Address initial PR change requests from Jserv

run_fuzzer.sh → .ci/riscv-fuzz.sh

@@ -1,7 +1,9 @@
 #!/usr/bin/env bash
 set -e -u -o pipefail
 
-echo "Compiling..."
+# compile
+command -v clang &> /dev/null
+
 clang \
     -g -O1 \
     -fsanitize=fuzzer,address,undefined \
@@ -11,7 +13,7 @@ clang \
     -D DEFAULT_STACK_ADDR=0xFFFFE000 \
     -D DEFAULT_ARGS_ADDR=0xFFFFF000 \
     -D FUZZER \
-    -o build/rv32emu_fuzzer \
+    -o build/rv32emu_fuzz \
     src/fuzz_target.cc \
     src/map.c \
 	src/utils.c \
@@ -24,8 +26,10 @@ clang \
 	src/cache.c \
 	src/mpool.c \
 	src/main.c
-echo "Done"
 
 # populate the initial CORPUS for the fuzzer using valid elf
-mkdir -p src/fuzzer/CORPUS_DIR
-cp build/*.elf src/fuzzer/CORPUS_DIR
+mkdir -p build/fuzz/CORPUS_DIR
+cp build/*.elf build/fuzz/CORPUS_DIR
+
+# execute
+./build/rv32emu_fuzz build/fuzz/CORPUS_DIR -timeout=3

.gitignore

@@ -11,12 +11,13 @@ toolchain/
 # built objects
 build/.config
 build/rv32emu
-build/rv32emu_fuzzer
+build/rv32emu_fuzz
 build/arch-test
 build/mini-gdbstub
 build/softfloat
 build/cache/
 build/map/
+build/fuzz/
 *.o
 *.o.d
 tests/**/*.elf

Makefile

@@ -3,7 +3,7 @@ include mk/toolchain.mk
 
 OUT ?= build
 BIN := $(OUT)/rv32emu
-FUZZER_BIN := $(OUT)/rv32emu_fuzzer
+FUZZER_BIN := $(OUT)/rv32emu_fuzz
 
 CONFIG_FILE := $(OUT)/.config
 -include $(CONFIG_FILE)

src/fuzzer/fuzzer.md → docs/fuzzer.md

@@ -1,23 +1,18 @@
 # Fuzzing
 
-> Inspired by the fuzzer from [this project](/~https://github.com/fwsGonzo/libriscv/tree/master/fuzz).
-
 We are using the [LLVM Fuzzer](https://llvm.org/docs/LibFuzzer.html).
 
 The fuzzer used here is without structured input generation. Instead, we rely on the fuzzer to mutate the input.
 
-# Execution
+The initial seeds are all the ELF files in the build folder.
 
-- `./run_fuzzer.sh && ./build/rv32emu_fuzzer src/fuzzer/CORPUS_DIR -jobs=1 -timeout=3`
-    - TODO
-        - `make fuzzer CC=clang ENABLE_EXT_F=0 ENABLE_SDL=0`
-        - `./build/rv32emu_fuzzer src/fuzzer/CORPUS_DIR`
+## Execution
 
-# [Corpus](https://llvm.org/docs/LibFuzzer.html#corpus)
+- `./.ci/riscv-fuzz.sh`
 
-The a corpus of sample inputs, which is the seed, will be all the elf binaries in the build folder. 
+## References
 
-# References
+> Inspired by the fuzzer from [this project](/~https://github.com/fwsGonzo/libriscv/tree/master/fuzz).
 
 - [LLVM official LibFuzzer documentation](https://llvm.org/docs/LibFuzzer.html#corpus)
 - [Chromium - Getting started with LibFuzzer](https://chromium.googlesource.com/chromium/src/+/refs/heads/main/testing/libfuzzer/getting_started_with_libfuzzer.md)

src/elf.c

@@ -360,7 +360,6 @@ bool elf_open(elf_t *e, const char *path)
 
     /* point to the header */
     if (sizeof(struct Elf32_Ehdr) > e->raw_size) {
-        // this will never be a valid ELF file
         release(e);
         return false;
     }