pub_soft/rdkit
3
0
Fork 0
mirror of https://github.com/rdkit/rdkit.git synced 2026-06-03 21:44:30 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
rdkit/Code/Fuzz/README.md
intrigus-lgtm 98c8ee0b46 Add Fuzzing, fixes #2857 (#3128) 
* Add initial fuzz target

* Polish

Integrated the existing targets from @Google-Autofuzz.
Added a dictionary for smiles and a little corpora too.
Cleanup cmake.

* Fix Typo

* Remove debugging oversight

* Fail, when not building fuzzers statically

* Don't build fuzzers by default

* Add azure pipeline for fuzzing

* Format files; catch all exceptions

* Debugging pipeline

* Fix format of corpora files

* Add corpora for mol strings

* Add dictionary for mol strings

* Add README.md

* Remove very similar fuzz target

* Add mol pickle/deserialization fuzzer

* Improve fuzz readme

Co-authored-by: intrigus <abc123zeus@live.de>
2020-05-08 17:16:43 +02:00

65 lines
2.5 KiB
Markdown
Raw Permalink Blame History

## Important Notice
The files in the corpora folders (i.e. the folders ending in `_fuzzer`) can not be directly used for purposes other than fuzzing.
This is because the fuzzer uses parts of the content for generating different information.
Consider the example `[OH3+]0`.
The first part `[OH3+]` will be used as a smiles formula, but the last part `0` will for example be used to determine
whether the fuzzer should set a certain flag to `true` or it will be used to derive an integral value.
## Compiling
To fuzz rdkit you need to have clang installed.
If you have built the fuzzers you can invoke them like this:
./smiles_string_to_mol_fuzzer -dict=smiles_string_to_mol_fuzzer.dict smiles_string_to_mol_fuzzer/
For possible options that you can pass to the fuzzer see the libFuzzer [docs](https://llvm.org/docs/LibFuzzer.html).
# Clang
````shell
export CC="clang"
export CXX="clang++"
export SANITIZER_FLAGS_address="-fsanitize=address -fsanitize-address-use-after-scope"
export COVERAGE_FLAGS="-fsanitize=fuzzer-no-link"
export CFLAGS="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION $COVERAGE_FLAGS $SANITIZER_FLAGS_address"
export CXXFLAGS="$CFLAGS"
export LIB_FUZZING_ENGINE="-fsanitize=fuzzer"
mkdir build && cd build && \
cmake .. \
-DCMAKE_BUILD_TYPE=Release \
-DRDK_INSTALL_INTREE=ON \
-DRDK_BUILD_PYTHON_WRAPPERS=OFF \
-DLIB_FUZZING_ENGINE=${LIB_FUZZING_ENGINE} \
-DRDK_BUILD_FUZZ_TARGETS=ON \
-DRDK_INSTALL_STATIC_LIBS=ON \
-DBoost_USE_STATIC_LIBS=ON \
-DRDK_BUILD_CPP_TESTS=OFF \
-DBoost_NO_SYSTEM_PATHS=ON \
make
````
# GCC (non-fuzzing mode)
In this mode the resulting fuzzers take a list of files as argument
and invoke the fuzz target on each file.
No actual fuzzing will be done, since no new test cases are generated.
````shell
export CC="gcc"
export CXX="g++"
export SANITIZER_FLAGS_address="-fsanitize=address -fsanitize-address-use-after-scope"
export COVERAGE_FLAGS=""
export CFLAGS="-O1 -fno-omit-frame-pointer -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION $COVERAGE_FLAGS $SANITIZER_FLAGS_address"
export CXXFLAGS="$CFLAGS"
export LIB_FUZZING_ENGINE=""
mkdir build && cd build && \
cmake .. \
-DCMAKE_BUILD_TYPE=Release \
-DRDK_INSTALL_INTREE=ON \
-DRDK_BUILD_PYTHON_WRAPPERS=OFF \
-DLIB_FUZZING_ENGINE=${LIB_FUZZING_ENGINE} \
-DRDK_BUILD_FUZZ_TARGETS=ON \
-DRDK_INSTALL_STATIC_LIBS=ON \
-DBoost_USE_STATIC_LIBS=ON \
-DRDK_BUILD_CPP_TESTS=OFF \
-DBoost_NO_SYSTEM_PATHS=ON \
make
````
# GCC (fuzzing mode)
This does not seem to be possible.
Reference in New Issue View Git Blame Copy Permalink