# Copyright 2021-2022 Andrey Semashev # Copyright 2024 Matt Borland # Distributed under the Boost Software License, Version 1.0. # (See accompanying file LICENSE_1_0.txt or copy at http://boost.org/LICENSE_1_0.txt) name: Fuzz on: pull_request: push: branches: - master - develop - feature/** env: GIT_FETCH_JOBS: 8 NET_RETRY_COUNT: 5 DEFAULT_BUILD_VARIANT: debug,release ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true jobs: posix: defaults: run: shell: bash strategy: fail-fast: false matrix: include: # Linux, clang # https://llvm.org/docs/LibFuzzer.html#fuzzer-usage - toolset: clang compiler: clang++-12 cxxstd: "03,11,14,17,20" os: ubuntu-22.04 install: - clang-12 - toolset: clang compiler: clang++-13 cxxstd: "03,11,14,17,20" os: ubuntu-22.04 install: - clang-13 - toolset: clang compiler: clang++-14 cxxstd: "03,11,14,17,20" os: ubuntu-22.04 install: - clang-14 - toolset: clang compiler: clang++-14 cxxstd: "03-gnu,11-gnu,14-gnu,17-gnu,20-gnu" os: ubuntu-22.04 install: - clang-14 - toolset: clang compiler: clang++-15 cxxstd: "03,11,14,17,20" os: ubuntu-22.04 install: - clang-15 sources: - "deb http://apt.llvm.org/jammy/ llvm-toolchain-jammy-15 main" source_keys: - "https://apt.llvm.org/llvm-snapshot.gpg.key" - toolset: clang compiler: clang++-16 cxxstd: "03,11,14,17,20" os: ubuntu-22.04 install: - clang-16 sources: - "deb http://apt.llvm.org/jammy/ llvm-toolchain-jammy-16 main" source_keys: - "https://apt.llvm.org/llvm-snapshot.gpg.key" - toolset: clang compiler: clang++-17 cxxstd: "03,11,14,17,20" os: ubuntu-22.04 install: - clang-17 sources: - "deb http://apt.llvm.org/jammy/ llvm-toolchain-jammy-17 main" source_keys: - "https://apt.llvm.org/llvm-snapshot.gpg.key" timeout-minutes: 60 runs-on: ${{matrix.os}} container: ${{matrix.container}} steps: - name: Setup environment run: | if [ -f "/etc/debian_version" ] then echo "DEBIAN_FRONTEND=noninteractive" >> $GITHUB_ENV export DEBIAN_FRONTEND=noninteractive fi if [ -n "${{matrix.container}}" ] then echo "GHA_CONTAINER=${{matrix.container}}" >> $GITHUB_ENV if [ -f "/etc/debian_version" ] then apt-get -o Acquire::Retries=$NET_RETRY_COUNT update if [ "$(apt-cache search "^python-is-python3$" | wc -l)" -ne 0 ] then PYTHON_PACKAGE="python-is-python3" else PYTHON_PACKAGE="python" fi apt-get -o Acquire::Retries=$NET_RETRY_COUNT install -y sudo software-properties-common tzdata wget curl apt-transport-https ca-certificates make build-essential g++ $PYTHON_PACKAGE python3 perl git cmake fi fi git config --global pack.threads 0 - uses: actions/checkout@v3 - name: Install packages if: matrix.install run: | declare -a SOURCE_KEYS SOURCES if [ -n "${{join(matrix.source_keys, ' ')}}" ] then SOURCE_KEYS=("${{join(matrix.source_keys, '" "')}}") fi if [ -n "${{join(matrix.sources, ' ')}}" ] then SOURCES=("${{join(matrix.sources, '" "')}}") fi for key in "${SOURCE_KEYS[@]}" do for i in {1..$NET_RETRY_COUNT} do echo "Adding key: $key" wget -O - "$key" | sudo apt-key add - && break || sleep 2 done done if [ ${#SOURCES[@]} -gt 0 ] then APT_ADD_REPO_COMMON_ARGS=("-y") APT_ADD_REPO_SUPPORTED_ARGS="$(apt-add-repository --help | perl -ne 'if (/^\s*-n/) { print "n"; } elsif (/^\s*-P/) { print "P"; } elsif (/^\s*-S/) { print "S"; } elsif (/^\s*-U/) { print "U"; }')" if [ -n "$APT_ADD_REPO_SUPPORTED_ARGS" -a -z "${APT_ADD_REPO_SUPPORTED_ARGS##*n*}" ] then APT_ADD_REPO_COMMON_ARGS+=("-n") fi APT_ADD_REPO_HAS_SOURCE_ARGS="$([ -n "$APT_ADD_REPO_SUPPORTED_ARGS" -a -z "${APT_ADD_REPO_SUPPORTED_ARGS##*P*}" -a -z "${APT_ADD_REPO_SUPPORTED_ARGS##*S*}" -a -z "${APT_ADD_REPO_SUPPORTED_ARGS##*U*}" ] && echo 1 || echo 0)" for source in "${SOURCES[@]}" do for i in {1..$NET_RETRY_COUNT} do APT_ADD_REPO_ARGS=("${APT_ADD_REPO_COMMON_ARGS[@]}") if [ $APT_ADD_REPO_HAS_SOURCE_ARGS -ne 0 ] then case "$source" in "ppa:"*) APT_ADD_REPO_ARGS+=("-P") ;; "deb "*) APT_ADD_REPO_ARGS+=("-S") ;; *) APT_ADD_REPO_ARGS+=("-U") ;; esac fi APT_ADD_REPO_ARGS+=("$source") echo "apt-add-repository ${APT_ADD_REPO_ARGS[@]}" sudo -E apt-add-repository "${APT_ADD_REPO_ARGS[@]}" && break || sleep 2 done done fi sudo apt-get -o Acquire::Retries=$NET_RETRY_COUNT update sudo apt-get -o Acquire::Retries=$NET_RETRY_COUNT install -y ${{join(matrix.install, ' ')}} locales sudo locale-gen de_DE.UTF-8 sudo update-locale - name: Setup GCC Toolchain if: matrix.gcc_toolchain run: | GCC_TOOLCHAIN_ROOT="$HOME/gcc-toolchain" echo "GCC_TOOLCHAIN_ROOT=\"$GCC_TOOLCHAIN_ROOT\"" >> $GITHUB_ENV MULTIARCH_TRIPLET="$(dpkg-architecture -qDEB_HOST_MULTIARCH)" mkdir -p "$GCC_TOOLCHAIN_ROOT" ln -s /usr/include "$GCC_TOOLCHAIN_ROOT/include" ln -s /usr/bin "$GCC_TOOLCHAIN_ROOT/bin" mkdir -p "$GCC_TOOLCHAIN_ROOT/lib/gcc/$MULTIARCH_TRIPLET" ln -s "/usr/lib/gcc/$MULTIARCH_TRIPLET/${{matrix.gcc_toolchain}}" "$GCC_TOOLCHAIN_ROOT/lib/gcc/$MULTIARCH_TRIPLET/${{matrix.gcc_toolchain}}" - name: Setup Boost run: | echo GITHUB_REPOSITORY: $GITHUB_REPOSITORY LIBRARY=${GITHUB_REPOSITORY#*/} echo LIBRARY: $LIBRARY echo "LIBRARY=$LIBRARY" >> $GITHUB_ENV echo GITHUB_BASE_REF: $GITHUB_BASE_REF echo GITHUB_REF: $GITHUB_REF REF=${GITHUB_BASE_REF:-$GITHUB_REF} REF=${REF#refs/heads/} echo REF: $REF BOOST_BRANCH=develop && [ "$REF" = "master" ] && BOOST_BRANCH=master || true echo BOOST_BRANCH: $BOOST_BRANCH BUILD_JOBS=$((nproc || sysctl -n hw.ncpu) 2> /dev/null) echo "BUILD_JOBS=$BUILD_JOBS" >> $GITHUB_ENV echo "CMAKE_BUILD_PARALLEL_LEVEL=$BUILD_JOBS" >> $GITHUB_ENV DEPINST_ARGS=() GIT_VERSION="$(git --version | sed -e 's/git version //')" GIT_HAS_JOBS=1 if [ -f "/etc/debian_version" ] then if $(dpkg --compare-versions "$GIT_VERSION" lt 2.8.0) then GIT_HAS_JOBS=0 fi else declare -a GIT_VER=(${GIT_VERSION//./ }) declare -a GIT_MIN_VER=(2 8 0) for ((i=0; i<${#GIT_VER[@]}; i++)) do if [ -z "${GIT_MIN_VER[i]}" ] then GIT_MIN_VER[i]=0 fi if [ "${GIT_VER[i]}" -lt "${GIT_MIN_VER[i]}" ] then GIT_HAS_JOBS=0 break fi done fi if [ "$GIT_HAS_JOBS" -ne 0 ] then DEPINST_ARGS+=("--git_args" "--jobs $GIT_FETCH_JOBS") fi cd .. git clone -b "$BOOST_BRANCH" --depth 1 "https://github.com/boostorg/boost.git" "boost-root" cd boost-root mkdir -p libs/$LIBRARY cp -r $GITHUB_WORKSPACE/* libs/$LIBRARY git submodule update --init tools/boostdep DEPINST_ARGS+=("$LIBRARY") python tools/boostdep/depinst/depinst.py "${DEPINST_ARGS[@]}" if [ -z "${{matrix.cmake_tests}}" ] then ./bootstrap.sh ./b2 headers if [ -n "${{matrix.compiler}}" -o -n "$GCC_TOOLCHAIN_ROOT" ] then echo -n "using ${{matrix.toolset}} : : ${{matrix.compiler}}" > ~/user-config.jam if [ -n "$GCC_TOOLCHAIN_ROOT" ] then echo -n " : \"--gcc-toolchain=$GCC_TOOLCHAIN_ROOT\" \"--gcc-toolchain=$GCC_TOOLCHAIN_ROOT\"" >> ~/user-config.jam fi echo " ;" >> ~/user-config.jam fi fi - name: Run tests if: matrix.cmake_tests == '' run: | cd ../boost-root/libs/$LIBRARY/fuzzing B2_ARGS=("-j" "$BUILD_JOBS" "toolset=${{matrix.toolset}}" "cxxstd=${{matrix.cxxstd}}" "link=static,shared") if [ -n "${{matrix.build_variant}}" ] then B2_ARGS+=("variant=${{matrix.build_variant}}") else B2_ARGS+=("variant=$DEFAULT_BUILD_VARIANT") fi if [ -n "${{matrix.threading}}" ] then B2_ARGS+=("threading=${{matrix.threading}}") fi if [ -n "${{matrix.ubsan}}" ] then export UBSAN_OPTIONS="print_stacktrace=1" B2_ARGS+=("cxxflags=-fsanitize=undefined -fno-sanitize-recover=undefined" "linkflags=-fsanitize=undefined -fuse-ld=gold" "define=UBSAN=1" "debug-symbols=on" "visibility=global") fi if [ -n "${{matrix.cxxflags}}" ] then B2_ARGS+=("cxxflags=${{matrix.cxxflags}}") fi if [ -n "${{matrix.linkflags}}" ] then B2_ARGS+=("linkflags=${{matrix.linkflags}}") fi if [ -n "${{matrix.address_model}}" ] then B2_ARGS+=("address-model=${{matrix.address_model}}") fi ../../../b2 "${B2_ARGS[@]}"