Update docs and CI/CD

Signed-off-by: Dave Thaler <dthaler@microsoft.com>
microsoft · May 27, 2022 · a990040 · a990040
1 parent 7bb82ee
commit a990040
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 4 deletions.
diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
@@ -58,7 +58,7 @@ jobs:
       build_artifact: Build-x64-fuzzer
       cxx_flags: /fsanitize-coverage=inline-bool-flag /fsanitize-coverage=edge /fsanitize-coverage=trace-cmp /fsanitize-coverage=trace-div /ZH:SHA_256
       ld_flags: '"clang_rt.fuzzer_MD-x86_64.lib" "libsancov.lib"'
-      build_options: /p:Fuzzer='True' /t:tests\libfuzzer\execution_context_fuzzer /t:tests\libfuzzer\bpf2c_fuzzer /t:tests\libfuzzer\verifier_fuzzer
+      build_options: /p:Fuzzer='True' /t:tests\libfuzzer\execution_context_fuzzer /t:tests\libfuzzer\bpf2c_fuzzer /t:tests\libfuzzer\verifier_fuzzer /t:tests\libfuzzer\core_helper_fuzzer
 
   # Run the unit tests in GitHub.
   unit_tests:
@@ -152,6 +152,20 @@ jobs:
       code_coverage: false
       gather_dumps: true
 
+  # Run the libfuzzer tests in GitHub.
+  fuzzing:
+    needs: libfuzzer
+    # Always run this job.
+    if: github.event_name == 'schedule' || github.event_name == 'pull_request'
+    uses: ./.github/workflows/reusable-test.yml
+    with:
+      name: fuzzing
+      test_command: core_helper_fuzzer ..\..\tests\libfuzzer\core_helper_fuzzer\corpus -max_len=139 -runs=3000 -use_value_profile=1
+      build_artifact: Build-x64-fuzzer
+      environment: windows-2019
+      code_coverage: false
+      gather_dumps: true
+
   # Run Cilium regression tests in GitHub.
   cilium_tests:
     needs: regular

diff --git a/tests/libfuzzer/README.md b/tests/libfuzzer/README.md
@@ -4,10 +4,20 @@
 [LibFuzzer](https://www.llvm.org/docs/LibFuzzer.html) is an in-process, coverage-guided, evolutionary fuzzing engine. It uses a set of starting data (the corpus)
 to generate new test cases, measures the code-coverage of the new test, and re-combines it form new test cases.
 
+There are now four libFuzzer-based binaries:
+
+* bpf2c_fuzzer
+* core_helper_fuzzer
+* execution_contet_fuzzer
+* verifier_fuzzer
+
 ## Usage
 1) Copy the libFuzzer binary and existing corpus to a test machine (currently only Windows 10 and Server 2019 are supported).
-2) Start the libFuzzer binary, pass the path to the corpus folder, and maximum time to run: ```execution_context_fuzzer.exe execution_context_fuzzer_corpus -use_value_profile=1 -max_total_time=1800```
-3) If the the fuzzer hits an issue, it will display the stack trace and create a file containing the input that triggered the crash.
+2) Start the libFuzzer binary, pass the path to the corpus folder, and maximum time to run:
+  * `execution_context_fuzzer.exe execution_context_fuzzer_corpus -use_value_profile=1 -max_total_time=1800`
+  * `core_helper_fuzzer ..\..\tests\libfuzzer\core_helper_fuzzer\corpus -max_len=139 -runs=3000 -use_value_profile=1`
+  * `verifier_corpus -use_value_profile=1 -max_total_time=1800`
+3) If the fuzzer hits an issue, it will display the stack trace and create a file containing the input that triggered the crash.
 4) Copy any new test cases and check them into the repo.
 
 ## Reproducing a crash
@@ -16,4 +26,4 @@ of the input that caused the crash. To reproduce the crash (for debugging), run
 name in place of the corpus folder.
 
 ## Future
-Once funding is available, we should set up a OneFuzz cluster and have the CI/CD pipeline deploy to it.
+Once funding is available, we should set up a OneFuzz cluster and have the CI/CD pipeline deploy to it.