Adds fuzzing preset #7566
Adds fuzzing preset #7566
Conversation
Partial fix for halide#7552
2ea3475 to
a31bbe3
Compare
|
@steven-johnson So I was able to configure this fuzzing build correctly using; I did not need to set the CFLAGS/CXXFLAGS here and tested with those vars unset. Hopefully this is a step in the right direction to addressing #7552. I'm going to follow up with some documentation. NOTE: that this should work on macos (even though the preset says linux). If I can confirm that it builds correctly I might just rename the preset without the "linux-" prefix. But I don't have access to a mac to test with. |
9287bd7 to
29e45f1
Compare
29e45f1 to
ae7a5bd
Compare
README_fuzz_testing.md
Outdated
| your disk. | ||
|
|
||
| Up until this point the fuzzer has only been running on a single core. To | ||
| speed things up a little, let's run the fuzzer in parrelell across all |
README_fuzz_testing.md
Outdated
| Halide has a set of fuzz-testing harnesses that can be used to find those | ||
| tricky to find, edge cases and bugs that would otherwise not be caught | ||
| by a regular unit-testing suite. At the moment these fuzz-tests are housed | ||
| in the `//test/fuzz` directory. The fuzz testing suite use the common, |
There was a problem hiding this comment.
test/fuzz (no initial //)
README_fuzz_testing.md
Outdated
| [libfuzzer](https://www.llvm.org/docs/LibFuzzer.html) interface for fuzz-tests. | ||
|
|
||
| ## Building fuzz tests | ||
| Fuzz testing requires specific instrumentation across the entire build, |
There was a problem hiding this comment.
grammar nit: build; rather than build,
README_fuzz_testing.md
Outdated
| ## Using the fuzz-harnesses | ||
| Fuzz-testing harnesses are a little different to a more traditional unit-test | ||
| and would don't have a definitive end of test. In other words a fuzz test will | ||
| run; |
There was a problem hiding this comment.
grammar nit: run: rather than run;
README_fuzz_testing.md
Outdated
| - you manually kill the process e.g. (ctrl-C). | ||
|
|
||
| Once you have built the fuzz testing suite using the commands listed above you | ||
| can list the fuzz testing harnesses using the command; |
There was a problem hiding this comment.
grammar nit: : rather than ;
README_fuzz_testing.md
Outdated
|
|
||
| `crash-<some_random_hash>` | ||
|
|
||
| To reproduce a crase we simply rerun our fuzz harness with our crash |
README_fuzz_testing.md
Outdated
| reproduce the original crash. | ||
|
|
||
| ## Adding new fuzz tests | ||
| A bare-bones fuzzer will look something like follows; |
There was a problem hiding this comment.
something like the following:
README_fuzz_testing.md
Outdated
| to do this we make use of a fuzzing-specific-toolchain/preset. e.g. | ||
|
|
||
| ``` | ||
| cmake . --preset linux-x64-fuzzer |
There was a problem hiding this comment.
This doesn't work as-is; e.g. LLVM_ROOT must be specified. For me, a complete commandline requires -DLLVM_ROOT=/path/to/llvminstall
There was a problem hiding this comment.
Added that to the example
Co-authored-by: Alex Reinking <alex.reinking@gmail.com>
648beb8 to
ac0de71
Compare
There was a problem hiding this comment.
Sorry for the slow response (and my terrible grammar :P)
There seems to still be some reproducibility issues caused by differing systems. I'm going to try going through these steps on a clean ubuntu install (probably in a docker container), and then use that as a bit of a starting point.
README_fuzz_testing.md
Outdated
| Halide has a set of fuzz-testing harnesses that can be used to find those | ||
| tricky to find, edge cases and bugs that would otherwise not be caught | ||
| by a regular unit-testing suite. At the moment these fuzz-tests are housed | ||
| in the `//test/fuzz` directory. The fuzz testing suite use the common, |
README_fuzz_testing.md
Outdated
| [libfuzzer](https://www.llvm.org/docs/LibFuzzer.html) interface for fuzz-tests. | ||
|
|
||
| ## Building fuzz tests | ||
| Fuzz testing requires specific instrumentation across the entire build, |
README_fuzz_testing.md
Outdated
| to do this we make use of a fuzzing-specific-toolchain/preset. e.g. | ||
|
|
||
| ``` | ||
| cmake . --preset linux-x64-fuzzer |
There was a problem hiding this comment.
Added that to the example
README_fuzz_testing.md
Outdated
| your disk. | ||
|
|
||
| Up until this point the fuzzer has only been running on a single core. To | ||
| speed things up a little, let's run the fuzzer in parrelell across all |
README_fuzz_testing.md
Outdated
|
|
||
| `crash-<some_random_hash>` | ||
|
|
||
| To reproduce a crase we simply rerun our fuzz harness with our crash |
README_fuzz_testing.md
Outdated
| reproduce the original crash. | ||
|
|
||
| ## Adding new fuzz tests | ||
| A bare-bones fuzzer will look something like follows; |
|
Ok so after the latest update I was able to build successfully using the following Dockerfile; FROM ubuntu:22.04
RUN apt-get update && apt-get install -y ninja-build lsb-core software-properties-common zlib1g-dev git binutils python3 python3-pip wget make
RUN pip3 install -U cmake
RUN wget https://apt.llvm.org/llvm.sh
RUN chmod +x llvm.sh
RUN ./llvm.sh 16
RUN apt-get install -y libclang-common-16-dev libclang-16-dev libclang1-16 clangd-16
RUN git clone --branch add_presets https://github.com/silvergasp/Halide.git
WORKDIR Halide
RUN cmake -B build --preset linux-x64-fuzzer -DLLVM_ROOT=/usr/lib/llvm-16
RUN cmake --build ./build -j$(nproc)
RUN ./build/test/fuzz/fuzz_simplify -help=1Ideally we won't require docker to reproduce the build (otherwise we'd just use the google/oss-fuzz images), this was mostly just an exercise in capturing the parts of my system that might be different from others. |
|
Thanks for the update! This now works fine on my local Linux box, without any drama -- it should be easy for me to add to the buildbots after this lands. I took the liberty of pushing a change to allow for the fuzz tests to run for a finite amount of time (100 runs per test) when used in combination with CTest. @alexreinking, PTAL, I had to tweak |
LGTM here |
|
Does this also need a special llvm build? When I build LLVM using the instructions in the top-level readme, I get: |
|
Looks like we might need to add compiler-rt to the llvm projects list in the top-level readme |
Ah, yes, I'll make that change. (My local LLVM builds have included that for a while because it's needed for other sanitizers) EDIT: though, this means that installing a prebuilt LLVM means that builds will default to failing... we should probably try to smarten the CMake build to see if we can detect that |
|
Yeah, and even that isn't necessary, since the fuzz tests are already elided if you aren't building with the toolchain file. I just updated the README files, I think that should suffice PTAL |
* Adds fuzzing preset Partial fix for halide#7552 * Adds documentation on fuzz testing Closes: halide#7552 * Fixes spelling/grammar in fuzzing readme Co-authored-by: Alex Reinking <alex.reinking@gmail.com> * Remove asan flags from fuzzer * Add build directory in cmake/fuzzing documentation * Configure the fuzz tests to run for a finite amount of time * Update README * Update README_fuzz_testing.md * trigger buildbots * trigger buildbots * trigger buildbots * Update CMakeLists.txt --------- Co-authored-by: Steven Johnson <srj@google.com> Co-authored-by: Alex Reinking <alex.reinking@gmail.com>
Partial fix for #7552