cifuzzer: provide fuzzing_engine parameter

It is mildly bad that it is currently impossible
to actually CI all of the builds the oss-fuzz proper will perform,
since only the libfuzzer engine can be "configured".

This makes the engine configurable.
At least the building works, i'm not sure about the rest.

There are most likely things missing here.

I'm also not sure how coverage/introspector builds should be handledm
what should their engine be?

Refs. #13346

Author: LebedevRI

infra/build/functions/build_project.py

@@ -44,7 +44,7 @@
 GCB_EXPERIMENT_LOGS_BUCKET = 'oss-fuzz-gcb-experiment-logs'
 
 DEFAULT_ARCHITECTURES = ['x86_64']
-DEFAULT_ENGINES = ['libfuzzer', 'afl', 'honggfuzz', 'centipede']
+DEFAULT_FUZZING_ENGINES = ['libfuzzer', 'afl', 'honggfuzz', 'centipede']
 DEFAULT_SANITIZERS = ['address', 'undefined']
 
 LATEST_VERSION_FILENAME = 'latest.version'
@@ -218,7 +218,7 @@ def set_yaml_defaults(project_yaml):
   project_yaml.setdefault('disabled', False)
   project_yaml.setdefault('architectures', DEFAULT_ARCHITECTURES)
   project_yaml.setdefault('sanitizers', DEFAULT_SANITIZERS)
-  project_yaml.setdefault('fuzzing_engines', DEFAULT_ENGINES)
+  project_yaml.setdefault('fuzzing_engines', DEFAULT_FUZZING_ENGINES)
   project_yaml.setdefault('run_tests', True)
   project_yaml.setdefault('coverage_extra_args', '')
   project_yaml.setdefault('labels', {})

infra/ci/build.py

@@ -33,7 +33,7 @@
 CANARY_PROJECT = 'skcms'
 
 DEFAULT_ARCHITECTURES = ['x86_64']
-DEFAULT_ENGINES = ['afl', 'honggfuzz', 'libfuzzer', 'centipede']
+DEFAULT_FUZZING_ENGINES = ['afl', 'honggfuzz', 'libfuzzer', 'centipede']
 DEFAULT_SANITIZERS = ['address', 'undefined']
 
 
@@ -105,7 +105,7 @@ def should_build_coverage(project_yaml):
   contents."""
   # Enable coverage builds on projects that use engines. Those that don't use
   # engines shouldn't get coverage builds.
-  engines = project_yaml.get('fuzzing_engines', DEFAULT_ENGINES)
+  engines = project_yaml.get('fuzzing_engines', DEFAULT_FUZZING_ENGINES)
   engineless = 'none' in engines
   if engineless:
     assert_message = ('Forbidden to specify multiple engines for '
@@ -153,7 +153,7 @@ def is_enabled(env_var, yaml_name, defaults):
     return os.getenv(env_var) in flatten_options(
         project_yaml.get(yaml_name, defaults))
 
-  return (is_enabled('ENGINE', 'fuzzing_engines', DEFAULT_ENGINES) and
+  return (is_enabled('ENGINE', 'fuzzing_engines', DEFAULT_FUZZING_ENGINES) and
           is_enabled('SANITIZER', 'sanitizers', DEFAULT_SANITIZERS) and
           is_enabled('ARCHITECTURE', 'architectures', DEFAULT_ARCHITECTURES))
 

infra/cifuzz/actions/build_fuzzers/action.yml

@@ -18,6 +18,9 @@ inputs:
   sanitizer:
     description: 'The sanitizer to build the fuzzers with.'
     default: 'address'
+  fuzzing_engine:
+    description: 'The fuzzing engine to build the fuzzers with.'
+    default: 'libfuzzer'
   architecture:
     description: 'The architecture used to build the fuzzers.'
     default: 'x86_64'
@@ -45,6 +48,7 @@ runs:
     DRY_RUN: ${{ inputs.dry-run}}
     ALLOWED_BROKEN_TARGETS_PERCENTAGE: ${{ inputs.allowed-broken-targets-percentage}}
     SANITIZER: ${{ inputs.sanitizer }}
+    FUZZING_ENGINE: ${{ inputs.fuzzing_engine }}
     ARCHITECTURE: ${{ inputs.architecture }}
     PROJECT_SRC_PATH: ${{ inputs.project-src-path }}
     LOW_DISK_SPACE: 'True'

infra/cifuzz/actions/run_fuzzers/action.yml

@@ -19,6 +19,9 @@ inputs:
   sanitizer:
     description: 'The sanitizer to run the fuzzers with.'
     default: 'address'
+  fuzzing_engine:
+    description: 'The fuzzing engine to run the fuzzers with.'
+    default: 'libfuzzer'
   mode:
     description: |
       The mode to run the fuzzers with ("code-change", "batch", "coverage", or "prune").
@@ -69,6 +72,7 @@ runs:
     FUZZ_SECONDS: ${{ inputs.fuzz-seconds }}
     DRY_RUN: ${{ inputs.dry-run}}
     SANITIZER: ${{ inputs.sanitizer }}
+    FUZZING_ENGINE: ${{ inputs.fuzzing_engine }}
     MODE: ${{ inputs.mode }}
     GITHUB_TOKEN: ${{ inputs.github-token }}
     LOW_DISK_SPACE: 'True'

infra/cifuzz/base_runner_utils.py

@@ -23,10 +23,10 @@ def get_env(config, workspace):
   vars set to values needed to run a fuzzer."""
   env = os.environ.copy()
   env['SANITIZER'] = config.sanitizer
+  env['FUZZING_ENGINE'] = config.fuzzing_engine
   env['FUZZING_LANGUAGE'] = config.language
   env['OUT'] = workspace.out
   env['CIFUZZ'] = 'True'
-  env['FUZZING_ENGINE'] = config_utils.DEFAULT_ENGINE
   env['ARCHITECTURE'] = config.architecture
   # Do this so we don't fail in tests.
   env['FUZZER_ARGS'] = '-rss_limit_mb=2560 -timeout=25'

infra/cifuzz/build_fuzzers.py

@@ -81,8 +81,9 @@ def build_fuzzers(self):
     """Moves the source code we want to fuzz into the project builder and builds
     the fuzzers from that source code. Returns True on success."""
     docker_args, docker_container = docker.get_base_docker_run_args(
-        self.workspace, self.config.sanitizer, self.config.language,
-        self.config.architecture, self.config.docker_in_docker)
+        self.workspace, self.config.sanitizer, self.config.fuzzing_engine,
+        self.config.language, self.config.architecture,
+        self.config.docker_in_docker)
     if not docker_container:
       docker_args.extend(
           _get_docker_build_fuzzers_args_not_container(self.host_repo_path))
@@ -101,7 +102,8 @@ def build_fuzzers(self):
         '-c',
         build_command,
     ])
-    logging.info('Building with %s sanitizer.', self.config.sanitizer)
+    logging.info('Building with %s sanitizer, %s fuzzing engine.',
+                 self.config.sanitizer, self.config.fuzzing_engine)
 
     # TODO(metzman): Stop using helper.docker_run so we can get rid of
     # docker.get_base_docker_run_args and merge its contents into

infra/cifuzz/build_fuzzers_test.py

@@ -119,6 +119,7 @@ class InternalGithubBuildTest(unittest.TestCase):
   """Tests for building OSS-Fuzz projects on GitHub actions."""
   PROJECT_REPO_NAME = 'myproject'
   SANITIZER = 'address'
+  ENGING = 'libfuzzer'
   GIT_SHA = 'fake'
   PR_REF = 'fake'
 
@@ -129,6 +130,7 @@ def _create_builder(self, tmp_dir, oss_fuzz_project_name='myproject'):
         project_repo_name=self.PROJECT_REPO_NAME,
         workspace=tmp_dir,
         sanitizer=self.SANITIZER,
+        engine=self.FUZZING_ENGINE,
         git_sha=self.GIT_SHA,
         pr_ref=self.PR_REF,
         cfl_platform='github')
@@ -315,6 +317,7 @@ class CheckFuzzerBuildTest(unittest.TestCase):
   """Tests the check_fuzzer_build function in the cifuzz module."""
 
   SANITIZER = 'address'
+  FUZZING_ENGINE = 'libfuzzer'
   LANGUAGE = 'c++'
 
   def setUp(self):
@@ -323,6 +326,7 @@ def setUp(self):
     self.config = test_helpers.create_build_config(
         oss_fuzz_project_name=EXAMPLE_PROJECT,
         sanitizer=self.SANITIZER,
+        engine=self.FUZZING_ENGINE,
         language=self.LANGUAGE,
         workspace=workspace_path,
         pr_ref='refs/pull/1757/merge')

infra/cifuzz/clusterfuzz_deployment.py

@@ -153,7 +153,7 @@ def download_corpus(self, target_name, corpus_dir):
     return corpus_dir
 
   def _get_build_name(self, name):
-    return f'{self.config.sanitizer}-{name}'
+    return f'{self.config.sanitizer}-{self.config.fuzzing_engine}-{name}'
 
   def _get_corpus_name(self, target_name):  # pylint: disable=no-self-use
     """Returns the name of the corpus artifact."""

infra/cifuzz/config_utils.py

@@ -27,10 +27,12 @@
 import platform_config
 import constants
 
-SANITIZERS = ['address', 'memory', 'undefined', 'coverage']
+SANITIZERS = ['address', 'memory', 'undefined', 'coverage', 'introspector']
+
+FUZZING_ENGINES = ['libfuzzer', 'afl', 'honggfuzz', 'none']
 
 # TODO(metzman): Set these on config objects so there's one source of truth.
-DEFAULT_ENGINE = 'libfuzzer'
+DEFAULT_FUZZING_ENGINE = 'libfuzzer'
 
 # This module deals a lot with env variables. Many of these will be set by users
 # and others beyond CIFuzz's control. Thus, you should be careful about using
@@ -44,6 +46,10 @@ def _get_sanitizer():
   return os.getenv('SANITIZER', constants.DEFAULT_SANITIZER).lower()
 
 
+def _get_engine():
+  return os.getenv('FUZZING_ENGINE', constants.DEFAULT_FUZZING_ENGINE).lower()
+
+
 def _get_architecture():
   return os.getenv('ARCHITECTURE', constants.DEFAULT_ARCHITECTURE).lower()
 
@@ -115,6 +121,7 @@ def __init__(self):
 
     self.dry_run = _is_dry_run()  # Check if failures should not be reported.
     self.sanitizer = _get_sanitizer()
+    self.fuzzing_engine = _get_engine()
     self.architecture = _get_architecture()
     self.language = _get_language()
     self.low_disk_space = environment.get_bool('LOW_DISK_SPACE', False)
@@ -152,6 +159,11 @@ def validate(self):
                     self.sanitizer, SANITIZERS)
       return False
 
+    if self.fuzzing_engine not in FUZZING_ENGINES:
+      logging.error('Invalid FUZZING_ENGINE: %s. Must be one of: %s.',
+                    self.fuzzing_engine, FUZZING_ENGINES)
+      return False
+
     if self.architecture not in constants.ARCHITECTURES:
       logging.error('Invalid ARCHITECTURE: %s. Must be one of: %s.',
                     self.architecture, constants.ARCHITECTURES)

infra/cifuzz/continuous_integration.py

@@ -239,8 +239,9 @@ def _copy_repo_from_image(self, image_repo_path):
     host_repo_path = os.path.join(self._repo_dir, repo_name)
     bash_command = f'cp -r {image_repo_path} {host_repo_path}'
     docker_args, _ = docker.get_base_docker_run_args(
-        self.workspace, self.config.sanitizer, self.config.language,
-        self.config.architecture, self.config.docker_in_docker)
+        self.workspace, self.config.sanitizer, self.config.fuzzing_engine,
+        self.config.language, self.config.architecture,
+        self.config.docker_in_docker)
     docker_args.extend([
         docker.get_project_image_name(self.config.oss_fuzz_project_name),
         '/bin/bash', '-c', bash_command

infra/cifuzz/docker.py

@@ -28,9 +28,7 @@
 PROJECT_TAG_PREFIX = 'gcr.io/oss-fuzz/'
 
 # Default fuzz configuration.
-_DEFAULT_DOCKER_RUN_ARGS = [
-    '-e', 'FUZZING_ENGINE=' + constants.DEFAULT_ENGINE, '-e', 'CIFUZZ=True'
-]
+_DEFAULT_DOCKER_RUN_ARGS = ['-e', 'CIFUZZ=True']
 
 UNIQUE_ID_SUFFIX = '-' + uuid.uuid4().hex
 
@@ -75,6 +73,7 @@ def delete_images(images):
 
 def get_base_docker_run_args(workspace,
                              sanitizer=constants.DEFAULT_SANITIZER,
+                             engine=constants.DEFAULT_FUZZING_ENGINE,
                              language=constants.DEFAULT_LANGUAGE,
                              architecture=constants.DEFAULT_ARCHITECTURE,
                              docker_in_docker=False):
@@ -83,6 +82,7 @@ def get_base_docker_run_args(workspace,
   docker_args = _DEFAULT_DOCKER_RUN_ARGS.copy()
   env_mapping = {
       'SANITIZER': sanitizer,
+      'FUZZING_ENGINE': engine,
       'ARCHITECTURE': architecture,
       'FUZZING_LANGUAGE': language,
       'OUT': workspace.out
@@ -102,6 +102,7 @@ def get_base_docker_run_args(workspace,
 
 def get_base_docker_run_command(workspace,
                                 sanitizer=constants.DEFAULT_SANITIZER,
+                                engine=constants.DEFAULT_FUZZING_ENGINE,
                                 language=constants.DEFAULT_LANGUAGE,
                                 architecture=constants.DEFAULT_ARCHITECTURE,
                                 docker_in_docker=False):
@@ -110,6 +111,7 @@ def get_base_docker_run_command(workspace,
   docker_args, docker_container = get_base_docker_run_args(
       workspace,
       sanitizer,
+      engine,
       language,
       architecture,
       docker_in_docker=docker_in_docker)

infra/cifuzz/docker_test.py

@@ -25,6 +25,7 @@
 config.workspace = '/workspace'
 WORKSPACE = workspace_utils.Workspace(config)
 SANITIZER = 'example-sanitizer'
+FUZZING_ENGINE = 'example-fuzzing-engine'
 LANGUAGE = 'example-language'
 
 
@@ -62,7 +63,7 @@ def test_get_base_docker_run_args_container(self, _):
     """Tests that get_base_docker_run_args works as intended when inside a
     container."""
     docker_args, docker_container = docker.get_base_docker_run_args(
-        WORKSPACE, SANITIZER, LANGUAGE)
+        WORKSPACE, SANITIZER, FUZZING_ENGINE, LANGUAGE)
     self.assertEqual(docker_container, CONTAINER_NAME)
     expected_docker_args = []
     expected_docker_args = [
@@ -73,6 +74,8 @@ def test_get_base_docker_run_args_container(self, _):
         '-e',
         f'SANITIZER={SANITIZER}',
         '-e',
+        f'FUZZING_ENGINE={FUZZING_ENGINE}',
+        '-e',
         'ARCHITECTURE=x86_64',
         '-e',
         f'FUZZING_LANGUAGE={LANGUAGE}',
@@ -88,12 +91,13 @@ def test_get_base_docker_run_args_no_container(self, _):
     """Tests that get_base_docker_run_args works as intended when not inside a
     container."""
     docker_args, docker_container = docker.get_base_docker_run_args(
-        WORKSPACE, SANITIZER, LANGUAGE)
+        WORKSPACE, SANITIZER, FUZZING_ENGINE, LANGUAGE)
     self.assertEqual(docker_container, None)
     expected_docker_args = [
         '-e', 'FUZZING_ENGINE=libfuzzer', '-e', 'CIFUZZ=True', '-e',
-        f'SANITIZER={SANITIZER}', '-e', 'ARCHITECTURE=x86_64', '-e',
-        f'FUZZING_LANGUAGE={LANGUAGE}', '-e', f'OUT={WORKSPACE.out}', '-v',
+        f'SANITIZER={SANITIZER}', '-e', f'FUZZING_ENGINE={FUZZING_ENGINE}',
+        '-e', 'ARCHITECTURE=x86_64', '-e', f'FUZZING_LANGUAGE={LANGUAGE}', '-e',
+        f'OUT={WORKSPACE.out}', '-v',
         f'{WORKSPACE.workspace}:{WORKSPACE.workspace}'
     ]
     self.assertEqual(docker_args, expected_docker_args)

infra/cifuzz/external-actions/build_fuzzers/action.yml

@@ -15,6 +15,9 @@ inputs:
   sanitizer:
     description: 'The sanitizer to build the fuzzers with.'
     default: 'address'
+  fuzzing_engine:
+    description: 'The fuzzing engine to build the fuzzers with.'
+    default: 'libfuzzer'
   project-src-path:
     description: "The path to the project's source code checkout."
     required: false
@@ -64,6 +67,7 @@ runs:
     DRY_RUN: ${{ inputs.dry-run}}
     ALLOWED_BROKEN_TARGETS_PERCENTAGE: ${{ inputs.allowed-broken-targets-percentage}}
     SANITIZER: ${{ inputs.sanitizer }}
+    FUZZING_ENGINE: ${{ inputs.fuzzing_engine }}
     PROJECT_SRC_PATH: ${{ inputs.project-src-path }}
     GITHUB_TOKEN: ${{ inputs.github-token }}
     LOW_DISK_SPACE: 'True'

infra/cifuzz/external-actions/run_fuzzers/action.yml

@@ -16,6 +16,9 @@ inputs:
   sanitizer:
     description: 'The sanitizer to run the fuzzers with.'
     default: 'address'
+  fuzzing_engine:
+    description: 'The fuzzing engine to run the fuzzers with.'
+    default: 'libfuzzer'
   mode:
     description: |
       The mode to run the fuzzers with ("code-change", "batch", "coverage", or "prune").
@@ -81,6 +84,7 @@ runs:
     FUZZ_SECONDS: ${{ inputs.fuzz-seconds }}
     DRY_RUN: ${{ inputs.dry-run}}
     SANITIZER: ${{ inputs.sanitizer }}
+    FUZZING_ENGINE: ${{ inputs.fuzzing_engine }}
     MODE: ${{ inputs.mode }}
     GITHUB_TOKEN: ${{ inputs.github-token }}
     LOW_DISK_SPACE: 'True'