From 2cbc99397681ad9b67f69703c5dd65eaea26c154 Mon Sep 17 00:00:00 2001
From: Julian Oes <julian@oes.ch>
Date: Mon, 20 Dec 2021 12:16:51 +0100
Subject: [PATCH] Add clusterfuzzlite to fuzz in CI

---
 .clusterfuzzlite/Dockerfile      |  7 ++++++
 .clusterfuzzlite/build.sh        |  4 +++
 .clusterfuzzlite/project.yaml    |  1 +
 .github/workflows/cflite_pr.yml  | 43 ++++++++++++++++++++++++++++++++
 Makefile                         |  2 --
 cmake/px4_add_common_flags.cmake |  8 +++++-
 cmake/sanitizers.cmake           |  9 ++++---
 7 files changed, 67 insertions(+), 7 deletions(-)
 create mode 100644 .clusterfuzzlite/Dockerfile
 create mode 100644 .clusterfuzzlite/build.sh
 create mode 100644 .clusterfuzzlite/project.yaml
 create mode 100644 .github/workflows/cflite_pr.yml

diff --git a/.clusterfuzzlite/Dockerfile b/.clusterfuzzlite/Dockerfile
new file mode 100644
index 0000000000..181031c695
--- /dev/null
+++ b/.clusterfuzzlite/Dockerfile
@@ -0,0 +1,7 @@
+FROM gcr.io/oss-fuzz-base/base-builder:v1
+COPY . $SRC/PX4-Autopilot
+RUN apt-get install -y libjpeg8-dev zlib1g-dev
+RUN pip3 install --upgrade pip
+RUN python3 -m pip install -r $SRC/PX4-Autopilot/Tools/setup/requirements.txt
+WORKDIR $SRC/PX4-Autopilot
+COPY ./.clusterfuzzlite/build.sh $SRC/
diff --git a/.clusterfuzzlite/build.sh b/.clusterfuzzlite/build.sh
new file mode 100644
index 0000000000..ac0892c59f
--- /dev/null
+++ b/.clusterfuzzlite/build.sh
@@ -0,0 +1,4 @@
+#!/usr/bin/env bash -eu
+
+PX4_FUZZ=1 make px4_sitl
+cp build/px4_sitl_default/bin/px4 $OUT/px4
diff --git a/.clusterfuzzlite/project.yaml b/.clusterfuzzlite/project.yaml
new file mode 100644
index 0000000000..b4788012b1
--- /dev/null
+++ b/.clusterfuzzlite/project.yaml
@@ -0,0 +1 @@
+language: c++
diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml
new file mode 100644
index 0000000000..6dfe4ae540
--- /dev/null
+++ b/.github/workflows/cflite_pr.yml
@@ -0,0 +1,43 @@
+name: ClusterFuzzLite PR fuzzing
+on:
+  pull_request:
+    paths:
+      - '**'
+permissions: read-all
+jobs:
+  PR:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        sanitizer:
+        - address
+        - undefined
+        - memory
+    steps:
+    - name: Build Fuzzers (${{ matrix.sanitizer }})
+      id: build
+      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+      with:
+        sanitizer: ${{ matrix.sanitizer }}
+        # Optional but recommended: used to only run fuzzers that are affected
+        # by the PR.
+        # See later section on "Git repo for storage".
+        # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git
+        # storage-repo-branch: main   # Optional. Defaults to "main"
+        # storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+    - name: Run Fuzzers (${{ matrix.sanitizer }})
+      id: run
+      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        fuzz-seconds: 600
+        mode: 'code-change'
+        sanitizer: ${{ matrix.sanitizer }}
+        # Optional but recommended: used to download the corpus produced by
+        # batch fuzzing.
+        # See later section on "Git repo for storage".
+        # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git
+        # storage-repo-branch: main   # Optional. Defaults to "main"
+        # storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+
diff --git a/Makefile b/Makefile
index 075d153880..7f43b46b68 100644
--- a/Makefile
+++ b/Makefile
@@ -160,8 +160,6 @@ else
 
 	# Fuzz Testing
 	ifdef PX4_FUZZ
-		export CC=clang
-		export CXX=clang++
 		CMAKE_ARGS += -DCMAKE_BUILD_TYPE=FuzzTesting
 	endif
 
diff --git a/cmake/px4_add_common_flags.cmake b/cmake/px4_add_common_flags.cmake
index d180e92b85..71fbbf2657 100644
--- a/cmake/px4_add_common_flags.cmake
+++ b/cmake/px4_add_common_flags.cmake
@@ -157,7 +157,6 @@ function(px4_add_common_flags)
 	set(cxx_flags)
 	list(APPEND cxx_flags
 		-fno-exceptions
-		-fno-rtti
 		-fno-threadsafe-statics
 
 		-Wreorder
@@ -165,6 +164,13 @@ function(px4_add_common_flags)
 		# disabled warnings
 		-Wno-overloaded-virtual # TODO: fix and remove
 	)
+
+	if(NOT CMAKE_BUILD_TYPE STREQUAL FuzzTesting)
+		list(APPEND cxx_flags
+			-fno-rtti
+		)
+	endif()
+
 	foreach(flag ${cxx_flags})
 		add_compile_options($<$<COMPILE_LANGUAGE:CXX>:${flag}>)
 	endforeach()
diff --git a/cmake/sanitizers.cmake b/cmake/sanitizers.cmake
index e656c3f735..612af9f8bd 100644
--- a/cmake/sanitizers.cmake
+++ b/cmake/sanitizers.cmake
@@ -136,13 +136,14 @@ elseif (CMAKE_BUILD_TYPE STREQUAL FuzzTesting)
 
 	add_compile_options(
 		-g3
-		-fsanitize=fuzzer,address,undefined
+		-fsanitize=fuzzer
 		-DFUZZTESTING
 	)
 
-	set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=fuzzer,address,undefined" CACHE INTERNAL "" FORCE)
-	set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -fsanitize=fuzzer,address,undefined" CACHE INTERNAL "" FORCE)
-	set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -fsanitize=fuzzer,address,undefined" CACHE INTERNAL "" FORCE)
+	set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=fuzzer $ENV{LIB_FUZZING_ENGINE}" CACHE INTERNAL "" FORCE)
+	set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -fsanitize=fuzzer $ENV{LIB_FUZZING_ENGINE}" CACHE INTERNAL "" FORCE)
+	set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -fsanitize=fuzzer $ENV{LIB_FUZZING_ENGINE}" CACHE INTERNAL "" FORCE)
+
 
 	function(sanitizer_fail_test_on_error test_name)
 		# Not sure what to do here