4ddf8e0f48
Coverage-guided structural search for crashes and undefined behaviour on arbitrary input to our two parsers. What's wired: - -DSECSGEM_FUZZ=ON CMake option, clang-only. Adds -fsanitize=fuzzer-no-link,address,undefined to all targets + -fsanitize=fuzzer to the two fuzz executables. - apps/fuzz_secs2_decode.cpp — feeds raw bytes to secs2::decode. Catches secs2::CodecError (expected) but traps on anything else leaking (would be a hardening bug). - apps/fuzz_sml_parse.cpp — feeds string to try_parse_sml, which is contractually nothrow-equivalent; traps on any exception. - .gitea/workflows/ci.yml — `libfuzzer` job builds with clang and runs each fuzzer for 60s in CI. Any crash / ASan / UBSan flag fails the job. - Dockerfile gains clang + libclang-rt-18-dev so devs can run locally with the same toolchain. Result on a fresh 30-second local run: fuzz_secs2_decode: 70 727 random inputs, 0 crashes fuzz_sml_parse: 284 950 random inputs, 0 crashes The coverage-guided search found and synthesized inputs that exercise: zero-byte, single-byte format tags, all length-byte counts (1/2/3), nested lists, format bytes with reserved bits, the "BOOLEAN" SML token, malformed quoted strings, etc. libFuzzer's recommended dictionary at the end of each run shows what bytes / substrings the coverage feedback discovered as discriminating — useful signals if we ever want a hand-curated corpus. README proof table grows to 8 commands. After this: - 426 unit tests (internal) - 47 conformance harness checks (internal) - 24 secsgem-py interop checks (external — Python ref impl) - 20 secs4j interop checks (external — independent Java impl) - 69 frames dissected by Wireshark HSMS dissector (external) - 196 SEMI E5 KAT assertions (standards body's encoding rules) - **~70k + ~285k random inputs, 0 crashes (external)** - 100k random tool ops with all invariants holding (internal) - YAML validation (internal) - TSan clean on 2 557 assertions (internal correctness aid) Five distinct external proofs now, each covering a different angle. Plan: VERIFICATION.md §4. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
188 lines
5.8 KiB
YAML
188 lines
5.8 KiB
YAML
name: tests
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
|
|
jobs:
|
|
build-and-test:
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: ubuntu:24.04
|
|
steps:
|
|
# actions/checkout@v4 is a Node-based action; the bare ubuntu:24.04
|
|
# runner image has no node, so checkout fails with
|
|
# `exitcode '127': command not found`. Install node + git BEFORE
|
|
# checkout, then install the rest of the toolchain after.
|
|
- name: Bootstrap (node + git for actions/checkout)
|
|
run: |
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
apt-get update
|
|
apt-get install -y --no-install-recommends \
|
|
git \
|
|
ca-certificates \
|
|
nodejs
|
|
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Install C++ toolchain
|
|
run: |
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
apt-get install -y --no-install-recommends \
|
|
build-essential \
|
|
cmake \
|
|
ninja-build \
|
|
libasio-dev \
|
|
libyaml-cpp-dev \
|
|
python3 \
|
|
python3-yaml
|
|
|
|
- name: Configure (Release)
|
|
run: cmake -S . -B build -G Ninja -DCMAKE_BUILD_TYPE=Release
|
|
|
|
- name: Build (Release)
|
|
run: cmake --build build
|
|
|
|
- name: Unit tests (Release)
|
|
run: build/secsgem_tests
|
|
|
|
thread-sanitizer:
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: ubuntu:24.04
|
|
steps:
|
|
- name: Bootstrap (node + git for actions/checkout)
|
|
run: |
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
apt-get update
|
|
apt-get install -y --no-install-recommends \
|
|
git ca-certificates nodejs
|
|
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Install C++ toolchain
|
|
run: |
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
apt-get install -y --no-install-recommends \
|
|
build-essential cmake ninja-build \
|
|
libasio-dev libyaml-cpp-dev \
|
|
python3 python3-yaml
|
|
|
|
# Debug + -fsanitize=thread. Catches data races in the
|
|
# io_context strand contract documented in INTEGRATION.md §3.
|
|
# halt_on_error=1 makes TSan-flagged races fail the job, not
|
|
# just print a warning.
|
|
- name: Configure (TSan)
|
|
run: cmake -S . -B build-tsan -G Ninja
|
|
-DCMAKE_BUILD_TYPE=Debug
|
|
-DSECSGEM_TSAN=ON
|
|
|
|
- name: Build (TSan)
|
|
run: cmake --build build-tsan
|
|
|
|
- name: Unit tests (TSan)
|
|
env:
|
|
TSAN_OPTIONS: halt_on_error=1
|
|
run: build-tsan/secsgem_tests
|
|
|
|
tshark-dissector:
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: ubuntu:24.04
|
|
steps:
|
|
- name: Bootstrap (node + git for actions/checkout)
|
|
run: |
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
apt-get update
|
|
apt-get install -y --no-install-recommends \
|
|
git ca-certificates nodejs
|
|
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Install C++ toolchain + tshark
|
|
run: |
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
apt-get install -y --no-install-recommends \
|
|
build-essential cmake ninja-build \
|
|
libasio-dev libyaml-cpp-dev \
|
|
python3 python3-yaml \
|
|
tshark tcpdump
|
|
|
|
- name: Build
|
|
run: |
|
|
cmake -S . -B build -G Ninja -DCMAKE_BUILD_TYPE=Release
|
|
cmake --build build
|
|
|
|
# Capture pcap of the demo flow, dissect with Wireshark's HSMS
|
|
# dissector (independent third codec), assert no malformed
|
|
# packets and that every expected control + data frame parses.
|
|
- name: tshark HSMS dissector validation
|
|
run: bash interop/tshark_validate.sh
|
|
env:
|
|
PORT: "5099"
|
|
|
|
secs4j-interop:
|
|
runs-on: ubuntu-latest
|
|
# secs4j-interop builds its own docker image (with JDK) and starts
|
|
# secs_server via docker compose; needs the docker socket.
|
|
steps:
|
|
- name: Bootstrap (node + git)
|
|
run: |
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
apt-get update
|
|
apt-get install -y --no-install-recommends \
|
|
git ca-certificates nodejs docker.io docker-compose-plugin
|
|
|
|
- uses: actions/checkout@v4
|
|
|
|
# Cross-validate against secs4java8 (Apache 2.0, kenta-shimizu) —
|
|
# an independent SECS implementation in Java. 20 checks
|
|
# covering S1/S2/S3/S5/S14/S16 with full-body GEM 300 shapes
|
|
# that secsgem-py couldn't easily drive.
|
|
- name: secs4j cross-validation
|
|
run: bash interop/secs4j_validate.sh
|
|
|
|
libfuzzer:
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: ubuntu:24.04
|
|
steps:
|
|
- name: Bootstrap (node + git)
|
|
run: |
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
apt-get update
|
|
apt-get install -y --no-install-recommends \
|
|
git ca-certificates nodejs
|
|
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Install clang + libFuzzer runtime
|
|
run: |
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
apt-get install -y --no-install-recommends \
|
|
cmake ninja-build \
|
|
libasio-dev libyaml-cpp-dev \
|
|
python3 python3-yaml \
|
|
clang libclang-rt-18-dev
|
|
|
|
- name: Configure (fuzz)
|
|
env:
|
|
CC: clang
|
|
CXX: clang++
|
|
run: cmake -S . -B build-fuzz -G Ninja
|
|
-DCMAKE_BUILD_TYPE=Debug
|
|
-DSECSGEM_FUZZ=ON
|
|
|
|
- name: Build fuzz targets
|
|
run: cmake --build build-fuzz --target fuzz_secs2_decode fuzz_sml_parse
|
|
|
|
# 60 seconds each — long enough for libFuzzer to explore the
|
|
# decoder/parser without ballooning CI time. Any crash, ASan
|
|
# report, or UBSan flag fails the job.
|
|
- name: Fuzz secs2::decode
|
|
run: build-fuzz/fuzz_secs2_decode -max_total_time=60 -max_len=4096
|
|
|
|
- name: Fuzz secs2::try_parse_sml
|
|
run: build-fuzz/fuzz_sml_parse -max_total_time=60 -max_len=4096
|