Revision: 75644
http://sourceforge.net/p/brlcad/code/75644
Author: brlcad
Date: 2020-04-30 05:01:32 +0000 (Thu, 30 Apr 2020)
Log Message:
-----------
added initial patch from Sahil Vaidya that provides a new 'make fuzz' build
target. this adds two new fuzzing tests that rely on llvm/clang's libFuzzer
(aka -fsanitize=fuzzer build option). committing as-is first, then will make
adjustments as needed in following.
Modified Paths:
--------------
brlcad/trunk/regress/CMakeLists.txt
Added Paths:
-----------
brlcad/trunk/regress/fuzz/
brlcad/trunk/regress/fuzz/CMakeLists.txt
brlcad/trunk/regress/fuzz/fuzz_ged.cpp
brlcad/trunk/regress/fuzz/fuzz_test1.cxx
brlcad/trunk/regress/fuzz/run.sh
Modified: brlcad/trunk/regress/CMakeLists.txt
===================================================================
--- brlcad/trunk/regress/CMakeLists.txt 2020-04-30 04:57:35 UTC (rev 75643)
+++ brlcad/trunk/regress/CMakeLists.txt 2020-04-30 05:01:32 UTC (rev 75644)
@@ -51,6 +51,10 @@
# MGED command tests
add_subdirectory(mged)
+# Fuzz tests
+add_subdirectory(fuzz)
+
+
# License check
add_subdirectory(licenses)
Added: brlcad/trunk/regress/fuzz/CMakeLists.txt
===================================================================
--- brlcad/trunk/regress/fuzz/CMakeLists.txt (rev 0)
+++ brlcad/trunk/regress/fuzz/CMakeLists.txt 2020-04-30 05:01:32 UTC (rev
75644)
@@ -0,0 +1,45 @@
+include_directories(${BU_INCLUDE_DIRS},
${CMAKE_CURRENT_SOURCE_DIR}/../../build/include/openNURBS "${ZLIB_INCLUDE_DIRS}"
+ "${REGEX_INCLUDE_DIRS}")
+
+
+# Not sure what this value should be
+#cmake_minimum_required (VERSION 3.10)
+
+# SETTING COMPILER DOES NOT WORK -- NEED TO COMPILE WITH CLANG
+#set(CMAKE_C_COMPILER "/usr/bin/clang")
+#set(CMAKE_CXX_COMPLER "/usr/bin/clang++")
+
+project(fuzz)
+
+
+add_executable(fuzz_test fuzz_ged.cpp)
+target_compile_options(fuzz_test
+ PRIVATE $<$<C_COMPILER_ID:Clang>:-g -O1 -fsanitize=fuzzer>
+ )
+
+target_link_libraries(fuzz_test PUBLIC libbu librt
+ PRIVATE $<$<C_COMPILER_ID:Clang>:-fsanitize=fuzzer>
+ )
+
+
+configure_file(run.sh "${CMAKE_CURRENT_BINARY_DIR}/fuzz" COPYONLY)
+install(PROGRAMS "${CMAKE_CURRENT_BINARY_DIR}/fuzz" DESTINATION ${BIN_DIR})
+configure_file(run.sh ${CMAKE_BINARY_DIR}/bin/fuzz COPYONLY)
+
+#add_test(NAME fuzz COMMAND ${SH_EXEC} ${CMAKE_BINARY_DIR}/bin/fuzz run)
+
+add_custom_target(fuzz
+ COMMAND ${SH_EXEC} ${CMAKE_BINARY_DIR}/bin/fuzz run
+ )
+
+
+#Not sure what this is for
+#CMAKEFILES(CMakeLists.txt)
+
+
+# Local Variables:
+# tab-width: 8
+# mode: cmake
+# indent-tabs-mode: t
+# End:
+# ex: shiftwidth=2 tabstop=8
Property changes on: brlcad/trunk/regress/fuzz/CMakeLists.txt
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: brlcad/trunk/regress/fuzz/fuzz_ged.cpp
===================================================================
--- brlcad/trunk/regress/fuzz/fuzz_ged.cpp (rev 0)
+++ brlcad/trunk/regress/fuzz/fuzz_ged.cpp 2020-04-30 05:01:32 UTC (rev
75644)
@@ -0,0 +1,201 @@
+#include "common.h"
+
+#include "bio.h"
+#include <string>
+#include <vector>
+#include <cassert>
+
+#include "ged.h"
+
+const size_t MAX_ARGS = 5;
+const std::string OUTPUT = "fuzz_ged.g";
+
+
+static size_t getArgc(uint8_t byte) {
+ return (byte % MAX_ARGS) + 1;
+}
+
+
+static const std::string& getCommand(uint8_t byte) {
+ static const std::vector<std::string> commands = {
+ "help",
+ "in",
+ "ls",
+ "tops"
+ };
+
+ return commands[byte % commands.size()];
+}
+
+
+static const std::string& getArg(uint8_t byte) {
+ static const std::vector<std::string> args = {
+ "COMMAND",
+
+ "-a",
+ "-b",
+ "-c",
+ "-d",
+ "-e",
+ "-f",
+ "-g",
+ "-h",
+ "-i",
+ "-j",
+ "-k",
+ "-l",
+ "-m",
+ "-n",
+ "-o",
+ "-p",
+ "-q",
+ "-r",
+ "-s",
+ "-t",
+ "-u",
+ "-v",
+ "-w",
+ "-x",
+ "-y",
+ "-z",
+
+ "a",
+ "b",
+ "c",
+ "x",
+ "y",
+ "z",
+
+ /* auto-extracted using:
+ * grep \", \ \" src/librt/primitives/table.cpp | grep FUNC | cut -f3
-d, | perl -p -0777 -e 's/"\n/", \n/g'
+ */
+
+ "NULL",
+ "tor",
+ "tgc",
+ "ell",
+ "arb8",
+ "ars",
+ "half",
+ "rec",
+ "poly",
+ "bspline",
+ "sph",
+ "nmg",
+ "ebm",
+ "vol",
+ "arbn",
+ "pipe",
+ "part",
+ "rpc",
+ "rhc",
+ "epa",
+ "ehy",
+ "eto",
+ "grip",
+ "joint",
+ "hf",
+ "dsp",
+ "sketch",
+ "extrude",
+ "submodel",
+ "cline",
+ "bot",
+ "comb",
+ "unused1",
+ "binunif",
+ "unused2",
+ "superell",
+ "metaball",
+ "brep",
+ "hyp",
+ "constrnt",
+ "revolve",
+ "pnts",
+ "annot",
+ "hrt",
+ "datum",
+ "script",
+
+ "u",
+ "-",
+ "+",
+
+ "-5",
+ "-4",
+ "-3",
+ "-1",
+ "0",
+ "1",
+ "2",
+ "3",
+ "4",
+ "5",
+
+ "-5.0",
+ "-1.0",
+ "-0.5",
+ "-0.05",
+ "0.0",
+ "0.05",
+ "0.5",
+ "1.0",
+ "5.0"
+ };
+
+ assert(args.size() < UCHAR_MAX);
+
+ size_t idx = byte % args.size();
+ if (idx == 0)
+ return getCommand(byte);
+ return args[idx];
+}
+
+
+static void printCommand(std::vector<std::string> & argv) {
+ std::cout << "Running";
+ for (size_t j = 0; j < argv.size(); j++)
+ std::cout << " " << argv[j];
+ std::cout << std::endl;
+}
+
+
+extern "C" int LLVMFuzzerTestOneInput(const int8_t *data, size_t size) {
+
+ if (size == 0)
+ return 0;
+
+ size_t i = 0;
+ size_t argc = 0;
+
+ if (i < size)
+ argc = getArgc(data[i++]);
+
+ std::vector<std::string> argv;
+ argv.resize(argc+1, "");
+ argv[0] = getCommand(data[i++]);
+
+ for (size_t j = 1; j < argc; j++) {
+ if (i < size) {
+ argv[j] = getArg(data[i++]);
+ } else {
+ /* loop around if we run out of slots */
+ argv[j] = getArg(data[i++ % size]);
+ }
+ }
+
+ printCommand(argv);
+
+ return 0;
+}
+
+
+/*
+ * Local Variables:
+ * mode: C
+ * tab-width: 8
+ * indent-tabs-mode: t
+ * c-file-style: "stroustrup"
+ * End:
+ * ex: shiftwidth=4 tabstop=8
+ */
Property changes on: brlcad/trunk/regress/fuzz/fuzz_ged.cpp
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: brlcad/trunk/regress/fuzz/fuzz_test1.cxx
===================================================================
--- brlcad/trunk/regress/fuzz/fuzz_test1.cxx (rev 0)
+++ brlcad/trunk/regress/fuzz/fuzz_test1.cxx 2020-04-30 05:01:32 UTC (rev
75644)
@@ -0,0 +1,165 @@
+#include "common.h"
+
+#include <stdint.h>
+#include <stddef.h>
+
+#include "raytrace.h"
+#include <unistd.h>
+
+
+int
+fhit(struct application *ap, struct partition *PartHeadp, struct seg
*UNUSED(segs))
+{
+ /* iterating over partitions, this will keep track of the current
+ * partition we're working on.
+ */
+ struct partition *pp;
+
+ /* will serve as a pointer for the entry and exit hitpoints */
+ struct hit *hitp;
+
+ /* will serve as a pointer to the solid primitive we hit */
+ struct soltab *stp;
+
+ /* will contain surface curvature information at the entry */
+ struct curvature cur = RT_CURVATURE_INIT_ZERO;
+
+ /* will contain our hit point coordinate */
+ point_t pt;
+
+
+ /* will contain normal vector where ray enters geometry */
+ vect_t inormal;
+
+ /* will contain normal vector where ray exits geometry */
+ vect_t onormal;
+
+ /* iterate over each partition until we get back to the head.
+ * each partition corresponds to a specific homogeneous region of
+ * material.
+ */
+ for (pp=PartHeadp->pt_forw; pp != PartHeadp; pp = pp->pt_forw) {
+
+ /* entry hit point, so we type less */
+ hitp = pp->pt_inhit;
+
+ /* construct the actual (entry) hit-point from the ray and the
+ * distance to the intersection point (i.e., the 't' value).
+ */
+ VJOIN1(pt, ap->a_ray.r_pt, hitp->hit_dist, ap->a_ray.r_dir);
+
+ /* primitive we encountered on entry */
+ stp = pp->pt_inseg->seg_stp;
+
+ /* compute the normal vector at the entry point, flipping the
+ * normal if necessary.
+ */
+ RT_HIT_NORMAL(inormal, hitp, stp, &(ap->a_ray), pp->pt_inflip);
+
+ /* This next macro fills in the curvature information which
+ * consists on a principle direction vector, and the inverse
+ * radii of curvature along that direction and perpendicular
+ * to it. Positive curvature bends toward the outward
+ * pointing normal.
+ */
+ RT_CURVATURE(&cur, hitp, pp->pt_inflip, stp);
+
+ /* exit point, so we type less */
+ hitp = pp->pt_outhit;
+
+ /* construct the actual (exit) hit-point from the ray and the
+ * distance to the intersection point (i.e., the 't' value).
+ */
+ VJOIN1(pt, ap->a_ray.r_pt, hitp->hit_dist, ap->a_ray.r_dir);
+
+ /* primitive we exited from */
+ stp = pp->pt_outseg->seg_stp;
+
+ /* compute the normal vector at the exit point, flipping the
+ * normal if necessary.
+ */
+ RT_HIT_NORMAL(onormal, hitp, stp, &(ap->a_ray), pp->pt_outflip);
+ }
+
+ /* A more complicated application would probably fill in a new
+ * local application structure and describe, for example, a
+ * reflected or refracted ray, and then call rt_shootray() for
+ * those rays.
+ */
+
+ /* Hit routine callbacks generally return 1 on hit or 0 on miss.
+ * This value is returned by rt_shootray().
+ */
+ return 1;
+}
+
+
+int
+miss(struct application *UNUSED(ap))
+{
+ return 0;
+}
+
+
+extern "C" int LLVMFuzzerTestOneInput(const int8_t *data, size_t size) {
+ if(data == NULL){}
+ if(size == 0){}
+ struct application ap;
+ static struct rt_i *rtip = NULL;
+ struct resource res = RT_RESOURCE_INIT_ZERO;
+ char title[1024] = {0};
+ char cwd[PATH_MAX];
+ if (getcwd(cwd, sizeof(cwd)) != NULL) {
+ printf("Current working dir: %s\n", cwd);
+ } else {
+ perror("getcwd() error");
+ return 1;
+ }
+ const char *file = "../../share/db/moss.g";
+ const char *objs = "all.g";
+
+ rt_init_resource(&res, 1, rtip);
+
+ rtip = rt_dirbuild(file, title, sizeof(title));
+ if (rtip == RTI_NULL) {
+ bu_exit(2, "Building the database directory for [%s] FAILED\n", file);
+ }
+ rt_clean(rtip);
+
+ return 0;
+
+ if (title[0]) {
+ bu_log("Title:\n%s\n", title);
+ }
+ if (rt_gettree(rtip, objs) < 0)
+ bu_exit(2, "Loading the geometry for [%s] FAILED\n", objs);
+
+ rt_prep_parallel(rtip, 1);
+ RT_APPLICATION_INIT(&ap);
+ ap.a_resource = &res;
+ ap.a_rt_i = rtip;
+ ap.a_onehit = 0;
+ ap.a_hit = fhit;
+ ap.a_miss = miss;
+
+ VSET(ap.a_ray.r_pt, 0.0, 0.0, 10000.0);
+ VSET(ap.a_ray.r_dir, 0.0, 0.0, -1.0);
+
+ rt_shootray(&ap);
+
+ rt_clean_resource_complete(rtip, &res);
+ rt_clean(rtip);
+
+ return 0;
+}
+
+
+/*
+ * Local Variables:
+ * mode: C
+ * tab-width: 8
+ * indent-tabs-mode: t
+ * c-file-style: "stroustrup"
+ * End:
+ * ex: shiftwidth=4 tabstop=8
+ */
Property changes on: brlcad/trunk/regress/fuzz/fuzz_test1.cxx
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: brlcad/trunk/regress/fuzz/run.sh
===================================================================
--- brlcad/trunk/regress/fuzz/run.sh (rev 0)
+++ brlcad/trunk/regress/fuzz/run.sh 2020-04-30 05:01:32 UTC (rev 75644)
@@ -0,0 +1,12 @@
+
+
+# save the precious args
+ARGS="$@"
+NAME_OF_THIS="`basename \"$0\"`"
+PATH_TO_THIS="`dirname \"$0\"`"
+THIS="$PATH_TO_THIS/$NAME_OF_THIS"
+
+${PATH_TO_THIS}/fuzz_test
+
+
+echo ${PATH_TO_THIS}
Property changes on: brlcad/trunk/regress/fuzz/run.sh
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/x-sh
\ No newline at end of property
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
_______________________________________________
BRL-CAD Source Commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/brlcad-commits
