Author: sagamusix
Date: Fri May 10 21:11:37 2024
New Revision: 20755
URL: https://source.openmpt.org/browse/openmpt/?op=revision&rev=20755
Log:
[Imp] Speed up fuzzing by using persistent mode and shared memory file input. Note: afl++ will report a stability of about 99.x%. According to its debug output, the unstable edges are in WavesReverb and I3DL2Reverb implementations, however the unstable edges that it finds don't make any sense. As a tiny bit of instability in these parts of the code should not hurt overall code coverage, we trade this for the significant gains in speed that persistent mode gives us.
Added:
trunk/OpenMPT/contrib/fuzzing/fuzz.cpp
- copied, changed from r20754, trunk/OpenMPT/contrib/fuzzing/fuzz.c
Deleted:
trunk/OpenMPT/contrib/fuzzing/fuzz.c
Modified:
trunk/OpenMPT/Makefile
Modified: trunk/OpenMPT/Makefile
==============================================================================
--- trunk/OpenMPT/Makefile Fri May 10 16:13:47 2024 (r20754)
+++ trunk/OpenMPT/Makefile Fri May 10 21:11:37 2024 (r20755)
@@ -2093,10 +2093,10 @@
endif
endif
-contrib/fuzzing/fuzz$(FLAVOUR_O).o: contrib/fuzzing/fuzz.c
- $(INFO) [CC] $<
- $(VERYSILENT)$(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -M -MT$@ $< > $*$(FLAVOUR_O).d
- $(SILENT)$(COMPILE.c) $(OUTPUT_OPTION) $<
+contrib/fuzzing/fuzz$(FLAVOUR_O).o: contrib/fuzzing/fuzz.cpp
+ $(INFO) [CXX] $<
+ $(VERYSILENT)$(CXX) $(CXXFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -M -MT$@ $< > $*$(FLAVOUR_O).d
+ $(SILENT)$(COMPILE.cc) $(OUTPUT_OPTION) $<
bin/$(FLAVOUR_DIR)fuzz$(EXESUFFIX): contrib/fuzzing/fuzz$(FLAVOUR_O).o $(OBJECTS_LIBOPENMPT) $(OUTPUT_LIBOPENMPT)
$(INFO) [LD] $@
$(SILENT)$(LINK.cc) $(LDFLAGS_LIBOPENMPT) contrib/fuzzing/fuzz$(FLAVOUR_O).o $(OBJECTS_LIBOPENMPT) $(LOADLIBES) $(LDLIBS) $(LDLIBS_LIBOPENMPT) -o $@
Copied and modified: trunk/OpenMPT/contrib/fuzzing/fuzz.cpp (from r20754, trunk/OpenMPT/contrib/fuzzing/fuzz.c)
==============================================================================
--- trunk/OpenMPT/contrib/fuzzing/fuzz.c Fri May 10 16:13:47 2024 (r20754, copy source)
+++ trunk/OpenMPT/contrib/fuzzing/fuzz.cpp Fri May 10 21:11:37 2024 (r20755)
@@ -1,24 +1,22 @@
/*
- * fuzz.c
- * ------
+ * fuzz.cpp
+ * --------
* Purpose: Tiny libopenmpt user to be used by fuzzing tools
* Notes : (currently none)
* Authors: OpenMPT Devs
* The OpenMPT source code is released under the BSD license. Read LICENSE for more details.
*/
-#include <memory.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
+#include <memory>
+#include <cstdint>
+#include <cstdlib>
-#include <errno.h>
+#include <cerrno>
#include <unistd.h>
#include <libopenmpt/libopenmpt.h>
-#include <libopenmpt/libopenmpt_stream_callbacks_file.h>
+
+#include "../../common/mptRandom.h"
#define BUFFERSIZE 450 // shouldn't match OpenMPT's internal mix buffer size (512)
#define SAMPLERATE 22050
@@ -39,43 +37,52 @@
case OPENMPT_ERROR_RANGE:
case OPENMPT_ERROR_RUNTIME:
case OPENMPT_ERROR_EXCEPTION:
- abort();
+ std::abort();
default:
return OPENMPT_ERROR_FUNC_RESULT_NONE;
}
}
+__AFL_FUZZ_INIT();
+
int main( int argc, char * argv[] ) {
(void)argc;
+ (void)argv;
+ openmpt_module_create_from_memory2( buffer, BUFFERSIZE, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr );
#ifdef __AFL_HAVE_MANUAL_CONTROL
__AFL_INIT();
#endif
- FILE * file = fopen( argv[1], "rb" );
- openmpt_module * mod = openmpt_module_create2( openmpt_stream_get_file_callbacks(), file, NULL, NULL, ErrFunc, NULL, NULL, NULL, NULL );
- fclose( file );
- if ( mod == NULL )
- return 1;
-
- // verify API contract : If the file can be loaded, header probing must be successful too.
- if ( openmpt_probe_file_header_from_stream( OPENMPT_PROBE_FILE_HEADER_FLAGS_DEFAULT, openmpt_stream_get_file_callbacks(), file, NULL, NULL, ErrFunc, NULL, NULL, NULL ) == OPENMPT_PROBE_FILE_HEADER_RESULT_FAILURE )
- abort();
-
- openmpt_module_ctl_set( mod, "render.resampler.emulate_amiga", (openmpt_module_get_num_orders( mod ) & 1) ? "0" : "1" );
- // render about a second of the module for fuzzing the actual mix routines
- for(int i = 0; i < 50; i++) {
- size_t count = openmpt_module_read_mono( mod, SAMPLERATE, BUFFERSIZE, buffer );
- if ( count == 0 ) {
- break;
+
+ unsigned char *fileBuffer = __AFL_FUZZ_TESTCASE_BUF; // must be after __AFL_INIT and before __AFL_LOOP!
+
+ while (__AFL_LOOP(10000)) {
+ int fileSize = __AFL_FUZZ_TESTCASE_LEN;
+ OpenMPT::mpt::reinit_global_random();
+ openmpt_module * mod = openmpt_module_create_from_memory2( fileBuffer, fileSize, nullptr, nullptr, ErrFunc, nullptr, nullptr, nullptr, nullptr);
+ if ( mod == NULL )
+ return 1;
+
+ // verify API contract: If the file can be loaded, header probing must be successful too.
+ if ( openmpt_probe_file_header( OPENMPT_PROBE_FILE_HEADER_FLAGS_DEFAULT, fileBuffer, fileSize, fileSize, nullptr, nullptr, ErrFunc, nullptr, nullptr, nullptr ) == OPENMPT_PROBE_FILE_HEADER_RESULT_FAILURE )
+ std::abort();
+
+ openmpt_module_ctl_set( mod, "render.resampler.emulate_amiga", (openmpt_module_get_num_orders( mod ) & 1) ? "0" : "1" );
+ // render about a second of the module for fuzzing the actual mix routines
+ for(int i = 0; i < 50; i++) {
+ size_t count = openmpt_module_read_mono( mod, SAMPLERATE, BUFFERSIZE, buffer );
+ if ( count == 0 ) {
+ break;
+ }
}
+ openmpt_module_set_position_seconds( mod, 1.0 );
+ openmpt_module_read_mono( mod, SAMPLERATE, BUFFERSIZE, buffer );
+ openmpt_module_set_position_order_row( mod, 3, 16 );
+ openmpt_module_read_mono( mod, SAMPLERATE, BUFFERSIZE, buffer );
+
+ // fuzz string-related stuff
+ openmpt_free_string ( openmpt_module_get_metadata( mod, "date" ) );
+ openmpt_free_string ( openmpt_module_get_metadata( mod, "message" ) );
+ openmpt_module_destroy( mod );
}
- openmpt_module_set_position_seconds( mod, 1.0 );
- openmpt_module_read_mono( mod, SAMPLERATE, BUFFERSIZE, buffer );
- openmpt_module_set_position_order_row( mod, 3, 16 );
- openmpt_module_read_mono( mod, SAMPLERATE, BUFFERSIZE, buffer );
-
- // fuzz string-related stuff
- openmpt_free_string ( openmpt_module_get_metadata( mod, "date" ) );
- openmpt_free_string ( openmpt_module_get_metadata( mod, "message" ) );
- openmpt_module_destroy( mod );
return 0;
}
|
