DRAFT: Test/fuzzy format

.github/workflows/ci.yml

@@ -241,8 +241,22 @@ jobs:
       - name: Size-Coverage
         run: cmake --build build -t size-coverage
 
-#      - name: Coveralls - Doesn't work.
-#        uses: coverallsapp/github-action@master
-#        with:
-#          github-token: ${{ secrets.GITHUB_TOKEN }}
-#          path-to-lcov: build/test/size_test/size-coverage.info
+  #      - name: Coveralls - Doesn't work.
+  #        uses: coverallsapp/github-action@master
+  #        with:
+  #          github-token: ${{ secrets.GITHUB_TOKEN }}
+  #          path-to-lcov: build/test/size_test/size-coverage.info
+
+  fuzzing:
+    runs-on: ubuntu-22.04
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install AFL++
+        run: |
+          sudo apt update && sudo apt install -y afl++
+
+      - name: Build format fuzzing
+        working-directory: test/fuzzing/format
+        run: make

README.md

@@ -2,7 +2,8 @@
 
 [![Continuous Integration](https://github.com/Viatorus/emio/actions/workflows/ci.yml/badge.svg)](https://github.com/Viatorus/emio/actions/workflows/ci.yml)
 [![codecov](https://codecov.io/gh/Viatorus/emio/branch/main/graph/badge.svg?token=7BQFK1PNLX)](https://codecov.io/gh/Viatorus/emio)
-![Conan Center](https://img.shields.io/conan/v/emio)
+[![fuzzing](https://img.shields.io/badge/AFL++-fuzzing-green)](https://github.com/Viatorus/emio/tree/test/fuzzy_format/test/fuzzing)
+[![Conan Center](https://img.shields.io/conan/v/emio)](https://conan.io/center/recipes/emio)
 
 **em{io}** is a safe and fast high-level and low-level character input/output library for bare-metal and RTOS based
 embedded systems with a very small binary footprint.

test/fuzzy/dragon4/.gitignore → test/fuzzing/dragon4/.gitignore

@@ -1,2 +1,2 @@
-bin
+build
 output

test/fuzzing/dragon4/CMakeLists.txt

@@ -0,0 +1,12 @@
+cmake_minimum_required(VERSION 3.14)
+
+project(emio-fuzzing-dragon4)
+
+add_executable(dragon4-fuzzer
+        main.cpp
+        )
+
+target_include_directories(dragon4-fuzzer PRIVATE ../../../include)
+target_compile_features(dragon4-fuzzer PRIVATE cxx_std_20)
+target_compile_definitions(dragon4-fuzzer PRIVATE -DEMIO_ENABLE_DEV_ASSERT)
+target_link_libraries(dragon4-fuzzer PRIVATE ${CMAKE_SOURCE_DIR}/build/lib/librust_ref.so)

test/fuzzing/dragon4/Makefile

@@ -0,0 +1,46 @@
+.DEFAULT_GOAL := build-all
+
+export CC := afl-clang
+export CXX := afl-clang++
+
+build-all:
+	$(MAKE) build-harden
+	$(MAKE) build-asan
+	$(MAKE) build-msan
+
+.build-rust:
+	cargo build --manifest-path rust_ref/Cargo.toml -Z unstable-options $(RUSTARGS) --out-dir build/lib/ --release
+
+.build-cpp:
+	cmake . -B build/$(TARGET) -DCMAKE_BUILD_TYPE=Release
+	cmake --build build/$(TARGET)
+
+.fuzzy:
+	LD_LIBRARY_PATH=build/lib/ AFL_BENCH_UNTIL_CRASH=1 afl-fuzz -i seeds/ -o output/ -D  -- ./build/$(TARGET)/dragon4-fuzzer
+
+build-harden: TARGET=harden
+build-harden: export AFL_HARDEN=1
+build-harden: .build-rust .build-cpp
+
+build-asan: TARGET=asan
+build-asan: export AFL_USE_ASAN=1
+build-asan: .build-rust .build-cpp
+
+build-msan: TARGET=msan
+build-msan: export AFL_USE_MSAN=1
+build-msan: export RUSTFLAGS=-Zsanitizer=memory -Zsanitizer-memory-track-origins
+build-msan: export RUSTARGS=-Z build-std --target x86_64-unknown-linux-gnu
+build-msan: .build-rust .build-cpp
+
+fuzzy-msan: TARGET=msan
+fuzzy-msan: .fuzzy
+
+fuzzy-asan: TARGET=asan
+fuzzy-asan: .fuzzy
+
+fuzzy-harden: TARGET=harden
+fuzzy-harden: .fuzzy
+
+all-harden: build-harden fuzzy-harden
+all-asan: build-asan fuzzy-asan
+all-msan: build-msan fuzzy-msan

test/fuzzing/format/.gitignore

@@ -0,0 +1,2 @@
+build
+output

test/fuzzing/format/CMakeLists.txt

@@ -0,0 +1,11 @@
+cmake_minimum_required(VERSION 3.14)
+
+project(emio-fuzzing-format)
+
+add_executable(format-fuzzer
+        main.cpp
+        )
+
+target_include_directories(format-fuzzer PRIVATE ../../../include)
+target_compile_features(format-fuzzer PRIVATE cxx_std_20)
+target_compile_definitions(format-fuzzer PRIVATE -DEMIO_ENABLE_DEV_ASSERT)

test/fuzzing/format/Makefile

@@ -0,0 +1,41 @@
+.DEFAULT_GOAL := build-all
+
+export CC := afl-clang
+export CXX := afl-clang++
+
+build-all:
+	$(MAKE) build-harden
+	$(MAKE) build-asan
+	$(MAKE) build-msan
+
+.build-cpp:
+	cmake . -B build/$(TARGET) -DCMAKE_BUILD_TYPE=Release
+	cmake --build build/$(TARGET)
+
+.fuzzy:
+	LD_LIBRARY_PATH=build/lib/ AFL_BENCH_UNTIL_CRASH=1 afl-fuzz -i seeds/ -o output/ -D  -- ./build/$(TARGET)/format-fuzzer
+
+build-harden: TARGET=harden
+build-harden: export AFL_HARDEN=1
+build-harden: .build-cpp
+
+build-asan: TARGET=asan
+build-asan: export AFL_USE_ASAN=1
+build-asan: .build-cpp
+
+build-msan: TARGET=msan
+build-msan: export AFL_USE_MSAN=1
+build-msan: .build-cpp
+
+fuzzy-msan: TARGET=msan
+fuzzy-msan: .fuzzy
+
+fuzzy-asan: TARGET=asan
+fuzzy-asan: .fuzzy
+
+fuzzy-harden: TARGET=harden
+fuzzy-harden: .fuzzy
+
+all-harden: build-harden fuzzy-harden
+all-asan: build-asan fuzzy-asan
+all-msan: build-msan fuzzy-msan

test/fuzzing/format/main.cpp

@@ -0,0 +1,73 @@
+#include <climits>
+
+#include "emio/emio.hpp"
+
+extern "C" {
+#include <unistd.h>
+}
+
+#ifndef __AFL_INIT
+#  define __AFL_INIT() \
+    int _i_ = 0;       \
+    read(0, &x, 8);
+#  define __AFL_FUZZ_INIT() double x{};
+#  define __AFL_FUZZ_TESTCASE_BUF &x
+#  define __AFL_LOOP(...) _i_++ == 0
+#  define __AFL_FUZZ_TESTCASE_LEN 8
+#endif
+
+namespace {
+
+constexpr std::tuple<bool, int32_t, int64_t, uint32_t, uint64_t, char, std::string_view, double, double> combinations =
+    {true, 4589, 4986498846, 176598, 985486, 'y', "gneqo nvqoqno", 1.59879, std::numeric_limits<double>::infinity()};
+
+template <typename... Args>
+void format(emio::runtime_string format_string, Args&&... args) {
+  static_cast<void>(emio::format(format_string, args...));
+  if constexpr (sizeof...(Args) < 3) {  // Unpack tuple 3 times.
+    std::apply(
+        [&](auto... arg) {
+          (..., format(format_string, args..., arg));
+        },
+        combinations);
+  }
+}
+
+template <typename Arg>
+void random_format(emio::runtime_string format_string, int64_t storage, Arg arg) {
+  if constexpr (std::is_same_v<Arg, std::string_view>) {
+    arg = format_string.view();
+  } else {
+    memcpy(&arg, &storage, sizeof(Arg));
+  }
+  format(format_string, arg);
+}
+
+}  // namespace
+
+__AFL_FUZZ_INIT();
+
+int main() {
+  __AFL_INIT();
+  const char* buf = (const char*)__AFL_FUZZ_TESTCASE_BUF;
+
+  while (__AFL_LOOP(INT_MAX)) {
+    size_t len = __AFL_FUZZ_TESTCASE_LEN;
+
+    std::string_view str{buf, len};
+    auto format_string = emio::runtime(str);
+    static_cast<void>(emio::format(format_string));
+
+    // Random arg.
+    int64_t arg_storage{};
+    memcpy(&arg_storage, buf, std::min(sizeof(int64_t), len));
+
+    std::apply(
+        [&](auto... arg) {
+          (..., random_format(format_string, arg_storage, arg));
+        },
+        combinations);
+  }
+
+  return 0;
+}

test/fuzzing/format/seeds/test1

@@ -0,0 +1 @@
+{}

test/fuzzing/format/seeds/test2

@@ -0,0 +1 @@
+{:x}

test/fuzzing/format/seeds/test3

@@ -0,0 +1 @@
+{:.5} {}

test/fuzzing/format/seeds/test4

@@ -0,0 +1 @@
+{:a>5}

test/fuzzing/format/seeds/test5

@@ -0,0 +1 @@
+ {} {:+#o} {}

test/fuzzing/format/seeds/test6

@@ -0,0 +1 @@
+ {} {} {}

test/fuzzing/format/seeds/test7

@@ -0,0 +1 @@
+ {:f} {:e} {:g}