary",
srcs = [name + "_libfuzz_main"],
@@ -117,13 +156,44 @@ def go_fuzz_test(
corpus_name = corpus
additional_args = []
if input_size > 0:
additional_args += ["-max_len=%s" % input_size]
if max_len > 0:
additional_args += ["-max_len=%s" % max_len]
native.cc_test(
name = name + "_with_afl",
linkopts = [
"-fsanitize=address",
"-fsanitize-coverage=trace-pc-guard",
],
linkstatic = 1,
testonly = 1,
srcs = [":" + name],
deps = [
"@herumi_bls_eth_go_binary//:lib",
"//third_party/afl:fuzzing_engine",
],
tags = ["manual", "fuzzer"] + tags,
)
native.genrule(
name = name + "_afl_bundle",
outs = [name + "_afl_bundle.zip"],
srcs = [
"//third_party/afl:libs",
":" + name + "_with_afl",
],
cmd = "cp $(location :" + name + "_with_afl) fuzzer; $(location @bazel_tools//tools/zip:zipper) cf $@ $(locations //third_party/afl:libs) fuzzer",
tools = [
"@bazel_tools//tools/zip:zipper",
],
testonly = 1,
tags = ["manual"] + tags,
)
native.cc_test(
name = name + "_with_libfuzzer",
linkopts = ["-fsanitize=fuzzer,address"],
copts = ["-fsantize=fuzzer,address"],
copts = ["-fsanitize=fuzzer,address"],
linkstatic = 1,
testonly = 1,
srcs = [":" + name],
@@ -138,3 +208,26 @@ def go_fuzz_test(
data = [corpus_name],
timeout = "eternal",
)
native.genrule(
name = name + "_libfuzzer_bundle",
outs = [name + "_libfuzzer_bundle.zip"],
srcs = [
":" + name + "_with_libfuzzer",
":" + name + "_options",
],
cmd = "cp $(location :" + name + "_with_libfuzzer) fuzzer; " +
"cp $(location :" + name + "_options) fuzzer.options; " +
"$(location @bazel_tools//tools/zip:zipper) cf $@ fuzzer fuzzer.options",
tools = ["@bazel_tools//tools/zip:zipper"],
testonly = 1,
tags = ["manual"] + tags,
)
upload_to_gcp(
name = name + "_uploader",
gcp_bucket = gcp_bucket,
afl_bundle = ":" + name + "_afl_bundle",
libfuzzer_bundle = ":" + name + "_libfuzzer_bundle",
tags = ["manual"] + tags,
)