| commit | f0b8122ab9b1696a80988e2b51d3da3d715f46a8 | [log] [tgz] |
|---|---|---|
| author | Michael Ensing <michael.ensing@leviathansecurity.com> | Fri May 01 16:00:17 2020 -0700 |
| committer | Michael Ensing <michael.ensing@leviathansecurity.com> | Wed May 13 22:30:13 2020 -0700 |
| tree | 496eeceafd826f217a091d9cd0d48d7254526651 | |
| parent | c5ca7d3a766f84d58119d18d8df738975204c7a9 [diff] |
Add fuzzers for 10 libosi components
Added fuzzers, most of which may be run either on host or on device.
Note that coverage will differ based on arch. Additionally, alarm
will not successfully run on host due to the reliance on hooking
system functions, and compat may not be useful on-device, as libosi's
compat.h function definitions, and therefore the fuzzer calls, are
wrapped in an '#if __GLIBC__'.
Test: Tested on a Pixel 3a with no starting corpus and a short run,
resulting in the following statistics:
- alarm 15% cov ~280 exec/s
- allocation_tracker: 61% cov ~2.5k exec/s
- allocator: 34% cov ~24k exec/s
- array: 22% cov ~16k exec/s
- buffer: 22% cov ~26k exec/s
- compat: N/A N/A
- fixed_queue: 45% cov ~8k exec/s
- future 22% cov ~83k exec/s
- list 46% cov ~21k exec/s
- ringbuffer 38% cov ~20k exec/s
Signed-off-by: Michael Ensing <michael.ensing@leviathansecurity.com>
Change-Id: I9203c804941beaa470940452f39bf352d725eb02
Just build AOSP - Fluoride is there by default.
Instructions for Ubuntu, tested on 14.04 with Clang 3.5.0 and 16.10 with Clang 3.8.0
mkdir ~/fluoride cd ~/fluoride git clone https://android.googlesource.com/platform/packages/modules/Bluetooth/system
Install dependencies (require sudo access):
cd ~/fluoride/bt build/install_deps.sh
Then fetch third party dependencies:
cd ~/fluoride/bt mkdir third_party cd third_party git clone https://github.com/google/googletest.git git clone https://android.googlesource.com/platform/external/aac git clone https://android.googlesource.com/platform/external/libchrome git clone https://android.googlesource.com/platform/external/libldac git clone https://android.googlesource.com/platform/external/modp_b64 git clone https://android.googlesource.com/platform/external/tinyxml2
And third party dependencies of third party dependencies:
cd fluoride/bt/third_party/libchrome/base/third_party mkdir valgrind cd valgrind curl https://chromium.googlesource.com/chromium/src/base/+/master/third_party/valgrind/valgrind.h?format=TEXT | base64 -d > valgrind.h curl https://chromium.googlesource.com/chromium/src/base/+/master/third_party/valgrind/memcheck.h?format=TEXT | base64 -d > memcheck.h
NOTE: If packages/modules/Bluetooth/system is checked out under AOSP, then create symbolic links instead of downloading sources
cd packages/modules/Bluetooth/system mkdir third_party cd third_party ln -s ../../../external/aac aac ln -s ../../../external/libchrome libchrome ln -s ../../../external/libldac libldac ln -s ../../../external/modp_b64 modp_b64 ln -s ../../../external/tinyxml2 tinyxml2 ln -s ../../../external/googletest googletest
cd ~/fluoride/bt gn gen out/Default
cd ~/fluoride/bt ninja -C out/Default all
This will build all targets (the shared library, executables, tests, etc) and put them in out/Default. To build an individual target, replace "all" with the target of your choice, e.g. ninja -C out/Default net_test_osi.
cd ~/fluoride/bt/out/Default LD_LIBRARY_PATH=./ ./bluetoothtbd -create-ipc-socket=fluoride
Follows the Chromium project Eclipse Setup Instructions until "Optional: Building inside Eclipse" section (don't do that section, we will set it up differently)
Generate Eclipse settings:
cd packages/modules/Bluetooth/system gn gen --ide=eclipse out/Default
In Eclipse, do File->Import->C/C++->C/C++ Project Settings, choose the XML location under packages/modules/Bluetooth/system/out/Default
Right click on the project. Go to Preferences->C/C++ Build->Builder Settings. Uncheck "Use default build command", but instead using "ninja -C out/Default"
Goto Behaviour tab, change clean command to "-t clean"