From 7594a270f7a975f53d44af94f7510bf27b19ee5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beat=20K=C3=BCng?= Date: Tue, 17 Jun 2025 13:53:52 +0200 Subject: [PATCH] tests: remove previous fuzz testing We now use https://github.com/google/fuzztest (see previous commits). And the test was also failing to build (https://github.com/PX4/PX4-Autopilot/actions/workflows/cflite_batch.yml) This reverts these commits: - 9eda5b373c1f16ffec585a0e27d55682d5726c0e - 2cbc99397681ad9b67f69703c5dd65eaea26c154 - be0a5b4b3272fac13716436c06ff435d157965b4 --- .clusterfuzzlite/Dockerfile | 7 - .clusterfuzzlite/build.sh | 4 - .clusterfuzzlite/project.yaml | 1 - .github/workflows/cflite_batch.yml | 34 ---- Makefile | 5 - boards/px4/sitl/sitl.cmake | 2 - cmake/px4_add_common_flags.cmake | 2 +- cmake/sanitizers.cmake | 17 -- platforms/posix/CMakeLists.txt | 22 +-- .../posix/src/px4/common/main_fuzztesting.cpp | 158 ------------------ 10 files changed, 6 insertions(+), 246 deletions(-) delete mode 100644 .clusterfuzzlite/Dockerfile delete mode 100644 .clusterfuzzlite/build.sh delete mode 100644 .clusterfuzzlite/project.yaml delete mode 100644 .github/workflows/cflite_batch.yml delete mode 100644 platforms/posix/src/px4/common/main_fuzztesting.cpp diff --git a/.clusterfuzzlite/Dockerfile b/.clusterfuzzlite/Dockerfile deleted file mode 100644 index 181031c695..0000000000 --- a/.clusterfuzzlite/Dockerfile +++ /dev/null @@ -1,7 +0,0 @@ -FROM gcr.io/oss-fuzz-base/base-builder:v1 -COPY . $SRC/PX4-Autopilot -RUN apt-get install -y libjpeg8-dev zlib1g-dev -RUN pip3 install --upgrade pip -RUN python3 -m pip install -r $SRC/PX4-Autopilot/Tools/setup/requirements.txt -WORKDIR $SRC/PX4-Autopilot -COPY ./.clusterfuzzlite/build.sh $SRC/ diff --git a/.clusterfuzzlite/build.sh b/.clusterfuzzlite/build.sh deleted file mode 100644 index ac0892c59f..0000000000 --- a/.clusterfuzzlite/build.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/env bash -eu - -PX4_FUZZ=1 make px4_sitl -cp build/px4_sitl_default/bin/px4 $OUT/px4 diff --git a/.clusterfuzzlite/project.yaml b/.clusterfuzzlite/project.yaml deleted file mode 100644 index b4788012b1..0000000000 --- a/.clusterfuzzlite/project.yaml +++ /dev/null @@ -1 +0,0 @@ -language: c++ diff --git a/.github/workflows/cflite_batch.yml b/.github/workflows/cflite_batch.yml deleted file mode 100644 index d1321cc6b7..0000000000 --- a/.github/workflows/cflite_batch.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: ClusterFuzzLite batch fuzzing -on: - schedule: - - cron: '0 6 * * *' # UTC 6am every day. -permissions: read-all -jobs: - BatchFuzzing: - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - sanitizer: - - address - - undefined - - memory - steps: - - name: Build Fuzzers (${{ matrix.sanitizer }}) - id: build - uses: google/clusterfuzzlite/actions/build_fuzzers@v1 - with: - sanitizer: ${{ matrix.sanitizer }} - - name: Run Fuzzers (${{ matrix.sanitizer }}) - id: run - uses: google/clusterfuzzlite/actions/run_fuzzers@v1 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - fuzz-seconds: 1800 # 30 mins - mode: 'batch' - sanitizer: ${{ matrix.sanitizer }} - # Optional but recommended: For storing certain artifacts from fuzzing. - # See later section on "Git repo for storage". - # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git - # storage-repo-branch: main # Optional. Defaults to "main" - # storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages". diff --git a/Makefile b/Makefile index fef748948d..22e08e039e 100644 --- a/Makefile +++ b/Makefile @@ -160,11 +160,6 @@ else override CMAKE_ARGS += -DCMAKE_BUILD_TYPE=UndefinedBehaviorSanitizer endif - # Fuzz Testing - ifdef PX4_FUZZ - override CMAKE_ARGS += -DCMAKE_BUILD_TYPE=FuzzTesting - endif - endif # Pick up specific Python path if set diff --git a/boards/px4/sitl/sitl.cmake b/boards/px4/sitl/sitl.cmake index a6b3823e92..23bdbef03a 100644 --- a/boards/px4/sitl/sitl.cmake +++ b/boards/px4/sitl/sitl.cmake @@ -8,8 +8,6 @@ if(REPLAY_FILE) message(STATUS "Building without lockstep for replay") set(ENABLE_LOCKSTEP_SCHEDULER no) -elseif(CMAKE_BUILD_TYPE STREQUAL FuzzTesting) - set(ENABLE_LOCKSTEP_SCHEDULER no) else() set(ENABLE_LOCKSTEP_SCHEDULER yes) endif() diff --git a/cmake/px4_add_common_flags.cmake b/cmake/px4_add_common_flags.cmake index ff3842053b..e79a100157 100644 --- a/cmake/px4_add_common_flags.cmake +++ b/cmake/px4_add_common_flags.cmake @@ -162,7 +162,7 @@ function(px4_add_common_flags) -Wno-overloaded-virtual # TODO: fix and remove ) - if((NOT CMAKE_BUILD_TYPE STREQUAL FuzzTesting) AND (NOT PX4_CONFIG MATCHES "px4_sitl")) + if((NOT BUILD_TESTING) AND (NOT PX4_CONFIG MATCHES "px4_sitl")) list(APPEND cxx_flags -fno-rtti ) diff --git a/cmake/sanitizers.cmake b/cmake/sanitizers.cmake index 612af9f8bd..e111d9323c 100644 --- a/cmake/sanitizers.cmake +++ b/cmake/sanitizers.cmake @@ -131,23 +131,6 @@ elseif (CMAKE_BUILD_TYPE STREQUAL UndefinedBehaviorSanitizer) set_tests_properties(${test_name} PROPERTIES FAIL_REGULAR_EXPRESSION "runtime error:") endfunction(sanitizer_fail_test_on_error) -elseif (CMAKE_BUILD_TYPE STREQUAL FuzzTesting) - message(STATUS "FuzzTesting enabled") - - add_compile_options( - -g3 - -fsanitize=fuzzer - -DFUZZTESTING - ) - - set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=fuzzer $ENV{LIB_FUZZING_ENGINE}" CACHE INTERNAL "" FORCE) - set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -fsanitize=fuzzer $ENV{LIB_FUZZING_ENGINE}" CACHE INTERNAL "" FORCE) - set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -fsanitize=fuzzer $ENV{LIB_FUZZING_ENGINE}" CACHE INTERNAL "" FORCE) - - - function(sanitizer_fail_test_on_error test_name) - # Not sure what to do here - endfunction(sanitizer_fail_test_on_error) else() function(sanitizer_fail_test_on_error test_name) diff --git a/platforms/posix/CMakeLists.txt b/platforms/posix/CMakeLists.txt index 6cd87f6240..71c546b9ec 100644 --- a/platforms/posix/CMakeLists.txt +++ b/platforms/posix/CMakeLists.txt @@ -21,19 +21,12 @@ px4_posix_generate_alias( PREFIX ${PX4_SHELL_COMMAND_PREFIX} ) -if (CMAKE_BUILD_TYPE STREQUAL FuzzTesting) - add_executable(px4 - src/px4/common/main_fuzztesting.cpp - apps.cpp - ) -else() - add_definitions(-DPX4_SOURCE_DIR="${PX4_SOURCE_DIR}" -DPX4_BINARY_DIR="${PX4_BINARY_DIR}") +add_definitions(-DPX4_SOURCE_DIR="${PX4_SOURCE_DIR}" -DPX4_BINARY_DIR="${PX4_BINARY_DIR}") - add_executable(px4 - src/px4/common/main.cpp - apps.cpp - ) -endif() +add_executable(px4 + src/px4/common/main.cpp + apps.cpp + ) if (BUILD_TESTING) # Build mavlink fuzz tests. These run other modules and thus cannot be a functional/unit test @@ -83,11 +76,6 @@ endif() target_link_libraries(px4 PRIVATE uORB) -if (CMAKE_BUILD_TYPE STREQUAL FuzzTesting) - target_include_directories(px4 PRIVATE SYSTEM "${CMAKE_BINARY_DIR}/mavlink}") - target_compile_options(px4 PRIVATE "-Wno-cast-align") -endif() - #============================================================================= # install # diff --git a/platforms/posix/src/px4/common/main_fuzztesting.cpp b/platforms/posix/src/px4/common/main_fuzztesting.cpp deleted file mode 100644 index 2a8588a093..0000000000 --- a/platforms/posix/src/px4/common/main_fuzztesting.cpp +++ /dev/null @@ -1,158 +0,0 @@ -/**************************************************************************** - * - * Copyright (C) 2022 PX4 Development Team. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * 3. Neither the name PX4 nor the names of its contributors may be - * used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN - * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - * - ****************************************************************************/ - -/** - * This is an alternative main entrypoint for fuzz testing. - */ - -#include - -#include "px4_platform_common/init.h" -#include "px4_platform_common/posix.h" -#include "apps.h" -#include "px4_daemon/client.h" -#include "px4_daemon/server.h" -#include "px4_daemon/pxh.h" - -#include -#include -#include "common/mavlink.h" - -#define MODULE_NAME "px4" - -#ifndef PATH_MAX -#define PATH_MAX 1024 -#endif - - -namespace px4 -{ -void init_once(); -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, const size_t size); -void initialize_fake_px4_once(); -void send_mavlink(const uint8_t *data, const size_t size); - - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, const size_t size) -{ - initialize_fake_px4_once(); - - send_mavlink(data, size); - - return 0; -} - -void initialize_fake_px4_once() -{ - static bool first_time = true; - - if (!first_time) { - return; - } - - first_time = false; - - px4::init_once(); - px4::init(0, nullptr, "px4"); - - px4_daemon::Pxh pxh; - pxh.process_line("uorb start", true); - pxh.process_line("param load", true); - pxh.process_line("dataman start", true); - pxh.process_line("load_mon start", true); - pxh.process_line("battery_simulator start", true); - pxh.process_line("tone_alarm start", true); - pxh.process_line("rc_update start", true); - pxh.process_line("sensors start", true); - pxh.process_line("commander start", true); - pxh.process_line("navigator start", true); - pxh.process_line("ekf2 start", true); - pxh.process_line("mc_att_control start", true); - pxh.process_line("mc_pos_control start", true); - pxh.process_line("land_detector start multicopter", true); - pxh.process_line("logger start", true); - pxh.process_line("mavlink start -x -o 14540 -r 4000000", true); - pxh.process_line("mavlink boot_complete", true); -} - -void send_mavlink(const uint8_t *data, const size_t size) -{ - int socket_fd = socket(AF_INET, SOCK_DGRAM, 0); - - if (socket_fd < 0) { - PX4_ERR("socket error: %s", strerror(errno)); - return; - } - - struct sockaddr_in addr {}; - - addr.sin_family = AF_INET; - - inet_pton(AF_INET, "0.0.0.0", &(addr.sin_addr)); - - addr.sin_port = htons(14540); - - if (bind(socket_fd, reinterpret_cast(&addr), sizeof(addr)) != 0) { - PX4_ERR("bind error: %s", strerror(errno)); - close(socket_fd); - return; - } - - mavlink_message_t message {}; - uint8_t buffer[MAVLINK_MAX_PACKET_LEN] {}; - - for (size_t i = 0; i < size; i += sizeof(message)) { - - const size_t copy_len = std::min(sizeof(message), size - i); - //printf("copy_len: %zu, %zu (%zu)\n", i, copy_len, size); - memcpy(reinterpret_cast(&message), data + i, copy_len); - - const ssize_t buffer_len = mavlink_msg_to_send_buffer(buffer, &message); - - struct sockaddr_in dest_addr {}; - dest_addr.sin_family = AF_INET; - - inet_pton(AF_INET, "127.0.0.1", &dest_addr.sin_addr.s_addr); - dest_addr.sin_port = htons(14556); - - if (sendto(socket_fd, buffer, buffer_len, 0, reinterpret_cast(&dest_addr), - sizeof(dest_addr)) != buffer_len) { - PX4_ERR("sendto error: %s", strerror(errno)); - } - } - - - close(socket_fd); -}