.github/workflows/fuzz-checker.yml

   1 name: Fuzz-checker CI
   2
   3 on: [push]
   4
   5 jobs:
   6   fuzz-checker:
   7     strategy:
   8       fail-fast: false
   9       matrix:
  10         fuzzy: [
  11           {
  12             name: AFL,
  13             config: enable-fuzz-afl no-module,
  14             install: afl++-clang,
  15             cc: afl-clang-fast
  16           }, {
  17             name: libFuzzer,
  18             config: enable-fuzz-libfuzzer -DPEDANTIC enable-asan enable-ubsan,
  19             libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/lib/llvm-12/build/lib/clang/12.0.0/include/fuzzer,
  20             install: libfuzzer-12-dev,
  21             cc: clang-12,
  22             linker: clang++-12,
  23             tests: -test_memleak
  24           }, {
  25             name: libFuzzer+,
  26             config: enable-fuzz-libfuzzer -DPEDANTIC enable-asan enable-ubsan -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION,
  27             libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/lib/llvm-12/build/lib/clang/12.0.0/include/fuzzer,
  28             extra: enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg,
  29             install: libfuzzer-12-dev,
  30             cc: clang-12,
  31             linker: clang++-12,
  32             tests: -test_memleak
  33           }
  34         ]
  35     runs-on: ubuntu-latest
  36     steps:
  37     - name: install packages
  38       run: |
  39         sudo apt-get update
  40         sudo apt-get -yq --force-yes install ${{ matrix.fuzzy.install }}
  41     - uses: actions/checkout@v2
  42
  43     - name: config
  44       run: |
  45         CC=${{ matrix.fuzzy.cc }} ./config --banner=Configured no-shared \
  46             ${{ matrix.fuzzy.config }} ${{ matrix.fuzzy.libs }} ${{ matrix.fuzzy.extra }}
  47
  48     - name: config dump
  49       run: ./configdata.pm --dump
  50     - name: make with explicit linker
  51       if: matrix.fuzzy.linker != ''
  52       run: LDCMD=${{ matrix.fuzzy.linker }} make -s -j4
  53     - name: make sans explicit linker
  54       if: matrix.fuzzy.linker == ''
  55       run: make -s -j4
  56     - name: make test restricted
  57       if: matrix.fuzzy.tests != ''
  58       run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} TESTS="${{ matrix.fuzzy.tests }}"
  59     - name: make test all
  60       if: matrix.fuzzy.tests == ''
  61       run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}