Skip to content

Commit e41dbda

Browse files
committed
added fuzzing job to CI
1 parent e5bcc56 commit e41dbda

File tree

1 file changed

+57
-0
lines changed

1 file changed

+57
-0
lines changed

.github/workflows/fuzz.yml

Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,57 @@
1+
# Syntax reference https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions
2+
# Environment reference https://help.github.com/en/actions/reference/virtual-environments-for-github-hosted-runners
3+
name: fuzz
4+
on: [pull_request]
5+
6+
permissions:
7+
contents: read
8+
9+
jobs:
10+
fuzz:
11+
runs-on: ubuntu-24.04
12+
if: ${{ github.repository_owner == 'danmar' }}
13+
14+
steps:
15+
- uses: actions/checkout@v6
16+
with:
17+
persist-credentials: false
18+
19+
# the man-db trigger causes package installations to stall for several minutes at times. so just drop the package.
20+
# see https://github.com/actions/runner/issues/4030
21+
- name: Remove man-db package
22+
run: |
23+
sudo apt-get update
24+
sudo apt-get remove man-db
25+
26+
- name: Install missing software
27+
run: |
28+
sudo apt-get update
29+
sudo apt-get install -y make
30+
31+
- name: Install clang
32+
run: |
33+
wget https://apt.llvm.org/llvm.sh
34+
chmod +x llvm.sh
35+
sudo ./llvm.sh 21
36+
37+
- name: Build fuzzer
38+
id: build
39+
run: |
40+
# TODO: test O/LTO for best speed
41+
# TODO: use -stdlib=libc++ -lc++
42+
make -j$(nproc) CXX=clang++ CXXOPTS="-O3 -flto -fno-omit-frame-pointer -g -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address,undefined -fsanitize-address-use-after-scope -fno-sanitize=integer -fno-sanitize-recover=undefined" LDOPTS="-flto" LIB_FUZZING_ENGINE="-fsanitize=fuzzer" fuzz
43+
env:
44+
CXX: clang-21
45+
46+
- name: Run fuzzer
47+
run: |
48+
mkdir corpus
49+
mkdir artifacts
50+
./fuzz -only_ascii=1 -timeout=5 -fork=$(nproc) -use_value_profile=1 -max_total_time=60-artifact_prefix=./artifacts/ corpus
51+
52+
- name: Upload artifacts
53+
uses: actions/upload-artifact@v6
54+
if: failure() && steps.build.outcome == 'success'
55+
with:
56+
name: failures
57+
path: ./artifacts

0 commit comments

Comments
 (0)