uri_parser: Add URI parser fuzz testing based on libFuzzer

Change-Id: Id5f5bce49bcdc3beb21e49599261355f982aabd1

Author: chris3k

.gitignore

@@ -7,3 +7,4 @@ source_downloads
 unittest/traces
 mysqlshdk/libs/db/mysqlx/xpl_error.h
 /build/
+tests/fuzz/corpus/**

CMakeLists.txt

@@ -239,22 +239,25 @@ IF(NOT PACKAGE_YEAR)
 ENDIF()
 add_definitions(-DPACKAGE_YEAR="${PACKAGE_YEAR}")
 
+IF(WITH_TESTS)
+  ENABLE_TESTING()
+ENDIF()
+
 ###
 ### Initial configuration
 ###
-
 INCLUDE(version.cmake)
 
 ###
 ### Detect Stuff
 ###
-
 INCLUDE(install_macros)
 INCLUDE(exeutils)
 INCLUDE(libutils)
 INCLUDE(compiler)
 INCLUDE(static_analysis)
 include(cmake/compile_flags.cmake)
+include(cmake/fuzzer.cmake)
 INCLUDE(msvc)
 
 INCLUDE(CheckIncludeFiles)
@@ -689,6 +692,7 @@ IF(WITH_TESTS)
   ### Unit-test support
   ###
   add_subdirectory(unittest)
+  add_subdirectory(tests/fuzz)
 ENDIF()
 
 ###

cmake/fuzzer.cmake

@@ -0,0 +1,203 @@
+# Copyright (c) 2017, 2020, Oracle and/or its affiliates.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License, version 2.0,
+# as published by the Free Software Foundation.
+#
+# This program is also distributed with certain software (including
+# but not limited to OpenSSL) that is licensed under separate terms,
+# as designated in a particular file or component or in included license
+# documentation.  The authors of MySQL hereby grant you an additional
+# permission to link the program and your derivative works with the
+# separately licensed software that they have included with MySQL.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+
+INCLUDE(CMakePushCheckState)
+
+# Only supported for Clang/llvm
+IF(NOT CMAKE_CXX_COMPILER_ID MATCHES "Clang")
+  RETURN()
+ENDIF()
+
+# ld.lld: error:
+# /usr/lib64/clang/7.0.1/lib/linux/libclang_rt.fuzzer-x86_64.a
+# (FuzzerLoop.cpp.o): unsupported SHT_GROUP format
+IF(USE_LD_LLD AND C_LD_LLD_RESULT AND CXX_LD_LLD_RESULT)
+  STRING(REPLACE "-fuse-ld=lld" ""
+    CMAKE_C_LINK_FLAGS ${CMAKE_C_LINK_FLAGS})
+  STRING(REPLACE "-fuse-ld=lld" ""
+    CMAKE_CXX_LINK_FLAGS ${CMAKE_CXX_LINK_FLAGS})
+  STRING(REPLACE "-Wl,--gdb-index" ""
+    CMAKE_C_LINK_FLAGS ${CMAKE_C_LINK_FLAGS})
+  STRING(REPLACE "-Wl,--gdb-index" ""
+    CMAKE_CXX_LINK_FLAGS ${CMAKE_CXX_LINK_FLAGS})
+ENDIF()
+
+# check if clang knows about the coverage and trace-pc-guard
+#
+# compiler  | CFLAGS                             | LDFLAGS
+# ----------|------------------------------------|------------------
+# llvm 6.0+ | -fsanitize=fuzzer                  | -fsanitize=fuzzer
+# llvm 4.0  | -fsanitize-coverage=trace-pc-guard | -lFuzzer
+# llvm 3.9  | -fsanitize-coverage=trace-cmp      | -lFuzzer
+# llvm 3.7  | -fsanitize-coverage=edge           | -lFuzzer
+
+# llvm 4.0+
+CMAKE_PUSH_CHECK_STATE(RESET)
+SET(CMAKE_REQUIRED_FLAGS "-fsanitize-coverage=trace-pc-guard")
+CHECK_CXX_COMPILER_FLAG("-fsanitize-coverage=trace-pc-guard"
+  COMPILER_HAS_SANITIZE_COVERAGE_TRACE_PC_GUARD)
+CMAKE_POP_CHECK_STATE()
+
+# llvm 3.8+
+CMAKE_PUSH_CHECK_STATE(RESET)
+SET(CMAKE_REQUIRED_FLAGS "-fsanitize-coverage=edge")
+CHECK_CXX_COMPILER_FLAG("-fsanitize-coverage=edge"
+  COMPILER_HAS_SANITIZE_COVERAGE_TRACE_EDGE)
+CMAKE_POP_CHECK_STATE()
+
+# http://llvm.org/docs/LibFuzzer.html#tracing-cmp-instructions
+CMAKE_PUSH_CHECK_STATE(RESET)
+SET(CMAKE_REQUIRED_FLAGS "-fsanitize-coverage=trace-cmp")
+CHECK_CXX_COMPILER_FLAG("-fsanitize-coverage=trace-cmp"
+  COMPILER_HAS_SANITIZE_COVERAGE_TRACE_CMP)
+CMAKE_POP_CHECK_STATE()
+
+CMAKE_PUSH_CHECK_STATE(RESET)
+SET(CMAKE_REQUIRED_FLAGS "-fprofile-instr-generate")
+CHECK_CXX_COMPILER_FLAG("-fprofile-instr-generate"
+  COMPILER_HAS_PROFILE_INSTR_GENERATE)
+CMAKE_POP_CHECK_STATE()
+
+CMAKE_PUSH_CHECK_STATE(RESET)
+# invalid argument '-fcoverage-mapping' only allowed
+# with '-fprofile-instr-generate'
+SET(CMAKE_REQUIRED_FLAGS "-fprofile-instr-generate")
+CHECK_CXX_COMPILER_FLAG("-fcoverage-mapping" COMPILER_HAS_COVERAGE_MAPPING)
+CMAKE_POP_CHECK_STATE()
+
+CMAKE_PUSH_CHECK_STATE(RESET)
+SET(CMAKE_REQUIRED_LIBRARIES "-fsanitize=address,fuzzer")
+SET(CMAKE_REQUIRED_FLAGS "-fsanitize=address,fuzzer")
+CHECK_CXX_SOURCE_COMPILES("
+extern \"C\" int LLVMFuzzerTestOneInput (void *, int)
+{ return 0; }"
+COMPILER_HAS_SANITIZE_FUZZER)
+CMAKE_POP_CHECK_STATE()
+
+
+IF(COMPILER_HAS_SANITIZE_FUZZER)
+  SET(SANITIZE_COVERAGE_FLAGS "-fsanitize=address,fuzzer")
+ELSEIF(COMPILER_HAS_SANITIZE_COVERAGE_TRACE_PC_GUARD)
+  SET(SANITIZE_COVERAGE_FLAGS "-fsanitize-coverage=trace-pc-guard")
+ELSEIF(COMPILER_HAS_SANITIZE_COVERAGE_TRACE_CMP)
+  SET(SANITIZE_COVERAGE_FLAGS "-fsanitize-coverage=trace-cmp")
+ELSEIF(COMPILER_HAS_SANITIZE_COVERAGE_TRACE_EDGE)
+  SET(SANITIZE_COVERAGE_FLAGS "-fsanitize-coverage=edge")
+ELSE()
+  MESSAGE(WARNING "Coverage is not supported. Skiping build fuzz tests.")
+ENDIF()
+
+# check that libFuzzer is found
+#
+# check_library_exists() doesn't work here as it would provide a main() which
+# calls a test-function ... which collides with libFuzzer's main():
+#
+# if the libFuzzer is found by the compiler it will provide a 'main()' and
+# require that we provide a 'LLVMFuzzerTestOneInput' at link-time.
+IF(SANITIZE_COVERAGE_FLAGS)
+  CMAKE_PUSH_CHECK_STATE(RESET)
+  SET(CMAKE_REQUIRED_LIBRARIES Fuzzer)
+  SET(CMAKE_REQUIRED_FLAGS ${SANITIZE_COVERAGE_FLAGS})
+  CHECK_CXX_SOURCE_COMPILES("
+      extern \"C\" int LLVMFuzzerTestOneInput (void *, int)
+      { return 0; }"
+      CLANG_HAS_LIBFUZZER)
+  CMAKE_POP_CHECK_STATE()
+ENDIF()
+
+IF(COMPILER_HAS_SANITIZE_FUZZER OR CLANG_HAS_LIBFUZZER)
+  IF(CLANG_HAS_LIBFUZZER)
+    SET(LIBFUZZER_LIBRARIES Fuzzer)
+  ENDIF()
+  SET(LIBFUZZER_LINK_FLAGS ${SANITIZE_COVERAGE_FLAGS})
+  SET(LIBFUZZER_COMPILE_FLAGS)
+  LIST(APPEND LIBFUZZER_COMPILE_FLAGS ${SANITIZE_COVERAGE_FLAGS})
+
+  IF(COMPILER_HAS_PROFILE_INSTR_GENERATE)
+    LIST(APPEND LIBFUZZER_COMPILE_FLAGS -fprofile-instr-generate)
+    SET(LIBFUZZER_LINK_FLAGS
+      "${LIBFUZZER_LINK_FLAGS} -fprofile-instr-generate")
+    IF(COMPILER_HAS_COVERAGE_MAPPING)
+      LIST(APPEND LIBFUZZER_COMPILE_FLAGS -fcoverage-mapping)
+    ENDIF()
+  ENDIF()
+ENDIF()
+
+
+FUNCTION(LIBFUZZER_ADD_TEST TARGET)
+  SET(OPTS)
+  SET(ONE_VAL_ARGS INITIAL_CORPUS_DIR MAX_TOTAL_TIME TIMEOUT)
+  SET(MULTI_VAL_ARGS)
+  CMAKE_PARSE_ARGUMENTS(ARG "${OPTS}" "${ONE_VAL_ARGS}" "${MULTI_VAL_ARGS}" ${ARGN})
+
+
+  IF(NOT DEFINED ARG_MAX_TOTAL_TIME)
+    SET(ARG_MAX_TOTAL_TIME 10)
+  ENDIF()
+  IF(NOT DEFINED ARG_TIMEOUT)
+    SET(ARG_TIMEOUT 0.2)
+  ENDIF()
+
+  SET(BINARY_CORPUS_DIR "${CMAKE_CURRENT_BINARY_DIR}/corpus/${TARGET}")
+  SET(BINARY_ARTIFACT_DIR "${CMAKE_CURRENT_BINARY_DIR}/artifacts/${TARGET}")
+
+  SET_TARGET_PROPERTIES(
+    ${TARGET}
+    PROPERTIES
+    COMPILE_OPTIONS "${LIBFUZZER_COMPILE_FLAGS}"
+    LINK_FLAGS "${LIBFUZZER_LINK_FLAGS}"
+    )
+
+  IF(LIBFUZZER_LIBRARIES)
+    TARGET_LINK_LIBRARIES(${TARGET} ${LIBFUZZER_LIBRARIES})
+  ENDIF()
+
+  # reset the artifact and corpus dir if the binary changed.
+  ADD_CUSTOM_COMMAND(TARGET ${TARGET}
+    POST_BUILD
+    COMMAND ${CMAKE_COMMAND} -E remove_directory "${BINARY_CORPUS_DIR}"
+    COMMAND ${CMAKE_COMMAND} -E make_directory "${BINARY_CORPUS_DIR}"
+    COMMAND ${CMAKE_COMMAND} -E remove_directory "${BINARY_ARTIFACT_DIR}"
+    COMMAND ${CMAKE_COMMAND} -E make_directory "${BINARY_ARTIFACT_DIR}"
+  )
+
+  IF(ARG_INITIAL_CORPUS_DIR)
+    # prepare the corpus in the build-dir based on samples from the source-dir
+    ADD_CUSTOM_COMMAND(TARGET ${TARGET}
+      POST_BUILD
+      COMMAND $<TARGET_FILE:${TARGET}>
+        -merge=1
+        -verbosity=0
+        -merge_control_file="${CMAKE_CURRENT_BINARY_DIR}/${TARGET}.control"
+        "${ARG_INITIAL_CORPUS_DIR}" "${BINARY_CORPUS_DIR}" 2> /dev/null
+      COMMENT "Preparing corpus for ${TARGET}"
+      )
+  ENDIF()
+
+  # use cmake -E env to set the LLVM_PROFILE_FILE in a portable way
+  ADD_TEST(${TARGET}
+            ${CMAKE_BINARY_DIR}/bin/${TARGET}
+            -max_total_time=${ARG_MAX_TOTAL_TIME} -timeout=${ARG_TIMEOUT}
+            -artifact_prefix=${BINARY_ARTIFACT_DIR}/
+            ${BINARY_CORPUS_DIR}
+  )
+ENDFUNCTION()

tests/fuzz/CMakeLists.txt

@@ -0,0 +1,44 @@
+# Copyright (c) 2020, Oracle and/or its affiliates.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License, version 2.0,
+# as published by the Free Software Foundation.
+#
+# This program is also distributed with certain software (including
+# but not limited to OpenSSL) that is licensed under separate terms, as
+# designated in a particular file or component or in included license
+# documentation.  The authors of MySQL hereby grant you an additional
+# permission to link the program and your derivative works with the
+# separately licensed software that they have included with MySQL.
+# This program is distributed in the hope that it will be useful,  but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+# the GNU General Public License, version 2.0, for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+function(add_fuzz_test fuzz_target)
+  message(STATUS "target=${fuzz_target}, srcs=${ARGN}")
+
+  add_shell_executable("${fuzz_target}" "${ARGN}" TRUE)
+
+  TARGET_INCLUDE_DIRECTORIES("${fuzz_target}" PRIVATE
+    ${PROJECT_SOURCE_DIR}
+    ${PROJECT_SOURCE_DIR}/mysqlshdk/include
+    ${PROJECT_SOURCE_DIR}/mysqlshdk/libs
+  )
+  # Instead of compiling all *.cc files listed in fuzz_uri_parser_SRC we can
+  # link libraries, but then we lose information about code coverage in
+  # uri_parser.cc
+  # target_link_libraries(fuzz_uri_parser db shellcore-minimal)
+  LIBFUZZER_ADD_TEST(fuzz_uri_parser
+    INITIAL_CORPUS_DIR ${CMAKE_CURRENT_SOURCE_DIR}/../corpus/fuzz_uri_parser)
+endfunction()
+
+IF(CMAKE_CXX_COMPILER_ID MATCHES "Clang")
+  IF(LIBFUZZER_COMPILE_FLAGS)
+    add_subdirectory(uri_parser)
+  ENDIF()
+ENDIF()

tests/fuzz/corpus/fuzz_uri_parser/ipv6_ipv4-mapped_address

@@ -0,0 +1 @@
+kg@[::ffff:192.168.1.120]:3308

tests/fuzz/corpus/fuzz_uri_parser/ipv6_with_zoneid

@@ -0,0 +1 @@
+[fe80::8090:f18c:182c:ec91%25area51]:3008

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_1

@@ -0,0 +1 @@
+mysqlx://root:@127.1﻾1:37778/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_10

@@ -0,0 +1 @@
+mysqlx://root:@127.0.0.127:5010/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_100

@@ -0,0 +1 @@
+mysqlx://root:@127.0.0.1:5010󠀲/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_101

@@ -0,0 +1 @@
+mysql://user:@[fe80::a%25en1]:4002/db

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_11

@@ -0,0 +1 @@
+mysqlx://root:@󠁜4294967295.-52363856998860641595325061.
0.257:500/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_12

@@ -0,0 +1 @@
+mysqlx://root:@127.1.
0.1:-1/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_13

@@ -0,0 +1 @@
+mysqlx://root:@127.0.3.1:5010/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_14

@@ -0,0 +1 @@
+mysqlx://root:@127.1.0.𝅘𝅥𝅮1:-520/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_15

@@ -0,0 +1 @@
+mysqlx://root:@127.0.0.0:5010/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_16

@@ -0,0 +1 @@
+mysqlx://root:@127.0.0.32769:127/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_17

@@ -0,0 +1 @@
+mysqlx://root:@-8714292349336472560438111007379281.0.0.1:5010/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_18

@@ -0,0 +1 @@
+mysqlx://root:@127.0.1.1:5010/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_19

@@ -0,0 +1 @@
+mysqlx://root:@0.0.1.1:5010/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_2

@@ -0,0 +1 @@
+mysqlx://root:@127.0.0.170141183460469231731687303715884105731:70547/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_20

@@ -0,0 +1 @@
+my󠁰sqlx://root:@1ʴ.0.0.1:5010/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_21

@@ -0,0 +1 @@
+mysqlx://root:@9223372036854775808.0.0.0:5010/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_22

@@ -0,0 +1 @@
+mysqlx://roo :@127.;.0.1:5010/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_23

@@ -0,0 +1 @@
+mys󠀱qlx://root:@9223372036854775809.⁨0.��(�2147483647.129:1J4780817/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_24

@@ -0,0 +1 @@
+mysqlx://root:ʲ@127.0.0.1:5010/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_25

@@ -0,0 +1 @@
+mysqlx://root:@17.2147483648.0.9223372036854775554:15665/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_26

@@ -0,0 +1 @@
+mysqlx://ro᠎ot:@127.0.0.1:5010/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_27

@@ -0,0 +1 @@
+mysqlx://roo󠁩t:@�270.32769.0:5010/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_28

@@ -0,0 +1 @@
+mysqlx://root:@4294967296.32769.1.0󠀸:5011/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_29

@@ -0,0 +1 @@
+mysqlx://root:@103.240.󠀯0.340282366920938463463374607431768211457󠁪6:1/�chema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_3

@@ -0,0 +1 @@
+mysqlx://󠁽root:@1ʲ27.4294967297.0.1��:3/sch3ma

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_30

@@ -0,0 +1 @@
+mysqlx://root:@1root:@127.2560ᅟ.1:109922/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_31

@@ -0,0 +1 @@
+mysqlx://root:@127.127.0.1:5010/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_32

@@ -0,0 +1 @@
+mysqlx://root:@127.0.0.170141183460469231731687303715884105727:5010/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_33

@@ -0,0 +1 @@
+mysqlx://root:@0.0.0.71895292:5010/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_34

@@ -0,0 +1 @@
+mysqlx://root:@�-222.1.0:340282366920938463463374607431768211454/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_35

@@ -0,0 +1 @@
+mysqlx://root:@-14.0.0.1:5010/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_36

@@ -0,0 +1 @@
+mysqlx://root:@127.0.256.1:2127/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_37

@@ -0,0 +1 @@
+mysqlx://root:@127��0.257.󠀭0:5010/schema

tests/fuzz/corpus/fuzz_uri_parser/radamsa_uri_38

@@ -0,0 +1 @@
+mysqlx://root:@�270.32769.0:5010/schema