From faff3991a9be0ea7be31685fb46d94c212c5da34 Mon Sep 17 00:00:00 2001
From: MarcoFalke <falke.marco@gmail.com>
Date: Tue, 26 Jan 2021 10:44:32 +0100
Subject: [PATCH] ci: Fuzz with integer sanitizer

---
 .cirrus.yml                         |  2 +-
 Makefile.am                         |  3 +++
 ci/test/00_setup_env_native_fuzz.sh |  2 +-
 test/fuzz/test_runner.py            | 21 +++++++++++++--------
 test/sanitizer_suppressions/ubsan   |  1 +
 5 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/.cirrus.yml b/.cirrus.yml
index b915cfabc7b..801164c3682 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -136,7 +136,7 @@ task:
     FILE_ENV: "./ci/test/00_setup_env_native_asan.sh"
 
 task:
-  name: '[no depends, sanitizers: fuzzer,address,undefined] [focal]'
+  name: '[no depends, sanitizers: fuzzer,address,undefined,integer] [focal]'
   << : *GLOBAL_TASK_TEMPLATE
   container:
     image: ubuntu:focal
diff --git a/Makefile.am b/Makefile.am
index 7c4b971ea37..f6b824faaa6 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -46,6 +46,9 @@ OSX_INSTALLER_ICONS=$(top_srcdir)/src/qt/res/icons/bitcoin.icns
 OSX_PLIST=$(top_builddir)/share/qt/Info.plist #not installed
 
 DIST_CONTRIB = \
+	       $(top_srcdir)/test/sanitizer_suppressions/lsan \
+	       $(top_srcdir)/test/sanitizer_suppressions/tsan \
+	       $(top_srcdir)/test/sanitizer_suppressions/ubsan \
 	       $(top_srcdir)/contrib/linearize/linearize-data.py \
 	       $(top_srcdir)/contrib/linearize/linearize-hashes.py
 
diff --git a/ci/test/00_setup_env_native_fuzz.sh b/ci/test/00_setup_env_native_fuzz.sh
index a32de4a6b52..b7157c608d9 100644
--- a/ci/test/00_setup_env_native_fuzz.sh
+++ b/ci/test/00_setup_env_native_fuzz.sh
@@ -14,5 +14,5 @@ export RUN_UNIT_TESTS=false
 export RUN_FUNCTIONAL_TESTS=false
 export RUN_FUZZ_TESTS=true
 export GOAL="install"
-export BITCOIN_CONFIG="--enable-fuzz --with-sanitizers=fuzzer,address,undefined CC=clang CXX=clang++ --with-boost-process"
+export BITCOIN_CONFIG="--enable-fuzz --with-sanitizers=fuzzer,address,undefined,integer CC=clang CXX=clang++ --with-boost-process"
 export CCACHE_SIZE=200M
diff --git a/test/fuzz/test_runner.py b/test/fuzz/test_runner.py
index ab766b4a45b..aa0aa11d150 100755
--- a/test/fuzz/test_runner.py
+++ b/test/fuzz/test_runner.py
@@ -14,9 +14,11 @@ import subprocess
 import sys
 
 
-def get_fuzz_env(*, target):
+def get_fuzz_env(*, target, source_dir):
     return {
         'FUZZ': target,
+        'UBSAN_OPTIONS':
+        f'suppressions={source_dir}/test/sanitizer_suppressions/ubsan:print_stacktrace=1:halt_on_error=1:report_error_type=1',
         'ASAN_OPTIONS':  # symbolizer disabled due to https://github.com/google/sanitizers/issues/1364#issuecomment-761072085
         'symbolize=0:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1',
     }
@@ -137,7 +139,7 @@ def main():
                 os.path.join(config["environment"]["BUILDDIR"], 'src', 'test', 'fuzz', 'fuzz'),
                 '-help=1',
             ],
-            env=get_fuzz_env(target=test_list_selection[0]),
+            env=get_fuzz_env(target=test_list_selection[0], source_dir=config['environment']['SRCDIR']),
             timeout=20,
             check=True,
             stderr=subprocess.PIPE,
@@ -154,6 +156,7 @@ def main():
         if args.generate:
             return generate_corpus_seeds(
                 fuzz_pool=fuzz_pool,
+                src_dir=config['environment']['SRCDIR'],
                 build_dir=config["environment"]["BUILDDIR"],
                 seed_dir=args.seed_dir,
                 targets=test_list_selection,
@@ -164,6 +167,7 @@ def main():
                 fuzz_pool=fuzz_pool,
                 corpus=args.seed_dir,
                 test_list=test_list_selection,
+                src_dir=config['environment']['SRCDIR'],
                 build_dir=config["environment"]["BUILDDIR"],
                 merge_dir=args.m_dir,
             )
@@ -173,12 +177,13 @@ def main():
             fuzz_pool=fuzz_pool,
             corpus=args.seed_dir,
             test_list=test_list_selection,
+            src_dir=config['environment']['SRCDIR'],
             build_dir=config["environment"]["BUILDDIR"],
             use_valgrind=args.valgrind,
         )
 
 
-def generate_corpus_seeds(*, fuzz_pool, build_dir, seed_dir, targets):
+def generate_corpus_seeds(*, fuzz_pool, src_dir, build_dir, seed_dir, targets):
     """Generates new corpus seeds.
 
     Run {targets} without input, and outputs the generated corpus seeds to
@@ -192,7 +197,7 @@ def generate_corpus_seeds(*, fuzz_pool, build_dir, seed_dir, targets):
             ' '.join(command),
             subprocess.run(
                 command,
-                env=get_fuzz_env(target=t),
+                env=get_fuzz_env(target=t, source_dir=src_dir),
                 check=True,
                 stderr=subprocess.PIPE,
                 universal_newlines=True,
@@ -213,7 +218,7 @@ def generate_corpus_seeds(*, fuzz_pool, build_dir, seed_dir, targets):
         future.result()
 
 
-def merge_inputs(*, fuzz_pool, corpus, test_list, build_dir, merge_dir):
+def merge_inputs(*, fuzz_pool, corpus, test_list, src_dir, build_dir, merge_dir):
     logging.info("Merge the inputs from the passed dir into the seed_dir. Passed dir {}".format(merge_dir))
     jobs = []
     for t in test_list:
@@ -231,7 +236,7 @@ def merge_inputs(*, fuzz_pool, corpus, test_list, build_dir, merge_dir):
             output = 'Run {} with args {}\n'.format(t, " ".join(args))
             output += subprocess.run(
                 args,
-                env=get_fuzz_env(target=t),
+                env=get_fuzz_env(target=t, source_dir=src_dir),
                 check=True,
                 stderr=subprocess.PIPE,
                 universal_newlines=True,
@@ -244,7 +249,7 @@ def merge_inputs(*, fuzz_pool, corpus, test_list, build_dir, merge_dir):
         future.result()
 
 
-def run_once(*, fuzz_pool, corpus, test_list, build_dir, use_valgrind):
+def run_once(*, fuzz_pool, corpus, test_list, src_dir, build_dir, use_valgrind):
     jobs = []
     for t in test_list:
         corpus_path = os.path.join(corpus, t)
@@ -261,7 +266,7 @@ def run_once(*, fuzz_pool, corpus, test_list, build_dir, use_valgrind):
             output = 'Run {} with args {}'.format(t, args)
             result = subprocess.run(
                 args,
-                env=get_fuzz_env(target=t),
+                env=get_fuzz_env(target=t, source_dir=src_dir),
                 stderr=subprocess.PIPE,
                 universal_newlines=True,
             )
diff --git a/test/sanitizer_suppressions/ubsan b/test/sanitizer_suppressions/ubsan
index 18f1de09262..97f0f45e7f8 100644
--- a/test/sanitizer_suppressions/ubsan
+++ b/test/sanitizer_suppressions/ubsan
@@ -87,6 +87,7 @@ implicit-signed-integer-truncation:streams.h
 implicit-signed-integer-truncation:test/arith_uint256_tests.cpp
 implicit-signed-integer-truncation:test/skiplist_tests.cpp
 implicit-signed-integer-truncation:torcontrol.cpp
+implicit-unsigned-integer-truncation:*/include/c++/
 implicit-unsigned-integer-truncation:crypto/
 implicit-unsigned-integer-truncation:leveldb/
 # std::variant warning fixed in https://github.com/gcc-mirror/gcc/commit/074436cf8cdd2a9ce75cadd36deb8301f00e55b9