RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-29 02:27:35 +00:00
Code Issues Activity Actions

Lagom: Add two-stage build for Fuzzers to enable fuzzing generated code

Browse source 
This allows us to fuzz the generated unicode and timezone database
helpers, and to fuzz things like LibJS using Fuzzilli to get proper
coverage of our unicode handling code.

Update the Azure CI to use the new two-stage build as well, and cleanup
some unused CMake options there.
This commit is contained in:
Andrew Kaster 2022-02-19 16:09:40 -07:00 committed by Linus Groh
parent bfa4bc6f2d
commit 0c95d9962c
4 changed files with 129 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

18
Meta/Lagom/ReadMe.md
View file

@ -14,22 +14,32 @@ Lagom can be used to fuzz parts of SerenityOS's code base. Fuzzers can be run lo
### Fuzzing locally
Lagom can be used to fuzz parts of SerenityOS's code base. This requires building with `clang`, so it's convenient to use a different build directory for that. Fuzzers work best with Address Sanitizer enabled. Run CMake like this:
Lagom can be used to fuzz parts of SerenityOS's code base. This requires building with `clang`, so it's convenient to use a different build directory for that. Fuzzers work best with Address Sanitizer enabled. The fuzzer build requires code generators to be pre-built without fuzzing in a two stage build. To build with LLVM's libFuzzer, invoke
the ``BuildFuzzers.sh`` script with no arguments. The script does the equivalent of the CMake commands below:
# From the root of the SerenityOS checkout:
cmake -GNinja -S Meta/Lagom -B Build/lagom-fuzzers \
```sh
# From the Meta/Lagom directory:
# Stage 1: Build and install code generators and other tools
cmake -GNinja -B Build/tools \
-DBUILD_LAGOM=OFF \
-DCMAKE_INSTALL_PREFIX=Build/tool-install
ninja -C Build/tools install
# Stage 2: Build fuzzers, making sure the build can find the tools we just built
cmake -GNinja -B Build/lagom-fuzzers \
-DBUILD_LAGOM=ON \
-DENABLE_FUZZER_SANITIZER=ON \
-DENABLE_ADDRESS_SANITIZER=ON \
-DENABLE_UNDEFINED_SANITIZER=ON \
-DCMAKE_PREFIX_PATH=Build/tool-install \
-DCMAKE_CXX_COMPILER=clang++ \
-DCMAKE_C_COMPILER=clang
cd Build/lagom-fuzzers
ninja
# Or as a handy rebuild-rerun line:
ninja FuzzJs && ./Fuzzers/FuzzJs
```
(Note that we require clang >= 12, so depending on your package manager you may need to specify `clang++-12` and `clang-12` instead.)
(Note that we require clang >= 13, see the pick_clang() function in the script for the paths that are searched)
Any fuzzing results (particularly slow inputs, crashes, etc.) will be dropped in the current directory.