Add libfuzzer based fuzzer. (#1117)

* Add libfuzzer based fuzzer. See: https://www.llvm.org/docs/LibFuzzer.html Signed-off-by: Alan Jowett <alan.jowett@microsoft.com> * Fix ELF parsing bugs found by fuzzer Signed-off-by: Dave Thaler <dthaler@microsoft.com> * Make verifier fuzzer compile in Debug configuration Signed-off-by: Dave Thaler <dthaler@microsoft.com> * Cleanup fuzzer code Signed-off-by: Alan Jowett <alan.jowett@microsoft.com> * PR feedback Signed-off-by: Alan Jowett <alan.jowett@microsoft.com> * Setup/cleanup state for fuzzing Signed-off-by: Alan Jowett <alan.jowett@microsoft.com> * Fix debug build of execution_context_fuzzer Signed-off-by: Alan Jowett <alan.jowett@microsoft.com> * Fix verifier Signed-off-by: Dave Thaler <dthaler@microsoft.com> * Pickup latest ebpf-verifier Signed-off-by: Alan Jowett <alan.jowett@microsoft.com> * Remove corpus from git Signed-off-by: Alan Jowett <alan.jowett@microsoft.com> * Fix CR/LF mangling in ELF files Signed-off-by: Alan Jowett <alan.jowett@microsoft.com> * PR feedback Signed-off-by: Alan Jowett <alan.jowett@microsoft.com> * Remove corpus from git Signed-off-by: Alan Jowett <alan.jowett@microsoft.com> * Fix build break Signed-off-by: Alan Jowett <alan.jowett@microsoft.com> * Enable debug fuzzer build Signed-off-by: Alan Jowett <alan.jowett@microsoft.com> * Update to latest verifier Signed-off-by: Dave Thaler <dthaler@microsoft.com> * Update test based on latest verifier changes Signed-off-by: Dave Thaler <dthaler@microsoft.com> * Fix execution context fuzzer Signed-off-by: Dave Thaler <dthaler@microsoft.com> Co-authored-by: Alan Jowett <alan.jowett@microsoft.com> Co-authored-by: Dave Thaler <dthaler@microsoft.com> Co-authored-by: saxena-anurag <43585259+saxena-anurag@users.noreply.github.com>
microsoft · May 27, 2022 · c62b083 · c62b083
1 parent 82db455
commit c62b083
Show file tree

Hide file tree

Showing 24 changed files with 1,145 additions and 5 deletions.
diff --git a/.gitattributes b/.gitattributes
@@ -12,3 +12,4 @@
 *.sln               text eol=crlf
 *.vcxproj           text eol=crlf
 *.vcxproj.filters   text eol=crlf
+*.o                 -text
diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
@@ -49,6 +49,17 @@ jobs:
     with:
       build_artifact: Build-x64-cmake
 
+  # Perform the libfuzzer build.
+  libfuzzer:
+    # Always run this job.
+    if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push'
+    uses: ./.github/workflows/reusable-build.yml
+    with:
+      build_artifact: Build-x64-fuzzer
+      cxx_flags: /fsanitize-coverage=inline-bool-flag /fsanitize-coverage=edge /fsanitize-coverage=trace-cmp /fsanitize-coverage=trace-div /ZH:SHA_256
+      ld_flags: '"clang_rt.fuzzer_MD-x86_64.lib" "libsancov.lib"'
+      build_options: /p:Fuzzer='True' /t:tests\libfuzzer\execution_context_fuzzer /t:tests\libfuzzer\bpf2c_fuzzer /t:tests\libfuzzer\verifier_fuzzer
+
   # Run the unit tests in GitHub.
   unit_tests:
     # Always run this job.

diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml
@@ -25,6 +25,12 @@ on:
       build_nuget:
         required: false
         type: boolean
+      cxx_flags:
+        required: false
+        type: string
+      ld_flags:
+        required: false
+        type: string
 
 permissions:
   contents: read
@@ -45,6 +51,8 @@ jobs:
       BUILD_CONFIGURATION: ${{matrix.configurations}}
       BUILD_PLATFORM: x64
       BUILD_OPTIONS: ${{inputs.build_options}}
+      CXX_FLAGS: ${{inputs.cxx_flags}}
+      LD_FLAGS: ${{inputs.ld_flags}}
 
     steps:
     - uses: actions/checkout@b0e28b5ac45a892f91e7d036f8200cf5ed489415
@@ -90,14 +98,16 @@ jobs:
     - name: Create verifier project
       working-directory: ${{env.GITHUB_WORKSPACE}}
       env:
-        CXXFLAGS: /ZH:SHA_256
+        CXXFLAGS: /ZH:SHA_256 ${{env.CXX_FLAGS}}
+        LDFLAGS: ${{env.LD_FLAGS}}
       run: |
         cmake -G "Visual Studio 16 2019" -S external\ebpf-verifier -B external\ebpf-verifier\build
 
     - name: Create catch2 project
       working-directory: ${{env.GITHUB_WORKSPACE}}
       env:
-        CXXFLAGS: /ZH:SHA_256
+        CXXFLAGS: /ZH:SHA_256 ${{env.CXX_FLAGS}}
+        LDFLAGS: ${{env.LD_FLAGS}}
       run: |
         cmake -G "Visual Studio 16 2019" -S external\catch2 -B external\catch2\build -DBUILD_TESTING=OFF
 

diff --git a/Directory.Build.props b/Directory.Build.props
@@ -12,7 +12,11 @@
   <PropertyGroup Condition="'$(AddressSanitizer)'=='True'">
     <EnableASAN>true</EnableASAN>
   </PropertyGroup>
-  <PropertyGroup>
+  <PropertyGroup Condition="'$(Fuzzer)'=='True'">
+    <EnableASAN>true</EnableASAN>
+    <AdditionalOptions>/fsanitize-coverage=inline-bool-flag /fsanitize-coverage=edge /fsanitize-coverage=trace-cmp /fsanitize-coverage=trace-div %(AdditionalOptions)</AdditionalOptions>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Fuzzer)'!='True'">
     <SpectreMitigation>Spectre</SpectreMitigation>
   </PropertyGroup>
   <ItemDefinitionGroup>

diff --git a/ebpf-for-windows.sln b/ebpf-for-windows.sln
@@ -129,6 +129,9 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "bpf2c", "tools\bpf2c\bpf2c.
 	EndProjectSection
 EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "bpf2c_tests", "tests\bpf2c_tests\bpf2c_tests.vcxproj", "{61DF9973-81B9-4006-9148-52F58259BBCF}"
+	ProjectSection(ProjectDependencies) = postProject
+		{69B97E52-18DC-434E-A6E4-4C0F3E88C44A} = {69B97E52-18DC-434E-A6E4-4C0F3E88C44A}
+	EndProjectSection
 EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Catch2WithMain", "external\Catch2\build\src\Catch2WithMain.vcxproj", "{8BD3552A-2CFB-4A59-AB15-2031B97ADA1E}"
 EndProject
@@ -146,6 +149,14 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nuget", "tools\nuget\nuget.
 EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pe-parse", "libs\pe-parse\pe-parse.vcxproj", "{FE4FEA79-BFBB-4822-ABCB-0D3BEEA240A7}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "libfuzzer", "libfuzzer", "{E184CBC2-4B62-499F-8A4A-F15A5A182259}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "execution_context_fuzzer", "tests\libfuzzer\execution_context\execution_context_fuzzer.vcxproj", "{6116AE11-5296-4DE9-8A8E-5380B789907E}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "bpf2c_fuzzer", "tests\libfuzzer\bpf2c\bpf2c_fuzzer.vcxproj", "{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "verifier_fuzzer", "tests\libfuzzer\verifier\verifier_fuzzer.vcxproj", "{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|ARM = Debug|ARM
@@ -1419,6 +1430,84 @@ Global
 		{FE4FEA79-BFBB-4822-ABCB-0D3BEEA240A7}.RelWithDebInfo|x64.Build.0 = Release|x64
 		{FE4FEA79-BFBB-4822-ABCB-0D3BEEA240A7}.RelWithDebInfo|x86.ActiveCfg = Release|Win32
 		{FE4FEA79-BFBB-4822-ABCB-0D3BEEA240A7}.RelWithDebInfo|x86.Build.0 = Release|Win32
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.Debug|ARM.ActiveCfg = Debug|x64
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.Debug|ARM64.ActiveCfg = Debug|x64
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.Debug|x64.ActiveCfg = Debug|x64
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.Debug|x64.Build.0 = Debug|x64
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.Debug|x86.ActiveCfg = Debug|x64
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.MinSizeRel|ARM.ActiveCfg = Debug|x64
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.MinSizeRel|ARM.Build.0 = Debug|x64
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.MinSizeRel|ARM64.ActiveCfg = Debug|x64
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.MinSizeRel|ARM64.Build.0 = Debug|x64
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.MinSizeRel|x64.ActiveCfg = Debug|x64
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.MinSizeRel|x64.Build.0 = Debug|x64
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.MinSizeRel|x86.ActiveCfg = Debug|x64
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.MinSizeRel|x86.Build.0 = Debug|x64
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.Release|ARM.ActiveCfg = Release|x64
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.Release|ARM64.ActiveCfg = Release|x64
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.Release|x64.ActiveCfg = Release|x64
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.Release|x64.Build.0 = Release|x64
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.Release|x86.ActiveCfg = Release|x64
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.RelWithDebInfo|ARM.ActiveCfg = Debug|x64
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.RelWithDebInfo|ARM.Build.0 = Debug|x64
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.RelWithDebInfo|ARM64.ActiveCfg = Debug|x64
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.RelWithDebInfo|ARM64.Build.0 = Debug|x64
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.RelWithDebInfo|x64.ActiveCfg = Release|x64
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.RelWithDebInfo|x64.Build.0 = Release|x64
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.RelWithDebInfo|x86.ActiveCfg = Debug|x64
+		{6116AE11-5296-4DE9-8A8E-5380B789907E}.RelWithDebInfo|x86.Build.0 = Debug|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.Debug|ARM.ActiveCfg = Debug|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.Debug|ARM64.ActiveCfg = Debug|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.Debug|x64.ActiveCfg = Debug|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.Debug|x64.Build.0 = Debug|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.Debug|x86.ActiveCfg = Debug|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.MinSizeRel|ARM.ActiveCfg = Debug|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.MinSizeRel|ARM.Build.0 = Debug|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.MinSizeRel|ARM64.ActiveCfg = Debug|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.MinSizeRel|ARM64.Build.0 = Debug|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.MinSizeRel|x64.ActiveCfg = Debug|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.MinSizeRel|x64.Build.0 = Debug|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.MinSizeRel|x86.ActiveCfg = Debug|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.MinSizeRel|x86.Build.0 = Debug|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.Release|ARM.ActiveCfg = Release|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.Release|ARM64.ActiveCfg = Release|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.Release|x64.ActiveCfg = Release|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.Release|x64.Build.0 = Release|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.Release|x86.ActiveCfg = Release|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.RelWithDebInfo|ARM.ActiveCfg = Debug|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.RelWithDebInfo|ARM.Build.0 = Debug|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.RelWithDebInfo|ARM64.ActiveCfg = Debug|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.RelWithDebInfo|ARM64.Build.0 = Debug|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.RelWithDebInfo|x64.ActiveCfg = Release|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.RelWithDebInfo|x64.Build.0 = Release|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.RelWithDebInfo|x86.ActiveCfg = Debug|x64
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603}.RelWithDebInfo|x86.Build.0 = Debug|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.Debug|ARM.ActiveCfg = Debug|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.Debug|ARM64.ActiveCfg = Debug|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.Debug|x64.ActiveCfg = Debug|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.Debug|x64.Build.0 = Debug|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.Debug|x86.ActiveCfg = Debug|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.MinSizeRel|ARM.ActiveCfg = Debug|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.MinSizeRel|ARM.Build.0 = Debug|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.MinSizeRel|ARM64.ActiveCfg = Debug|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.MinSizeRel|ARM64.Build.0 = Debug|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.MinSizeRel|x64.ActiveCfg = Debug|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.MinSizeRel|x64.Build.0 = Debug|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.MinSizeRel|x86.ActiveCfg = Debug|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.MinSizeRel|x86.Build.0 = Debug|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.Release|ARM.ActiveCfg = Release|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.Release|ARM64.ActiveCfg = Release|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.Release|x64.ActiveCfg = Release|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.Release|x64.Build.0 = Release|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.Release|x86.ActiveCfg = Release|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.RelWithDebInfo|ARM.ActiveCfg = Debug|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.RelWithDebInfo|ARM.Build.0 = Debug|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.RelWithDebInfo|ARM64.ActiveCfg = Debug|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.RelWithDebInfo|ARM64.Build.0 = Debug|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.RelWithDebInfo|x64.ActiveCfg = Release|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.RelWithDebInfo|x64.Build.0 = Release|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.RelWithDebInfo|x86.ActiveCfg = Debug|x64
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0}.RelWithDebInfo|x86.Build.0 = Debug|x64
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -1469,6 +1558,10 @@ Global
 		{8DD6577A-CBBE-43FE-9FC3-E42CB013CC60} = {492C9B22-9237-4996-9E33-CA14D3533616}
 		{7629D5D0-5A80-4528-87ED-60FC83C5552B} = {B09749EC-3D14-414B-BA9B-CD20E218DC84}
 		{FE4FEA79-BFBB-4822-ABCB-0D3BEEA240A7} = {69CDB6A1-434D-4BC9-9BFF-D12DF7EDBB6B}
+		{E184CBC2-4B62-499F-8A4A-F15A5A182259} = {492C9B22-9237-4996-9E33-CA14D3533616}
+		{6116AE11-5296-4DE9-8A8E-5380B789907E} = {E184CBC2-4B62-499F-8A4A-F15A5A182259}
+		{A0A0D663-DCF7-4BB1-9DDB-7964C3C31603} = {E184CBC2-4B62-499F-8A4A-F15A5A182259}
+		{DCF12929-B975-4874-A80F-9EAF1CC5A5A0} = {E184CBC2-4B62-499F-8A4A-F15A5A182259}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {3D5F862D-74C6-4357-9F95-0B152E33B7B8}

diff --git a/external/ebpf-verifier b/external/ebpf-verifier
diff --git a/scripts/.check-license.ignore b/scripts/.check-license.ignore
@@ -2,6 +2,7 @@
 
 # File extensions that don't support embedding license info
 .*\.md$
+.*\.o$
 .*\.png$
 .*\.proj$
 .*\.rc$

diff --git a/tests/end_to_end/end_to_end.cpp b/tests/end_to_end/end_to_end.cpp
@@ -905,6 +905,26 @@ TEST_CASE("verify section", "[end_to_end]")
     ebpf_free_string(report);
 }
 
+void
+verify_bad_section(const char* path)
+{
+    _test_helper_end_to_end test_helper;
+    const char* error_message = nullptr;
+    const char* report = nullptr;
+    uint32_t result;
+    program_info_provider_t xdp_program_info(EBPF_PROGRAM_TYPE_XDP);
+    ebpf_api_verifier_stats_t stats;
+    result = ebpf_api_elf_verify_section_from_file(path, "xdp", false, &report, &error_message, &stats);
+    REQUIRE(result != 0);
+    REQUIRE(report == nullptr);
+    std::string expected_error_message = "error: No symbol section found in ELF file " + std::string(path);
+    REQUIRE(strcmp(error_message, expected_error_message.c_str()) == 0);
+    ebpf_free_string(report);
+    ebpf_free_string(error_message);
+}
+TEST_CASE("verify bad1.o", "[end_to_end][fuzzed]") { verify_bad_section(SAMPLE_PATH "bad\\bad1.o"); }
+TEST_CASE("verify bad2.o", "[end_to_end][fuzzed]") { verify_bad_section(SAMPLE_PATH "bad\\bad2.o"); }
+
 static void
 _cgroup_load_test(
     _In_z_ const char* file,

diff --git a/tests/libfuzzer/README.md b/tests/libfuzzer/README.md
@@ -0,0 +1,19 @@
+# libFuzzer based fuzzing tools
+
+## Overview
+[LibFuzzer](https://www.llvm.org/docs/LibFuzzer.html) is an in-process, coverage-guided, evolutionary fuzzing engine. It uses a set of starting data (the corpus)
+to generate new test cases, measures the code-coverage of the new test, and re-combines it form new test cases.
+
+## Usage
+1) Copy the libFuzzer binary and existing corpus to a test machine (currently only Windows 10 and Server 2019 are supported).
+2) Start the libFuzzer binary, pass the path to the corpus folder, and maximum time to run: ```execution_context_fuzzer.exe execution_context_fuzzer_corpus -use_value_profile=1 -max_total_time=1800```
+3) If the the fuzzer hits an issue, it will display the stack trace and create a file containing the input that triggered the crash.
+4) Copy any new test cases and check them into the repo.
+
+## Reproducing a crash
+When the fuzzer finds an input that triggers a crash it will create a file with a "crash-" prefix followed by the SHA1
+of the input that caused the crash. To reproduce the crash (for debugging), run the fuzzer again, passing the file
+name in place of the corpus folder.
+
+## Future
+Once funding is available, we should set up a OneFuzz cluster and have the CI/CD pipeline deploy to it.
diff --git a/tests/libfuzzer/bpf2c/bpf2c_fuzzer.vcxproj b/tests/libfuzzer/bpf2c/bpf2c_fuzzer.vcxproj
@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  Copyright (c) Microsoft Corporation
+  SPDX-License-Identifier: MIT
+-->
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>16.0</VCProjectVersion>
+    <Keyword>Win32Proj</Keyword>
+    <ProjectGuid>{a0a0d663-dcf7-4bb1-9ddb-7964c3c31603}</ProjectGuid>
+    <RootNamespace>fuzz2</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+    <ProjectName>bpf2c_fuzzer</ProjectName>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <EnableASAN>true</EnableASAN>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+    <EnableASAN>true</EnableASAN>
+    <SpectreMitigation>false</SpectreMitigation>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>$(SolutionDir)tests\libfuzzer\include;$(SolutionDir)include;$(SolutionDir)external\ebpf-verifier\external\ELFIO;$(SolutionDir)external\ubpf\vm;$(OutDir);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)tools\bpf2c;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalOptions>/fsanitize-coverage=inline-bool-flag /fsanitize-coverage=edge /fsanitize-coverage=trace-cmp /fsanitize-coverage=trace-div %(AdditionalOptions)</AdditionalOptions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <AdditionalDependencies>mincore.lib;;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>$(VCToolsInstallDir)lib\$(Platform)</AdditionalLibraryDirectories>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;NO_CATCH;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>$(SolutionDir)tests\libfuzzer\include;$(SolutionDir)include;$(SolutionDir)external\ebpf-verifier\external\ELFIO;$(SolutionDir)external\ubpf\vm;$(OutDir);$(SolutionDir)external\ebpf-verifier\src;$(SolutionDir)tools\bpf2c;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalOptions>/fsanitize-coverage=inline-bool-flag /fsanitize-coverage=edge /fsanitize-coverage=trace-cmp /fsanitize-coverage=trace-div %(AdditionalOptions)</AdditionalOptions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>mincore.lib;;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\..\tools\bpf2c\bpf_code_generator.cpp" />
+    <ClCompile Include="libfuzz_harness.cpp" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="..\..\..\tools\bpf2c\bpf_code_generator.h" />
+    <ClInclude Include="..\..\libs\thunk\mock\mock.h" />
+    <ClInclude Include="..\end_to_end\test_helper.hpp" />
+    <ClInclude Include="..\include\libfuzzer.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\..\..\external\ebpf-verifier\build\ebpfverifier.vcxproj">
+      <Project>{7d5b4e68-c0fa-3f86-9405-f6400219b440}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
+0 −14		.github/codecov.yml
+0 −8		.github/workflows/coverage.yml
+22 −3		src/asm_files.cpp
-Original file line number
+Diff line change
@@ Expand Up / @@ -2,6 +2,7 @@ @@
     # File extensions that don't support embedding license info
     .*\.md$
+    .*\.o$
     .*\.png$
     .*\.proj$
     .*\.rc$
@@ Expand Down @@