1#!/bin/bash -eu 2# Copyright 2021 Google LLC 3# 4# Licensed under the Apache License, Version 2.0 (the "License"); 5# you may not use this file except in compliance with the License. 6# You may obtain a copy of the License at 7# 8# http://www.apache.org/licenses/LICENSE-2.0 9# 10# Unless required by applicable law or agreed to in writing, software 11# distributed under the License is distributed on an "AS IS" BASIS, 12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13# See the License for the specific language governing permissions and 14# limitations under the License. 15# 16################################################################################ 17 18cp standalone.gclient .gclient 19gclient sync 20 21mkdir -p out/Debug 22pushd out/Debug 23 24# ubsan's vptr sanitization is desabled as it requires RTTI, which is disabled 25# when building tint. 26CFLAGS="$CFLAGS -fno-sanitize=vptr" \ 27CXXFLAGS="$CXXFLAGS -fno-sanitize=vptr" \ 28cmake -GNinja ../.. -DCMAKE_BUILD_TYPE=Release -DTINT_BUILD_FUZZERS=ON -DTINT_BUILD_SPIRV_TOOLS_FUZZER=ON -DTINT_BUILD_TESTS=OFF -DTINT_LIB_FUZZING_ENGINE_LINK_OPTIONS=$LIB_FUZZING_ENGINE 29 30if [ -n "${OSS_FUZZ_CI-}" ] 31then 32 # When running in the CI, restrict to a small number of fuzz targets to save 33 # time and disk space. A SPIR-V Tools-based fuzzer that uses the HLSL 34 # back-end, and a regular fuzzer that uses the MSL back-end, are selected. 35 SPIRV_TOOLS_FUZZERS="tint_spirv_tools_hlsl_writer_fuzzer" 36 SPIRV_FUZZERS="tint_spv_reader_msl_writer_fuzzer\ 37 ${SPIRV_TOOLS_FUZZERS}" 38else 39 SPIRV_TOOLS_FUZZERS="tint_spirv_tools_hlsl_writer_fuzzer\ 40 tint_spirv_tools_msl_writer_fuzzer\ 41 tint_spirv_tools_spv_writer_fuzzer\ 42 tint_spirv_tools_wgsl_writer_fuzzer" 43 SPIRV_FUZZERS="tint_spv_reader_hlsl_writer_fuzzer\ 44 tint_spv_reader_msl_writer_fuzzer\ 45 tint_spv_reader_spv_writer_fuzzer\ 46 tint_spv_reader_wgsl_writer_fuzzer\ 47 ${SPIRV_TOOLS_FUZZERS}" 48fi 49 50# The spirv-as tool is used to build seed corpora 51ninja ${SPIRV_FUZZERS} 52 53cp ${SPIRV_FUZZERS} $OUT 54 55popd 56 57# An un-instrumented build of spirv-as is used to generate a corpus of SPIR-V binaries. 58mkdir -p out/Standard 59pushd out/Standard 60 61# Back-up instrumentation options 62CFLAGS_SAVE="$CFLAGS" 63CXXFLAGS_SAVE="$CXXFLAGS" 64unset CFLAGS 65unset CXXFLAGS 66export AFL_NOOPT=1 67 68cmake -GNinja ../.. -DCMAKE_BUILD_TYPE=Release 69ninja spirv-as 70 71# Restore instrumentation options 72export CFLAGS="${CFLAGS_SAVE}" 73export CXXFLAGS="${CXXFLAGS_SAVE}" 74unset AFL_NOOPT 75 76popd 77 78# Generate a corpus of SPIR-V binaries from the SPIR-V assembly files in the 79# tint repository. 80mkdir $WORK/spirv-corpus 81python3 fuzzers/generate_spirv_corpus.py test $WORK/spirv-corpus out/Standard/spirv-as 82 83mkdir $WORK/spirv-corpus-hashed-names 84for f in `ls $WORK/spirv-corpus/*.spv` 85do 86 hashed_name=$(sha1sum "$f" | awk '{print $1}') 87 cp $f $WORK/spirv-corpus-hashed-names/$hashed_name 88done 89 90zip -j "$WORK/seed_corpus.zip" "$WORK"/spirv-corpus-hashed-names/* 91 92for fuzzer in $SPIRV_FUZZERS 93do 94 cp "$WORK/seed_corpus.zip" "$OUT/${fuzzer}_seed_corpus.zip" 95done 96 97for fuzzer in $SPIRV_TOOLS_FUZZERS 98do 99 echo "[libfuzzer] 100max_len = 10000 101cross_over = 0 102mutate_depth = 1 103tint_enable_all_mutations = false 104tint_mutation_batch_size = 5 105" > "$OUT/${fuzzer}.options" 106done 107