Update fastbloom requirement from 0.12.0 to 0.14.0 (#3370) #16656
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build and test | |
| on: | |
| push: | |
| branches: [ main, "pr/**" ] | |
| pull_request: | |
| branches: [ main ] | |
| types: ["labeled", "opened", "synchronize", "reopened"] | |
| workflow_dispatch: | |
| merge_group: | |
| env: | |
| CARGO_TERM_COLOR: always | |
| CARGO_NET_GIT_FETCH_WITH_CLI: true | |
| MAIN_LLVM_VERSION: 18 | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| common: | |
| strategy: | |
| matrix: | |
| os: [ ubuntu-24.04, windows-latest, macOS-latest ] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Install mimetype | |
| if: runner.os == 'Linux' | |
| run: sudo apt-get update && sudo apt-get install -y libfile-mimeinfo-perl | |
| - name: install mdbook | |
| uses: baptiste0928/cargo-install@v3 | |
| with: | |
| crate: mdbook | |
| - name: install linkcheck | |
| uses: baptiste0928/cargo-install@v3 | |
| with: | |
| crate: mdbook-linkcheck | |
| # NOTE: The current crates.io release of mdbook-linkcheck (v0.7.7) is broken | |
| # => https://github.com/Michael-F-Bryan/mdbook-linkcheck/pull/82#issuecomment-2241058491 | |
| git: https://github.com/Michael-F-Bryan/mdbook-linkcheck.git | |
| rev: 8c783c5d754d83bcd50c28fb4174854b04ece990 | |
| - uses: actions/checkout@v4 | |
| - if: runner.os == 'Linux' | |
| uses: ./.github/workflows/ubuntu-prepare | |
| - if: runner.os != 'Linux' | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Install LLVM | |
| if: runner.os == 'MacOS' | |
| run: brew install llvm@${{env.MAIN_LLVM_VERSION}} | |
| - uses: Swatinem/rust-cache@v2 | |
| with: { shared-key: "ubuntu" } | |
| if: runner.os == 'Linux' | |
| - uses: Swatinem/rust-cache@v2 | |
| if: runner.os != 'Linux' | |
| - name: Check for binary blobs | |
| if: runner.os == 'Linux' | |
| run: ./scripts/check_for_blobs.sh | |
| - name: Build libafl debug | |
| run: cargo build -p libafl | |
| - name: Test the book (Linux) | |
| # TODO: fix books test fail with updated windows-rs | |
| if: runner.os == 'Linux' | |
| run: cd docs && mdbook test -L ../target/debug/deps | |
| - name: Test the book (MacOS) | |
| if: runner.os == 'MacOS' | |
| run: cd docs && mdbook test -L ../target/debug/deps $(python3-config --ldflags | cut -d ' ' -f1) | |
| - name: Build individual libafl book examples (linux) | |
| if: runner.os == 'Linux' | |
| run: cd docs/listings/baby_fuzzer/ && just build-all | |
| - name: Run tests (Windows) | |
| if: runner.os == 'Windows' | |
| run: cargo test -- --test-threads 1 | |
| - name: Run tests (Linux) | |
| if: runner.os != 'Windows' | |
| run: cargo test -- --test-threads 1 | |
| - name: Test libafl no_std | |
| run: cd crates/libafl && cargo test --no-default-features | |
| - name: Test libafl_bolts no_std no_alloc | |
| run: cd crates/libafl_bolts && cargo test --no-default-features | |
| - name: Test libafl_targets no_std | |
| run: cd crates/libafl_targets && cargo test --no-default-features | |
| ubuntu-doc-build: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/workflows/ubuntu-prepare | |
| - uses: Swatinem/rust-cache@v2 | |
| # ---- doc check ---- | |
| - name: Build Docs | |
| run: cargo doc --all-features --no-deps | |
| ubuntu-doc-test: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/workflows/ubuntu-prepare | |
| - uses: Swatinem/rust-cache@v2 | |
| # ---- doc check ---- | |
| - name: Test Docs | |
| run: cargo test --doc --all-features | |
| ubuntu-miri: | |
| runs-on: ubuntu-24.04 | |
| if: contains( github.event.pull_request.labels.*.name, 'pre-release') | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/workflows/ubuntu-prepare | |
| with: | |
| use_nightly: 'true' | |
| - name: Add miri | |
| run: rustup +nightly component add miri | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| shared-key: ubuntu-miri | |
| # --- miri undefined behavior test -- | |
| - name: Run miri tests | |
| run: RUST_BACKTRACE=1 MIRIFLAGS="-Zmiri-disable-isolation" cargo miri test | |
| ubuntu: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Remove Dotnet & Haskell | |
| run: rm -rf /usr/share/dotnet && rm -rf /opt/ghc | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/workflows/ubuntu-prepare | |
| - uses: Swatinem/rust-cache@v2 | |
| with: { shared-key: "ubuntu" } | |
| # pcguard edges and pcguard hitcounts are not compatible and we need to build them seperately | |
| - name: Check pcguard edges | |
| run: cargo check --features=sancov_pcguard_edges | |
| - name: run shellcheck | |
| run: shellcheck ./scripts/*.sh | |
| # ---- build normal and examples ---- | |
| - name: Run a normal build | |
| run: cargo build --verbose | |
| # - name: Run libafl_qemu usermode tests | |
| # run: cd crates/libafl_qemu && cargo test | |
| # - name: Run libafl_qemu systemmode tests | |
| # run: cd crates/libafl_qemu && cargo test --no-default-features --features x86_64,systemmode | |
| - name: Build examples | |
| run: cargo build --examples --verbose | |
| ubuntu-clippy: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Remove Dotnet & Haskell | |
| run: rm -rf /usr/share/dotnet && rm -rf /opt/ghc | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/workflows/ubuntu-prepare | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| shared-key: "ubuntu-clippy" | |
| - name: Run clippy | |
| run: LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} ./scripts/clippy.sh | |
| # --- test embedding the libafl_libfuzzer_runtime library | |
| # Fix me plz | |
| # - name: Test Build libafl_libfuzzer with embed | |
| # run: cargo test --features=embed-runtime --manifest-path libafl_libfuzzer/Cargo.toml | |
| ubuntu-check: | |
| runs-on: ubuntu-24.04 | |
| needs: ubuntu | |
| strategy: | |
| matrix: | |
| instance_idx: [ "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17" ] | |
| fail-fast: false | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/workflows/ubuntu-prepare | |
| - uses: Swatinem/rust-cache@v2 | |
| with: { shared-key: "ubuntu" } | |
| # ---- build and feature check ---- | |
| # cargo-hack's --feature-powerset would be nice here but libafl has a too many knobs | |
| # Tracking: https://github.com/CensoredUsername/dynasm-rs/issues/114 | |
| # One dep of libafl_frida fails on `DOCS_RS` for stable toolchain. Therefore, we _only_ run nightly for that. | |
| # For the rest of other crates, we still use stable toolchain. | |
| - name: "Setup nightly" | |
| uses: dtolnay/rust-toolchain@nightly | |
| with: | |
| components: clippy, rustfmt | |
| - name: "But default to stable" | |
| run: rustup default stable | |
| - name: Check each feature | |
| # Skipping `python` as it has to be built with the `maturin` tool | |
| # `sancov_pcguard_edges` is tested seperatelyc | |
| run: LLVM_VERSION=18 CI_INSTANCES=18 cargo run --manifest-path ./utils/ci_splitter/Cargo.toml -- ${{ matrix.instance_idx }} | |
| ubuntu-concolic: | |
| runs-on: ubuntu-24.04 | |
| needs: ubuntu | |
| steps: | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: actions/checkout@v4 | |
| - uses: Swatinem/rust-cache@v2 | |
| with: { shared-key: "ubuntu" } | |
| - name: Install smoke test deps | |
| run: sudo ./crates/libafl_concolic/test/smoke_test_ubuntu_deps.sh | |
| - name: Run smoke test | |
| run: ./crates/libafl_concolic/test/smoke_test.sh | |
| python-bindings: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Install deps | |
| run: sudo apt-get update && sudo apt-get install -y lsb-release wget software-properties-common gnupg libz3-dev | |
| - name: Install maturin | |
| run: cargo install --locked maturin | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/workflows/ubuntu-prepare | |
| - uses: Swatinem/rust-cache@v2 | |
| with: { shared-key: "ubuntu" } | |
| - name: Run a maturin build | |
| run: export LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} && cd ./bindings/pylibafl && python3 -m venv .env && . .env/bin/activate && pip install --upgrade --force-reinstall . && ./test.sh | |
| - name: Run python test | |
| run: . ./bindings/pylibafl/.env/bin/activate # && cd fuzzers/binary_only/python_qemu/ && python3 fuzzer.py 2>&1 | grep "Bye" | |
| cargo-fmt: | |
| runs-on: ubuntu-24.04 | |
| env: | |
| MAIN_LLVM_VERSION: 20 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@nightly | |
| with: | |
| components: rustfmt | |
| - uses: Swatinem/rust-cache@v2 | |
| with: { shared-key: "ubuntu" } | |
| - name: Installing black | |
| run: python3 -m pip install black | |
| - name: Format Check | |
| run: ./scripts/fmt_all.sh check | |
| check-md-links: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run linkspector | |
| uses: umbrelladocs/action-linkspector@v1 | |
| with: | |
| fail_on_error: 'true' | |
| config_file: '.github/.linkspector.yml' | |
| msrv: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: taiki-e/install-action@cargo-hack | |
| # Note: We currently only specify minimum rust versions for the default workspace members | |
| - run: cargo hack check --rust-version -p libafl -p libafl_bolts -p libafl_derive -p libafl_cc -p libafl_targets | |
| fuzzers-preflight: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Fuzzer in CI Check | |
| run: ./scripts/check_tested_fuzzers.sh | |
| fuzzers: | |
| name: 🚀 ${{ matrix.fuzzer }} | |
| needs: | |
| - fuzzers-preflight | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| fuzzer: | |
| # Baby | |
| - baby/baby_fuzzer_swap_differential | |
| - baby/tutorial | |
| - baby/baby_fuzzer | |
| # - baby/backtrace_baby_fuzzers | |
| - baby/baby_fuzzer_unicode | |
| - baby/baby_fuzzer_minimizing | |
| - baby/backtrace_baby_fuzzers/c_code_with_fork_executor | |
| - baby/backtrace_baby_fuzzers/c_code_with_inprocess_executor | |
| - baby/backtrace_baby_fuzzers/rust_code_with_fork_executor | |
| - baby/backtrace_baby_fuzzers/rust_code_with_inprocess_executor | |
| - baby/backtrace_baby_fuzzers/command_executor | |
| - baby/backtrace_baby_fuzzers/forkserver_executor | |
| - baby/baby_fuzzer_custom_executor | |
| # Binary-only | |
| - binary_only/fuzzbench_fork_qemu | |
| - binary_only/frida_executable_libpng | |
| # - binary_only/frida_windows_gdiplus | |
| - binary_only/frida_libpng | |
| - binary_only/fuzzbench_qemu | |
| - binary_only/intel_pt_baby_fuzzer | |
| - binary_only/intel_pt_command_executor | |
| # - binary_only/tinyinst_simple | |
| # Forkserver | |
| - forkserver/forkserver_simple | |
| - forkserver/forkserver_capture_stdout | |
| - forkserver/forkserver_libafl_cc | |
| - forkserver/fuzzbench_forkserver | |
| - forkserver/fuzzbench_forkserver_cmplog | |
| - forkserver/fuzzbench_forkserver_sand | |
| - forkserver/libafl-fuzz | |
| - forkserver/baby_fuzzer_with_forkexecutor | |
| # Full-system | |
| - full_system/nyx_launcher | |
| - full_system/nyx_libxml2_standalone | |
| - full_system/nyx_libxml2_parallel | |
| # Structure-aware | |
| - structure_aware/nautilus_sync | |
| - structure_aware/baby_fuzzer_grimoire | |
| - structure_aware/baby_fuzzer_gramatron | |
| - structure_aware/baby_fuzzer_tokens | |
| - structure_aware/baby_fuzzer_multi | |
| - structure_aware/baby_fuzzer_custom_input | |
| - structure_aware/baby_fuzzer_nautilus | |
| - structure_aware/forkserver_simple_nautilus | |
| # In-process | |
| - fuzz_anything/cargo_fuzz | |
| - inprocess/fuzzbench | |
| - inprocess/fuzzbench_text | |
| - inprocess/fuzzbench_ctx | |
| - inprocess/libfuzzer_libmozjpeg | |
| - inprocess/libfuzzer_libpng | |
| - inprocess/libfuzzer_libpng_launcher | |
| - inprocess/libfuzzer_libpng_accounting | |
| - inprocess/libfuzzer_libpng_centralized | |
| - inprocess/libfuzzer_libpng_cmin | |
| - inprocess/libfuzzer_libpng_norestart | |
| # - inprocess/libfuzzer_libpng_tcp_manager | |
| # - inprocess/libfuzzer_windows_asan | |
| - inprocess/libfuzzer_stb_image_sugar | |
| - inprocess/libfuzzer_stb_image | |
| - structure_aware/libfuzzer_stb_image_concolic | |
| # - inprocess/sqlite_centralized_multi_machine | |
| # - inprocess/libafl_libfuzzer_windows | |
| # Fuzz Anything | |
| - fuzz_anything/push_harness | |
| - fuzz_anything/push_stage_harness | |
| - fuzz_anything/libafl_atheris | |
| - fuzz_anything/baby_no_std | |
| - fuzz_anything/baby_fuzzer_wasm | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| # Get the name of the fuzzer so that we can use it as the key for a cache | |
| # of the built artefacts. The key cannot have any special characters. | |
| - name: Get fuzzer name | |
| id: fuzzer_name | |
| run: | | |
| fname=$(basename "${{ matrix.fuzzer }}") | |
| echo "fuzzer_name=$fname" >> $GITHUB_OUTPUT | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Prepare | |
| uses: ./.github/workflows/fuzzer-tester-prepare | |
| with: | |
| fuzzer-name: ${{ matrix.fuzzer }} | |
| - name: Configure Cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| # We will have these guys all share a cache (since they should share | |
| # and awful lot of their dependencies). That way we won't use up | |
| # as much space. | |
| shared-key: fuzzers-x86_64 | |
| # We want to include the commit hash to ensure the cache is replaced | |
| # on each new commit. | |
| key: ${{ github.sha }} | |
| # We will only save the cache for one of the builds. Though we could | |
| # just omit this filter and the jobs race to push to the cache, since | |
| # they would all share the same key (combining the `shared-key` and | |
| # `key`) our build would generate a load of warnings. Why this | |
| # particular fuzzer? No real reason, but we had to choose one. | |
| save-if: ${{ matrix.fuzzer == 'binary_only/frida_libpng' }} | |
| cache-all-crates: true | |
| # The code is built in the fuzzers own directory, not in the target | |
| # directory in the root of the workspace | |
| workspaces: | | |
| fuzzers/${{ matrix.fuzzer }} | |
| - name: Test | |
| if: runner.os == 'Linux' | |
| shell: bash | |
| run: | | |
| RUN_ON_CI=1 \ | |
| LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} \ | |
| cargo \ | |
| run \ | |
| --manifest-path ./utils/ci_runner/Cargo.toml \ | |
| -- \ | |
| fuzzers/${{ matrix.fuzzer }} | |
| # This job checks whether any changes have been made to the QEMU code to avoid | |
| # rebuilding and testing the QEMU related fuzzers unnecessarily as they are | |
| # more expensive to build | |
| qemu-changes: | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| pull-requests: read | |
| outputs: | |
| qemu: ${{ steps.filter.outputs.qemu }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Filter | |
| uses: dorny/paths-filter@v3 | |
| id: filter | |
| with: | |
| filters: | | |
| qemu: | |
| - '.github/**' | |
| - 'libafl/**' | |
| - 'libafl_bolts/**' | |
| - 'libafl_targets/**' | |
| - 'libafl_qemu/**' | |
| - 'fuzzers/**/*qemu*/**' | |
| fuzzer-unicorn: | |
| name: 🚀 full_system/unicorn | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - fuzzers-preflight | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ ubuntu-24.04 ] | |
| fuzzer: | |
| - fuzzers/full_system/unicorn | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/workflows/fuzzer-tester-prepare | |
| - name: "Install dependencies" | |
| if: runner.os == 'Linux' | |
| shell: bash | |
| run: sudo apt-get update && sudo apt-get install gcc gcc-arm-linux-gnueabihf gcc-aarch64-linux-gnu gcc-riscv64-linux-gnu | |
| - name: Build and run example fuzzers (Linux) | |
| if: runner.os == 'Linux' | |
| shell: bash | |
| run: RUN_ON_CI=1 LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} cargo run --manifest-path ./utils/ci_runner/Cargo.toml -- ${{ matrix.fuzzer }} | |
| # Job to build and test the QEMU fuzzers | |
| qemu-user: | |
| name: 🤖 ${{ matrix.fuzzer }} | |
| needs: | |
| - fuzzers-preflight # Check that all the fuzzers listed for testing or explicitly ignored | |
| - qemu-changes # Only build if the QEMU code has changed | |
| if: ${{ needs.qemu-changes.outputs.qemu == 'true' }} | |
| strategy: | |
| matrix: | |
| fuzzer: | |
| - binary_only/qemu_cmin | |
| - binary_only/qemu_tmin | |
| - binary_only/qemu_coverage | |
| - binary_only/qemu_launcher | |
| # - full_system/qemu_linux_kernel | |
| # - full_system/qemu_linux_process | |
| runs-on: ubuntu-24.04 | |
| container: registry.gitlab.com/qemu-project/qemu/qemu/ubuntu2204:latest | |
| steps: | |
| # Get the name of the fuzzer so that we can use it as the key for a cache | |
| # of the built artefacts. The key cannot have any special characters. | |
| - name: Get fuzzer name | |
| id: fuzzer_name | |
| run: | | |
| fname=$(basename "${{ matrix.fuzzer }}") | |
| echo "fuzzer_name=$fname" >> $GITHUB_OUTPUT | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Prepare | |
| uses: ./.github/workflows/qemu-fuzzer-tester-prepare | |
| - name: Configure Cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| # We will have each of these fuzzers have it's own cache since these | |
| # are some of the heaviest fuzzers to build. | |
| shared-key: qemu-${{ steps.fuzzer_name.outputs.fuzzer_name }}-x86_64 | |
| # We want to include the commit hash to ensure the cache is replaced | |
| # on each new commit. | |
| key: ${{ github.sha }} | |
| cache-all-crates: true | |
| # The code is built in the fuzzers own directory, not in the target | |
| # directory in the root of the workspace | |
| workspaces: | | |
| fuzzers/${{ matrix.fuzzer }} | |
| - name: Test | |
| shell: bash | |
| run: | | |
| unset RUSTC && \ | |
| ARCH=x86_64 \ | |
| RUN_ON_CI=1 \ | |
| LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} \ | |
| cargo \ | |
| run \ | |
| --manifest-path ./utils/ci_runner/Cargo.toml \ | |
| -- \ | |
| fuzzers/${{ matrix.fuzzer }} | |
| # Job to build and test the QEMU fuzzers | |
| qemu-system: | |
| name: 🤖 ${{ matrix.fuzzer }} | |
| needs: | |
| - fuzzers-preflight # Check that all the fuzzers listed for testing or explicitly ignored | |
| - qemu-changes # Only build if the QEMU code has changed | |
| if: ${{ needs.qemu-changes.outputs.qemu == 'true' }} | |
| strategy: | |
| matrix: | |
| fuzzer: | |
| - full_system/qemu_baremetal | |
| # - full_system/qemu_linux_kernel | |
| # - full_system/qemu_linux_process | |
| runs-on: ubuntu-24.04 | |
| container: registry.gitlab.com/qemu-project/qemu/qemu/ubuntu2204:latest | |
| steps: | |
| # Get the name of the fuzzer so that we can use it as the key for a cache | |
| # of the built artefacts. The key cannot have any special characters. | |
| - name: Get fuzzer name | |
| id: fuzzer_name | |
| run: | | |
| fname=$(basename "${{ matrix.fuzzer }}") | |
| echo "fuzzer_name=$fname" >> $GITHUB_OUTPUT | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Prepare | |
| uses: ./.github/workflows/qemu-fuzzer-tester-prepare | |
| - name: Configure Cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| # We will have each of these fuzzers have it's own cache since these | |
| # are some of the heaviest fuzzers to build. | |
| shared-key: qemu-${{ steps.fuzzer_name.outputs.fuzzer_name }}-arm | |
| # We want to include the commit hash to ensure the cache is replaced | |
| # on each new commit. | |
| key: ${{ github.sha }} | |
| cache-all-crates: true | |
| # The code is built in the fuzzers own directory, not in the target | |
| # directory in the root of the workspace | |
| workspaces: | | |
| fuzzers/${{ matrix.fuzzer }} | |
| - name: Test | |
| shell: bash | |
| run: | | |
| unset RUSTC && \ | |
| ARCH=arm \ | |
| RUN_ON_CI=1 \ | |
| LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} \ | |
| cargo \ | |
| run \ | |
| --manifest-path ./utils/ci_runner/Cargo.toml \ | |
| -- \ | |
| fuzzers/${{ matrix.fuzzer }} | |
| # Job to build and test the QEMU fuzzers | |
| qemu-system-i386: | |
| name: 🤖 ${{ matrix.fuzzer }} (i386) | |
| needs: | |
| - fuzzers-preflight # Check that all the fuzzers listed for testing or explicitly ignored | |
| - qemu-changes # Only build if the QEMU code has changed | |
| if: ${{ needs.qemu-changes.outputs.qemu == 'true' }} | |
| strategy: | |
| matrix: | |
| fuzzer: | |
| - full_system/qemu_baremetal | |
| runs-on: ubuntu-24.04 | |
| container: registry.gitlab.com/qemu-project/qemu/qemu/ubuntu2204:latest | |
| steps: | |
| # Get the name of the fuzzer so that we can use it as the key for a cache | |
| # of the built artefacts. The key cannot have any special characters. | |
| - name: Get fuzzer name | |
| id: fuzzer_name | |
| run: | | |
| fname=$(basename "${{ matrix.fuzzer }}") | |
| echo "fuzzer_name=$fname" >> $GITHUB_OUTPUT | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Prepare | |
| uses: ./.github/workflows/qemu-fuzzer-tester-prepare | |
| - name: Configure Cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| # We will have each of these fuzzers have it's own cache since these | |
| # are some of the heaviest fuzzers to build. | |
| shared-key: qemu-${{ steps.fuzzer_name.outputs.fuzzer_name }}-i386 | |
| # We want to include the commit hash to ensure the cache is replaced | |
| # on each new commit. | |
| key: ${{ github.sha }} | |
| cache-all-crates: true | |
| # The code is built in the fuzzers own directory, not in the target | |
| # directory in the root of the workspace | |
| workspaces: | | |
| fuzzers/${{ matrix.fuzzer }} | |
| - name: "Install dependencies" | |
| if: runner.os == 'Linux' | |
| shell: bash | |
| run: sudo apt update && sudo apt -y install gcc-i686-linux-gnu g++-i686-linux-gnu && rustup target add i686-unknown-linux-gnu | |
| - name: Test | |
| shell: bash | |
| run: | | |
| unset RUSTC && cd fuzzers/${{ matrix.fuzzer }} && ARCH=i386 LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} just build-multiarch | |
| utils: | |
| name: 🔧 ${{ matrix.util }} | |
| strategy: | |
| matrix: | |
| util: | |
| - gdb_qemu | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/workflows/ubuntu-prepare | |
| - name: Install deps | |
| run: sudo apt-get update && sudo apt-get install -y g++-powerpc-linux-gnu gcc-powerpc-linux-gnu gdb-multiarch | |
| - name: Add rust targets | |
| shell: bash | |
| run: rustup target add --toolchain stable-x86_64-unknown-linux-gnu powerpc-unknown-linux-gnu | |
| - name: Build and run utils (Linux) | |
| if: runner.os == 'Linux' | |
| shell: bash | |
| run: just -d utils/${{ matrix.util }} --justfile utils/${{ matrix.util }}/Justfile test | |
| libafl_asan: | |
| name: 🔧 libafl_asan | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| fetch-depth: 0 | |
| - name: Prepare | |
| uses: ./.github/workflows/asan-prepare | |
| - name: Configure Cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| # Use the task name to build the cache key. We will have a separate | |
| # cache for each since they are both expensive to build and one builds | |
| # for many different architectures. | |
| shared-key: libafl_asan | |
| # We want to include the commit hash to ensure the cache is replaced | |
| # on each new commit. | |
| key: ${{ github.sha }} | |
| cache-all-crates: true | |
| # Again the artefacts aren't built in the target root directory. | |
| workspaces: | | |
| libafl_asan | |
| - name: Test | |
| shell: bash | |
| run: | | |
| RUN_ON_CI=1 \ | |
| RUSTC_BOOTSTRAP=1 \ | |
| LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} \ | |
| just \ | |
| -f ./crates/libafl_asan/Justfile \ | |
| test_everything | |
| libafl_qemu_asan: | |
| name: 🔧 libafl_qemu_asan | |
| needs: | |
| - qemu-changes | |
| if: ${{ needs.qemu-changes.outputs.qemu == 'true' }} | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| fetch-depth: 0 | |
| - name: Prepare | |
| uses: ./.github/workflows/asan-prepare | |
| - name: Configure Cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| # Use the task name to build the cache key. We will have a separate | |
| # cache for each since they are both expensive to build and one builds | |
| # for many different architectures. | |
| shared-key: libafl_qemu_asan | |
| # We want to include the commit hash to ensure the cache is replaced | |
| # on each new commit. | |
| key: ${{ github.sha }} | |
| cache-all-crates: true | |
| # Again the artefacts aren't built in the target root directory. | |
| workspaces: | | |
| libafl_qemu/libafl_qemu_asan | |
| - name: Build | |
| shell: bash | |
| run: | | |
| RUN_ON_CI=1 \ | |
| RUSTC_BOOTSTRAP=1 \ | |
| LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} \ | |
| just \ | |
| -f ./crates/libafl_qemu/libafl_qemu_asan/Justfile \ | |
| build_everything_dev \ | |
| build_x86_64_release | |
| nostd-build: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: dtolnay/rust-toolchain@nightly | |
| with: | |
| components: rust-src | |
| - name: Add targets | |
| run: rustup target add arm-linux-androideabi && rustup target add thumbv6m-none-eabi | |
| - uses: actions/checkout@v4 | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| shared-key: no-std | |
| - name: Build aarch64-unknown-none | |
| run: cd fuzzers/fuzz_anything/baby_no_std && cargo build -Zbuild-std=core,alloc --target aarch64-unknown-none -v --release && cd ../.. | |
| - name: run x86_64 until panic! | |
| run: cd fuzzers/fuzz_anything/baby_no_std && cargo run || test $? -ne 0 || exit 1 | |
| - name: no_std tests | |
| run: cd ./crates/libafl && cargo test --no-default-features | |
| nostd-clippy: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: clippy, rust-src | |
| - name: Add targets | |
| run: rustup target add arm-linux-androideabi && rustup target add thumbv6m-none-eabi | |
| - uses: actions/checkout@v4 | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| shared-key: no-std-clippy | |
| - name: libafl armv6m-none-eabi (32 bit no_std) clippy | |
| run: cd ./crates/libafl && cargo clippy --target thumbv6m-none-eabi --no-default-features | |
| - name: libafl_bolts armv6m-none-eabi (32 bit no_std) clippy | |
| run: cd ./crates/libafl_bolts && cargo clippy --target thumbv6m-none-eabi --no-default-features | |
| format-toml: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Install taplo | |
| run: curl -fsSL https://github.com/tamasfe/taplo/releases/download/0.10.0/taplo-linux-x86_64.gz | gzip -d - | install -m 755 /dev/stdin /usr/local/bin/taplo | |
| - uses: actions/checkout@v4 | |
| - name: Run taplo | |
| run: taplo format --check | |
| build-docker: | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| packages: write | |
| contents: read | |
| outputs: | |
| image: ghcr.io/aflplusplus/libafl:latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| - name: Check Dockerfile for changes | |
| uses: dorny/paths-filter@v3 | |
| id: filter | |
| with: | |
| filters: | | |
| changed: | |
| - 'Dockerfile' | |
| - '.github/workflows/build_and_test.yml' | |
| - name: Restore Docker build cache | |
| if: steps.filter.outputs.changed == 'true' | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/.buildx-cache | |
| # We want to be able to update the cache if the Dockerfile is changed, | |
| # but still be able to use previous versions if available. | |
| key: ${{ runner.os }}-buildx-${{ github.ref }}-${{ hashFiles('Dockerfile') }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx-${{ github.ref }}- | |
| ${{ runner.os }}-buildx- | |
| - name: Set up Docker Buildx | |
| if: steps.filter.outputs.changed == 'true' | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver: docker-container | |
| - name: Log in to GitHub Container Registry | |
| if: steps.filter.outputs.changed == 'true' && github.ref == 'refs/heads/main' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build Docker image | |
| if: steps.filter.outputs.changed == 'true' | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: ${{ github.ref == 'refs/heads/main' }} | |
| load: ${{ github.ref != 'refs/heads/main' }} | |
| tags: | |
| ghcr.io/aflplusplus/libafl:latest | |
| cache-from: | | |
| type=registry,ref=ghcr.io/aflplusplus/libafl:cache | |
| type=local,src=/tmp/.buildx-cache | |
| cache-to: | | |
| ${{ github.ref == 'refs/heads/main' && 'type=registry,ref=ghcr.io/aflplusplus/libafl:cache,mode=max' || 'type=local,dest=/tmp/.buildx-cache' }} | |
| - name: Save Docker build cache | |
| if: steps.filter.outputs.changed == 'true' | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/.buildx-cache | |
| # We want to be able to update the cache if the Dockerfile is changed, | |
| # but still be able to use previous versions if available. | |
| key: ${{ runner.os }}-buildx-${{ github.ref }}-${{ hashFiles('Dockerfile') }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx-${{ github.ref }}- | |
| ${{ runner.os }}-buildx- | |
| # The windows fuzzers require the same setup, so we will use a matrix build | |
| windows: | |
| name: 🚙 ${{ matrix.fuzzer }} | |
| strategy: | |
| matrix: | |
| fuzzer: | |
| - binary_only/frida_libpng | |
| - inprocess/libafl_libfuzzer_windows | |
| - inprocess/libfuzzer_stb_image | |
| - binary_only/frida_windows_gdiplus | |
| - binary_only/tinyinst_simple | |
| # - inprocess/libfuzzer_windows_asan | |
| fail-fast: false | |
| runs-on: windows-latest | |
| needs: | |
| - fuzzers-preflight | |
| - common | |
| steps: | |
| # Get the name of the fuzzer so that we can use it as the key for a cache | |
| # of the built artefacts. The key cannot have any special characters. | |
| - name: Get fuzzer name | |
| id: fuzzer_name | |
| shell: pwsh | |
| run: | | |
| $fname = Split-Path -Leaf "${{ matrix.fuzzer }}" | |
| "fuzzer_name=$fname" | Out-File -FilePath $env:GITHUB_OUTPUT -Append | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Prepare | |
| uses: ./.github/workflows/windows-tester-prepare | |
| - name: install cxx bridge | |
| run: cargo install cxxbridge-cmd | |
| - name: Configure Cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| # There aren't too many of these fuzzers, so lets just give them a | |
| # separate cache each for now. | |
| shared-key: fuzzers-windows-${{ steps.fuzzer_name.outputs.fuzzer_name }}-x86_64 | |
| # We want to include the commit hash to ensure the cache is replaced | |
| # on each new commit. | |
| key: ${{ github.sha }} | |
| cache-all-crates: true | |
| # The code is built in the fuzzers own directory, not in the target | |
| # directory in the root of the workspace | |
| workspaces: | | |
| fuzzers/${{ matrix.fuzzer }} | |
| - name: Test | |
| run: cd fuzzers/${{ matrix.fuzzer }} && just test | |
| windows-clippy: | |
| runs-on: windows-latest | |
| needs: | |
| - common | |
| steps: | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/workflows/windows-tester-prepare | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| shared-key: windows-clippy | |
| - name: Run real clippy, not the fake one | |
| shell: pwsh | |
| run: .\scripts\clippy.ps1 | |
| macos: | |
| runs-on: macOS-latest | |
| steps: | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: clippy | |
| - name: Install deps | |
| run: brew install z3 gtk+3 python llvm@${{env.MAIN_LLVM_VERSION}} | |
| - name: Install cxxbridge | |
| run: cargo install cxxbridge-cmd | |
| - uses: actions/checkout@v4 | |
| - uses: Swatinem/rust-cache@v2 | |
| - name: MacOS Build | |
| run: cargo build --verbose | |
| - name: Increase map sizes | |
| run: ./scripts/shmem_limits_macos.sh | |
| - name: Clippy | |
| run: cargo clippy --tests --all --exclude libafl_nyx --exclude symcc_runtime --exclude runtime_test | |
| ubuntu-cross-android-arm64: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: nttld/setup-ndk@v1 | |
| with: | |
| ndk-version: r25b | |
| - name: install android | |
| run: rustup target add aarch64-linux-android | |
| - name: install cargo ndk | |
| run: cargo install cargo-ndk | |
| - uses: actions/checkout@v4 | |
| - uses: Swatinem/rust-cache@v2 | |
| - name: Build Android | |
| run: cd crates/libafl && PYO3_CROSS_PYTHON_VERSION=$(python3 -c "print('{}.{}'.format(__import__('sys').version_info.major, __import__('sys').version_info.minor))") cargo ndk -t arm64-v8a build --release | |
| ubuntu-cross-android-x86_64: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/workflows/ubuntu-prepare | |
| - uses: Swatinem/rust-cache@v2 | |
| - uses: nttld/setup-ndk@v1 | |
| id: setup-ndk | |
| with: | |
| ndk-version: r27c | |
| add-to-path: false | |
| - name: cargo-ndk | |
| run: cargo install cargo-ndk | |
| - name: cargo android targets | |
| run: | | |
| rustup target add x86_64-linux-android | |
| - name: Build Android | |
| env: | |
| ANDROID_NDK_HOME: ${{ steps.setup-ndk.outputs.ndk-path }} | |
| ANDROID_NDK_ROOT: ${{ steps.setup-ndk.outputs.ndk-path }} | |
| run: cargo ndk -t x86_64 build | |
| #run: cargo build --target aarch64-linux-android | |
| # TODO: Figure out how to properly build stuff with clang | |
| #- name: Add clang path to $PATH env | |
| # if: runner.os == 'Windows' | |
| # run: echo "C:\msys64\mingw64\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 | |
| #- name: Try if clang works | |
| # run: clang -v | |
| #- name: Windows Test | |
| # run: C:\Rust\.cargo\bin\cargo.exe test --verbose |