[thirdparty/systemd.git] / travis-ci / managers / fuzzit.sh

#!/bin/bash

set -e
set -x
set -u

# This should help to protect the systemd organization on Fuzzit from forks
# that are activated on Travis CI.
[[ "$TRAVIS_REPO_SLUG" = "systemd/systemd" ]] || exit 0

REPO_ROOT=${REPO_ROOT:-$(pwd)}

sudo bash -c "echo 'deb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted universe multiverse' >>/etc/apt/sources.list"
sudo apt-get update -y
sudo apt-get build-dep systemd -y
sudo apt-get install -y python3-pip python3-setuptools
# The following should be dropped when debian packaging has been updated to include them
sudo apt-get install -y libfdisk-dev libp11-kit-dev libssl-dev libpwquality-dev
pip3 install ninja meson

cd $REPO_ROOT
export PATH="$HOME/.local/bin/:$PATH"

# We use a subset of https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html#available-checks instead of "undefined"
# because our fuzzers crash with "pointer-overflow" and "float-cast-overflow":
# https://github.com/systemd/systemd/pull/12771#issuecomment-502139157
# https://github.com/systemd/systemd/pull/12812#issuecomment-502780455
# TODO: figure out what to do about unsigned-integer-overflow: https://github.com/google/oss-fuzz/issues/910
export SANITIZER="address -fsanitize=alignment,array-bounds,bool,bounds,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,nonnull-attribute,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,unsigned-integer-overflow,vla-bound,vptr -fno-sanitize-recover=alignment,array-bounds,bool,bounds,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,nonnull-attribute,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr"
tools/oss-fuzz.sh

FUZZING_TYPE=${1:-regression}
if [ "$TRAVIS_PULL_REQUEST" = "false" ]; then
    FUZZIT_BRANCH="${TRAVIS_BRANCH}"
else
    FUZZIT_BRANCH="PR-${TRAVIS_PULL_REQUEST}"
fi

# Because we want Fuzzit to run on every pull-request and Travis/Azure doesn't support encrypted keys
# on pull-request we use a write-only key which is ok for now. maybe there will be a better solution in the future
export FUZZIT_API_KEY=af6992074353998676713818cc6435ef4a750439932dab58b51e9354d6742c54d740a3cd9fc1fc001db82f51734a24bc
FUZZIT_ADDITIONAL_FILES="./out/src/shared/libsystemd-shared-*.so"

# ASan options are borrowed almost verbatim from OSS-Fuzz
ASAN_OPTIONS=redzone=32:print_summary=1:handle_sigill=1:allocator_release_to_os_interval_ms=500:print_suppressions=0:strict_memcmp=1:allow_user_segv_handler=0:allocator_may_return_null=1:use_sigaltstack=1:handle_sigfpe=1:handle_sigbus=1:detect_stack_use_after_return=1:alloc_dealloc_mismatch=0:detect_leaks=1:print_scariness=1:max_uar_stack_size_log=16:handle_abort=1:check_malloc_usable_size=0:quarantine_size_mb=64:detect_odr_violation=0:handle_segv=1:fast_unwind_on_fatal=0
UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1:silence_unsigned_overflow=1
FUZZIT_ARGS="--type ${FUZZING_TYPE} --branch ${FUZZIT_BRANCH} --revision ${TRAVIS_COMMIT} -e ASAN_OPTIONS=${ASAN_OPTIONS} -e UBSAN_OPTIONS=${UBSAN_OPTIONS}"
wget -O fuzzit https://github.com/fuzzitdev/fuzzit/releases/latest/download/fuzzit_Linux_x86_64
chmod +x fuzzit

# Simple wrapper which retries given command up to three times if it fails
_retry() {
    local EC=1

    for _ in {0..2}; do
        if "$@"; then
            EC=0
            break
        fi

        sleep 1
    done

    return $EC
}

find out/ -maxdepth 1 -name 'fuzz-*' -executable -type f -exec basename '{}' \; | while read -r fuzzer; do
    _retry ./fuzzit create job ${FUZZIT_ARGS} ${fuzzer}-asan-ubsan out/${fuzzer} ${FUZZIT_ADDITIONAL_FILES}
done

export SANITIZER="memory -fsanitize-memory-track-origins"
FUZZIT_ARGS="--type ${FUZZING_TYPE} --branch ${FUZZIT_BRANCH} --revision ${TRAVIS_COMMIT}"
tools/oss-fuzz.sh

find out/ -maxdepth 1 -name 'fuzz-*' -executable -type f -exec basename '{}' \; | while read -r fuzzer; do
    _retry ./fuzzit create job ${FUZZIT_ARGS} ${fuzzer}-msan out/${fuzzer} ${FUZZIT_ADDITIONAL_FILES}
done
Commit	Line	Data
53a42e62 JP	1	#!/bin/bash
	2
	3	set -e
	4	set -x
	5	set -u
	6
64d0f704 EV	7	# This should help to protect the systemd organization on Fuzzit from forks
	8	# that are activated on Travis CI.
	9	[[ "$TRAVIS_REPO_SLUG" = "systemd/systemd" ]] \|\| exit 0
	10
53a42e62 JP	11	REPO_ROOT=${REPO_ROOT:-$(pwd)}
	12
	13	sudo bash -c "echo 'deb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted universe multiverse' >>/etc/apt/sources.list"
	14	sudo apt-get update -y
	15	sudo apt-get build-dep systemd -y
c4ae2704	16	sudo apt-get install -y python3-pip python3-setuptools
e65f29b4	17	# The following should be dropped when debian packaging has been updated to include them
0edd431e	18	sudo apt-get install -y libfdisk-dev libp11-kit-dev libssl-dev libpwquality-dev
c4ae2704	19	pip3 install ninja meson
53a42e62 JP	20
	21	cd $REPO_ROOT
	22	export PATH="$HOME/.local/bin/:$PATH"
5057d73b EV	23
5057d73b EV	24	# We use a subset of https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html#available-checks instead of "undefined"
0772b11c	25	# because our fuzzers crash with "pointer-overflow" and "float-cast-overflow":
28025ba8 EV	26	# https://github.com/systemd/systemd/pull/12771#issuecomment-502139157
28025ba8 EV	27	# https://github.com/systemd/systemd/pull/12812#issuecomment-502780455
5057d73b	28	# TODO: figure out what to do about unsigned-integer-overflow: https://github.com/google/oss-fuzz/issues/910
0772b11c	29	export SANITIZER="address -fsanitize=alignment,array-bounds,bool,bounds,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,nonnull-attribute,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,unsigned-integer-overflow,vla-bound,vptr -fno-sanitize-recover=alignment,array-bounds,bool,bounds,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,nonnull-attribute,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr"
53a42e62 JP	30	tools/oss-fuzz.sh
53a42e62 JP	31
20c9c29c	32	FUZZING_TYPE=${1:-regression}
53a42e62	33	if [ "$TRAVIS_PULL_REQUEST" = "false" ]; then
b5e1f0bd	34	FUZZIT_BRANCH="${TRAVIS_BRANCH}"
53a42e62	35	else
b5e1f0bd	36	FUZZIT_BRANCH="PR-${TRAVIS_PULL_REQUEST}"
53a42e62 JP	37	fi
53a42e62 JP	38
86b52a39	39	# Because we want Fuzzit to run on every pull-request and Travis/Azure doesn't support encrypted keys
53a42e62	40	# on pull-request we use a write-only key which is ok for now. maybe there will be a better solution in the future
807f9a17	41	export FUZZIT_API_KEY=af6992074353998676713818cc6435ef4a750439932dab58b51e9354d6742c54d740a3cd9fc1fc001db82f51734a24bc
81f33199	42	FUZZIT_ADDITIONAL_FILES="./out/src/shared/libsystemd-shared-*.so"
f789e0b4 EV	43
	44	# ASan options are borrowed almost verbatim from OSS-Fuzz
	45	ASAN_OPTIONS=redzone=32:print_summary=1:handle_sigill=1:allocator_release_to_os_interval_ms=500:print_suppressions=0:strict_memcmp=1:allow_user_segv_handler=0:allocator_may_return_null=1:use_sigaltstack=1:handle_sigfpe=1:handle_sigbus=1:detect_stack_use_after_return=1:alloc_dealloc_mismatch=0:detect_leaks=1:print_scariness=1:max_uar_stack_size_log=16:handle_abort=1:check_malloc_usable_size=0:quarantine_size_mb=64:detect_odr_violation=0:handle_segv=1:fast_unwind_on_fatal=0
b5e1f0bd	46	UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1:silence_unsigned_overflow=1
20c9c29c EV	47	FUZZIT_ARGS="--type ${FUZZING_TYPE} --branch ${FUZZIT_BRANCH} --revision ${TRAVIS_COMMIT} -e ASAN_OPTIONS=${ASAN_OPTIONS} -e UBSAN_OPTIONS=${UBSAN_OPTIONS}"
20c9c29c EV	48	wget -O fuzzit https://github.com/fuzzitdev/fuzzit/releases/latest/download/fuzzit_Linux_x86_64
53a42e62 JP	49	chmod +x fuzzit
53a42e62 JP	50
a8af7f6a FS	51	# Simple wrapper which retries given command up to three times if it fails
	52	_retry() {
	53	local EC=1
	54
	55	for _ in {0..2}; do
	56	if "$@"; then
	57	EC=0
	58	break
	59	fi
	60
	61	sleep 1
	62	done
	63
	64	return $EC
	65	}
	66
	67	find out/ -maxdepth 1 -name 'fuzz-*' -executable -type f -exec basename '{}' \; \| while read -r fuzzer; do
	68	_retry ./fuzzit create job ${FUZZIT_ARGS} ${fuzzer}-asan-ubsan out/${fuzzer} ${FUZZIT_ADDITIONAL_FILES}
	69	done
688b142d	70
d4d74d0f	71	export SANITIZER="memory -fsanitize-memory-track-origins"
688b142d EV	72	FUZZIT_ARGS="--type ${FUZZING_TYPE} --branch ${FUZZIT_BRANCH} --revision ${TRAVIS_COMMIT}"
	73	tools/oss-fuzz.sh
	74
a8af7f6a FS	75	find out/ -maxdepth 1 -name 'fuzz-*' -executable -type f -exec basename '{}' \; \| while read -r fuzzer; do
	76	_retry ./fuzzit create job ${FUZZIT_ARGS} ${fuzzer}-msan out/${fuzzer} ${FUZZIT_ADDITIONAL_FILES}
	77	done