From 24eb39ca1146905efaf2f44807e35eec2035500d Mon Sep 17 00:00:00 2001 From: Bhargava Shastry Date: Thu, 20 Feb 2020 20:02:28 +0530 Subject: [PATCH] Docker: Add image identical to one used by ossfuzz builder --- .circleci/config.yml | 32 ++++-- .../Dockerfile.ubuntu1604.clang.ossfuzz | 101 ++++++++++++++++++ ...ubuntu1904 => Dockerfile.ubuntu1904.clang} | 0 cmake/toolchains/libfuzzer.cmake | 6 +- 4 files changed, 132 insertions(+), 7 deletions(-) create mode 100644 .circleci/docker/Dockerfile.ubuntu1604.clang.ossfuzz rename .circleci/docker/{Dockerfile.clang.ubuntu1904 => Dockerfile.ubuntu1904.clang} (100%) diff --git a/.circleci/config.yml b/.circleci/config.yml index f8f142412..8bee0b83b 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -16,6 +16,9 @@ parameters: ubuntu-1904-clang-docker-image-rev: type: string default: "5" + ubuntu-1604-clang-ossfuzz-docker-image-rev: + type: string + default: "1" defaults: @@ -119,6 +122,17 @@ defaults: name: command line tests command: ./test/cmdlineTests.sh + - test_ubuntu1604_clang: &test_ubuntu1604_clang + docker: + - image: ethereum/solidity-buildpack-deps:ubuntu1604-clang-ossfuzz-<< pipeline.parameters.ubuntu-1604-clang-ossfuzz-docker-image-rev >> + steps: + - checkout + - attach_workspace: + at: build + - run: *run_soltest + - store_test_results: *store_test_results + - store_artifacts: *artifacts_test_results + - test_ubuntu1904_clang: &test_ubuntu1904_clang docker: - image: ethereum/solidity-buildpack-deps:ubuntu1904-clang-<< pipeline.parameters.ubuntu-1904-clang-docker-image-rev >> @@ -166,6 +180,11 @@ defaults: requires: - b_ubu + - workflow_ubuntu1604_clang: &workflow_ubuntu1604_clang + <<: *workflow_trigger_on_tags + requires: + - b_ubu_ossfuzz + - workflow_ubuntu1904_clang: &workflow_ubuntu1904_clang <<: *workflow_trigger_on_tags requires: @@ -196,7 +215,7 @@ defaults: requires: - b_ems - - workflow_ubuntu1904_ossfuzz: &workflow_ubuntu1904_ossfuzz + - workflow_ubuntu1604_ossfuzz: &workflow_ubuntu1604_ossfuzz <<: *workflow_trigger_on_tags requires: - b_ubu_ossfuzz @@ -397,12 +416,13 @@ jobs: - checkout - run: *run_build - b_ubu_ossfuzz: - <<: *build_ubuntu1904_clang + b_ubu_ossfuzz: &build_ubuntu1604_clang + docker: + - image: ethereum/solidity-buildpack-deps:ubuntu1604-clang-ossfuzz-<< pipeline.parameters.ubuntu-1604-clang-ossfuzz-docker-image-rev >> environment: - TERM: xterm CC: clang CXX: clang++ + TERM: xterm CMAKE_OPTIONS: -DCMAKE_TOOLCHAIN_FILE=cmake/toolchains/libfuzzer.cmake steps: - checkout @@ -411,7 +431,7 @@ jobs: - persist_to_workspace: *artifacts_executables_ossfuzz t_ubu_ossfuzz: &t_ubu_ossfuzz - <<: *test_ubuntu1904_clang + <<: *test_ubuntu1604_clang steps: - checkout - attach_workspace: @@ -799,7 +819,7 @@ workflows: jobs: # OSSFUZZ builds and (regression) tests - b_ubu_ossfuzz: *workflow_trigger_on_tags - - t_ubu_ossfuzz: *workflow_ubuntu1904_ossfuzz + - t_ubu_ossfuzz: *workflow_ubuntu1604_ossfuzz # Code Coverage enabled build and tests - b_ubu_codecov: *workflow_trigger_on_tags diff --git a/.circleci/docker/Dockerfile.ubuntu1604.clang.ossfuzz b/.circleci/docker/Dockerfile.ubuntu1604.clang.ossfuzz new file mode 100644 index 000000000..8e2ee01b0 --- /dev/null +++ b/.circleci/docker/Dockerfile.ubuntu1604.clang.ossfuzz @@ -0,0 +1,101 @@ +# vim:syntax=dockerfile +#------------------------------------------------------------------------------ +# Dockerfile for building and testing Solidity Compiler on CI +# Target: Ubuntu 16.04 (Xenial Xerus) ossfuzz Clang variant +# URL: https://hub.docker.com/r/ethereum/solidity-buildpack-deps +# +# This file is part of solidity. +# +# solidity is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# solidity is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with solidity. If not, see +# +# (c) 2016-2019 solidity contributors. +#------------------------------------------------------------------------------ +FROM gcr.io/oss-fuzz-base/base-clang as base + +ARG DEBIAN_FRONTEND=noninteractive + +RUN apt-get update; \ + apt-get -qqy install --no-install-recommends \ + build-essential \ + software-properties-common \ + ninja-build git wget \ + libbz2-dev zlib1g-dev git; \ + apt-get install -qy python-pip python-sphinx; + +# Install cmake 3.14 (minimum requirement is cmake 3.10) +RUN wget https://github.com/Kitware/CMake/releases/download/v3.14.5/cmake-3.14.5-Linux-x86_64.sh; \ + chmod +x cmake-3.14.5-Linux-x86_64.sh; \ + ./cmake-3.14.5-Linux-x86_64.sh --skip-license --prefix="/usr" + +FROM base AS libraries + +# Boost +RUN git clone -b boost-1.69.0 https://github.com/boostorg/boost.git \ + /usr/src/boost; \ + cd /usr/src/boost; \ + git submodule update --init --recursive; \ + ./bootstrap.sh --with-toolset=clang --prefix=/usr; \ + ./b2 toolset=clang cxxflags="-stdlib=libc++" linkflags="-stdlib=libc++" headers; \ + ./b2 toolset=clang cxxflags="-stdlib=libc++" linkflags="-stdlib=libc++" \ + link=static variant=release runtime-link=static \ + system filesystem unit_test_framework program_options \ + install -j $(($(nproc)/2)); \ + rm -rf /usr/src/boost + +# Z3 +RUN git clone --depth 1 -b z3-4.8.7 https://github.com/Z3Prover/z3.git \ + /usr/src/z3; \ + cd /usr/src/z3; \ + mkdir build; \ + cd build; \ + LDFLAGS=$CXXFLAGS cmake -DZ3_BUILD_LIBZ3_SHARED=OFF -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_BUILD_TYPE=Release ..; \ + make libz3 -j; \ + make install; \ + rm -rf /usr/src/z3 + +# OSSFUZZ: libprotobuf-mutator +RUN set -ex; \ + git clone https://github.com/google/libprotobuf-mutator.git \ + /usr/src/libprotobuf-mutator; \ + cd /usr/src/libprotobuf-mutator; \ + git checkout 3521f47a2828da9ace403e4ecc4aece1a84feb36; \ + mkdir build; \ + cd build; \ + cmake .. -GNinja -DLIB_PROTO_MUTATOR_DOWNLOAD_PROTOBUF=ON \ + -DLIB_PROTO_MUTATOR_TESTING=OFF -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_INSTALL_PREFIX="/usr"; \ + ninja; \ + cp -vpr external.protobuf/bin/* /usr/bin/; \ + cp -vpr external.protobuf/include/* /usr/include/; \ + cp -vpr external.protobuf/lib/* /usr/lib/; \ + ninja install/strip; \ + rm -rf /usr/src/libprotobuf-mutator + +# EVMONE +RUN set -ex; \ + cd /usr/src; \ + git clone --branch="v0.4.0" --recurse-submodules https://github.com/ethereum/evmone.git; \ + cd evmone; \ + mkdir build; \ + cd build; \ + cmake -G Ninja -DBUILD_SHARED_LIBS=OFF -DCMAKE_INSTALL_PREFIX="/usr" ..; \ + ninja; \ + ninja install/strip; \ + rm -rf /usr/src/evmone + +FROM base +COPY --from=libraries /usr/lib /usr/lib +COPY --from=libraries /usr/bin /usr/bin +COPY --from=libraries /usr/include /usr/include diff --git a/.circleci/docker/Dockerfile.clang.ubuntu1904 b/.circleci/docker/Dockerfile.ubuntu1904.clang similarity index 100% rename from .circleci/docker/Dockerfile.clang.ubuntu1904 rename to .circleci/docker/Dockerfile.ubuntu1904.clang diff --git a/cmake/toolchains/libfuzzer.cmake b/cmake/toolchains/libfuzzer.cmake index 53c36d3c9..a734df975 100644 --- a/cmake/toolchains/libfuzzer.cmake +++ b/cmake/toolchains/libfuzzer.cmake @@ -8,4 +8,8 @@ set(OSSFUZZ ON CACHE BOOL "Enable fuzzer build" FORCE) # Use libfuzzer as the fuzzing back-end set(LIB_FUZZING_ENGINE "-fsanitize=fuzzer" CACHE STRING "Use libfuzzer back-end" FORCE) # clang/libfuzzer specific flags for UBSan instrumentation -set(CMAKE_CXX_FLAGS "-O1 -gline-tables-only -fsanitize=undefined -fsanitize=fuzzer-no-link -stdlib=libstdc++" CACHE STRING "Custom compilation flags" FORCE) +set(CMAKE_CXX_FLAGS "-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -I /usr/local/include/c++/v1 -fsanitize=undefined -fsanitize=fuzzer-no-link -stdlib=libc++" CACHE STRING "Custom compilation flags" FORCE) +# Link statically against boost libraries +set(BOOST_FOUND ON CACHE BOOL "" FORCE) +set(Boost_USE_STATIC_LIBS ON CACHE BOOL "Link against static Boost libraries" FORCE) +set(Boost_USE_STATIC_RUNTIME ON CACHE BOOL "Link against static Boost runtime library" FORCE)