microsoft/qdk
Publicmirrored from https://github.com/microsoft/qdkAvailable
.github/workflows/fuzz.yml
212lines · modecode
| 1 | name: fuzz |
| 2 | run-name: Fuzz |
| 3 | env: |
| 4 | OWNER_RDPATH: . # Rel path to the dir that contains the fuzzing infra (contains "fuzz" dir). |
| 5 | DURATION_SEC: 7200 # Fuzzing run duration in seconds. |
| 6 | STDERR_LOG_FNAME: fuzz.stderr.log # File name to redirect the fuzzing run's stderr to. |
| 7 | TMIN_LOG_FNAME: fuzz.tmin.log # File name to redirect the fuzzing input minimization log to. |
| 8 | GH_ISSUE_TEMPLATE_RFPATH: .github/ISSUE_TEMPLATE/fuzz_bug_report.md |
| 9 | # GitHub issue template rel file path. |
| 10 | ARTIFACTS_RDPATH: fuzz/artifacts # Fuzzing artifacts rel dir path. |
| 11 | SEEDS_RDPATH: fuzz/seed_inputs # Fuzzing seed inputs rel dir path. |
| 12 | SEEDS_FNAME: list.txt # Fuzzing seed inputs list file name. |
| 13 | on: |
| 14 | schedule: # Production runs against default branch. |
| 15 | - cron: '24 11 * * 0' # Run after 11:24 UTC (4:24am PDT/3:24am PST) on Sun. |
| 16 | workflow_dispatch: # Manual runs. |
| 17 | push: |
| 18 | branches: |
| 19 | - main # Development runs against main branch. |
| 20 | paths: |
| 21 | - 'compiler/**' # Run if the compiler was changed. |
| 22 | - 'fuzz/**' # Run if the fuzzing infra was changed. |
| 23 | - '.github/ISSUE_TEMPLATE/fuzz_bug_report.md' |
| 24 | # Run if the GitHub issue template was changed. |
| 25 | - '.github/workflows/fuzz.yml' # Run if the workflow itself was changed. |
| 26 | - '!compiler/qsc_eval/**' # Exclude the qsc_eval dir. |
| 27 | - '!compiler/qsc_codegen/**' # Exclude the qsc_codegen dir. |
| 28 | |
| 29 | jobs: |
| 30 | fuzz: |
| 31 | name: Fuzzing |
| 32 | strategy: |
| 33 | fail-fast: false |
| 34 | matrix: |
| 35 | os: [ubuntu-latest] # Fuzzing is not supported on Win. The macos is temporarily removed |
| 36 | # because of low availability. |
| 37 | target_name: [qsharp, qasm] |
| 38 | |
| 39 | runs-on: ${{ matrix.os }} |
| 40 | permissions: |
| 41 | issues: write |
| 42 | steps: |
| 43 | - name: Install and Configure Tools |
| 44 | run: | |
| 45 | rustup install nightly # Install nightly toolchain. |
| 46 | rustup default nightly # Make nightly toolchain default. |
| 47 | cargo install cargo-fuzz # Install cargo-fuzz (fuzzing tool). |
| 48 | |
| 49 | - name: Checkout the Repo |
| 50 | uses: actions/checkout@v3 |
| 51 | with: |
| 52 | submodules: "true" |
| 53 | |
| 54 | - name: Gather the Seed Inputs |
| 55 | if: matrix.target_name == 'qsharp' |
| 56 | run: | |
| 57 | cd $OWNER_RDPATH # Enter the dir containing the fuzzing infra. |
| 58 | |
| 59 | # Clone the submodules of QDK: |
| 60 | REPOS="Quantum Quantum-NC QuantumKatas QuantumLibraries iqsharp qdk-python qsharp-compiler qsharp-runtime" |
| 61 | for REPO in $REPOS ; do |
| 62 | git clone --depth 1 --single-branch --no-tags --recurse-submodules --shallow-submodules --jobs 4 \ |
| 63 | https://github.com/microsoft/$REPO.git $SEEDS_RDPATH/${{ matrix.target_name }}/$REPO |
| 64 | done |
| 65 | |
| 66 | # Build a comma-separated list of all the .qs files in $SEEDS_FNAME file: |
| 67 | find $SEEDS_RDPATH/${{ matrix.target_name }} -name "*.qs" | tr "\n" "," > \ |
| 68 | $SEEDS_RDPATH/${{ matrix.target_name }}/$SEEDS_FNAME |
| 69 | |
| 70 | - name: Build and Run the Fuzz Target |
| 71 | run: | |
| 72 | cd $OWNER_RDPATH # Enter the dir containing the fuzzing infra. |
| 73 | cargo fuzz build --release --sanitizer=none --features do_fuzz ${{ matrix.target_name }} # Build the fuzz target. |
| 74 | |
| 75 | # Run fuzzing for specified number of seconds and redirect the `stderr` to a file |
| 76 | # whose name is specified by the STDERR_LOG_FNAME env var: |
| 77 | RUST_BACKTRACE=1 cargo fuzz run --release --sanitizer=none --features do_fuzz ${{ matrix.target_name }} -- \ |
| 78 | -seed_inputs=@$SEEDS_RDPATH/${{ matrix.target_name }}/$SEEDS_FNAME \ |
| 79 | -max_total_time=$DURATION_SEC \ |
| 80 | -rss_limit_mb=4096 \ |
| 81 | -max_len=20000 \ |
| 82 | 2>$STDERR_LOG_FNAME |
| 83 | # The `-rss_limit_mb` and `-max_len` work around running out of memory. |
| 84 | |
| 85 | - name: "If Fuzzing Failed: Collect Failure Info" |
| 86 | if: failure() |
| 87 | run: | |
| 88 | cd $OWNER_RDPATH # Enter the dir containing the fuzzing infra. |
| 89 | |
| 90 | # Extract from stderr log the panic message: |
| 91 | PANIC_MESSAGE=`cat $STDERR_LOG_FNAME | |
| 92 | grep "panicked at" | sed "s|thread '<unnamed>' panicked at '\([^']*\).*|\1|"` |
| 93 | # Explanation: |
| 94 | # `cat $STDERR_LOG_FNAME |`: Display the contents of the stderr log file and pass the contents |
| 95 | # to the next command. |
| 96 | # `grep "panicked at" |`: Filter out (drop) all the lines except the ones containing "panicked at", |
| 97 | # the script expects that there is only one such line, pass that line to the next command. Line example: |
| 98 | # thread '<unnamed>' panicked at 'global item should have type', . . ./compiler/qsc_frontend/src/typeck/rules.rs:300:26 |
| 99 | # `sed "s|thread '<unnamed>' panicked at '\([^']*\).*|\1|"`: `sed` - stream editor. |
| 100 | # `s` after quote: search command. After `s` there are two sections, each between a pair of '|'. |
| 101 | # First section: |
| 102 | # In the incoming stream search for a sequence starting with "thread '<unnamed>' panicked at '" |
| 103 | # (sequence from the beginning of the line until after the apostrophe where the panic message starts), |
| 104 | # followed by zero or more ('*' after ']') non-apostrophe chars (`[^']`) |
| 105 | # and memorize ( `\(`, `\)` ) that sequence of non-apostrophe chars (between apostrophes - |
| 106 | # "global item should have type") as a memory item 1; |
| 107 | # followed by zero or more ('*' after '.') arbitrary chars ('.') till the end of the line. |
| 108 | # Second section (`\1`): |
| 109 | # If the sequence specified by the first section is found, then replace that sequence (the whole line) |
| 110 | # with the memory item 1 (`\1`), ending up in a panic message between the apostrophes. |
| 111 | # PANIC_MESSAGE=`. . .`: The output of the command(s) between the backticks ('`') is saved in the |
| 112 | # env var PANIC_MESSAGE. |
| 113 | # If the failure is not panic-based then extract any ERROR message(s): |
| 114 | if [ "$PANIC_MESSAGE" == "" ]; then |
| 115 | PANIC_MESSAGE=`cat $STDERR_LOG_FNAME | grep "ERROR"` |
| 116 | fi |
| 117 | echo "PANIC_MESSAGE: '$PANIC_MESSAGE'" # Output the PANIC_MESSAGE var value to the log |
| 118 | # (optional, for workflow failure analysis and sanity check). |
| 119 | echo "PANIC_MESSAGE=$PANIC_MESSAGE" >> "$GITHUB_ENV" # Save the PANIC_MESSAGE var in the env, will be used in |
| 120 | # the subsequent `run:` and `uses:` steps. |
| 121 | |
| 122 | # Determine the name of a file containing the input of interest (that triggers the panic/crash): |
| 123 | if [ -e $ARTIFACTS_RDPATH/${{ matrix.target_name }}/crash-* ]; then # Panic and Stack Overflow Cases. |
| 124 | TO_MINIMIZE_FNAME=crash-*; |
| 125 | elif [ -e $ARTIFACTS_RDPATH/${{ matrix.target_name }}/oom-* ]; then # Out-of-Memory Case. |
| 126 | TO_MINIMIZE_FNAME=oom-*; |
| 127 | else |
| 128 | echo -e "File to minimize not found.\nContents of artifacts dir \"$ARTIFACTS_RDPATH/${{ matrix.target_name }}/\":" |
| 129 | ls $ARTIFACTS_RDPATH/${{ matrix.target_name }}/ |
| 130 | fi |
| 131 | |
| 132 | if [ "$TO_MINIMIZE_FNAME" != "" ]; then |
| 133 | echo "TO_MINIMIZE_FNAME: $TO_MINIMIZE_FNAME" |
| 134 | |
| 135 | # Minimize the input: |
| 136 | ( cargo fuzz tmin --release --sanitizer=none --features do_fuzz -r 10000 ${{ matrix.target_name }} $ARTIFACTS_RDPATH/${{ matrix.target_name }}/$TO_MINIMIZE_FNAME 2>&1 ) > \ |
| 137 | $TMIN_LOG_FNAME || MINIMIZATION_FAILED=1 |
| 138 | |
| 139 | # Get the minimized input relative faile path: |
| 140 | if [ "$MINIMIZATION_FAILED" == "1" ]; then |
| 141 | # Minimization failed, get the latest successful minimized input relative faile path: |
| 142 | MINIMIZED_INPUT_RFPATH=` |
| 143 | cat $TMIN_LOG_FNAME | grep "CRASH_MIN: minimizing crash input: " | tail -n 1 | |
| 144 | sed "s|^.*\($ARTIFACTS_RDPATH/${{ matrix.target_name }}/[^\']*\).*|\1|"` |
| 145 | else |
| 146 | # Minimization Succeeded, get the reported minimized input relative faile path:: |
| 147 | MINIMIZED_INPUT_RFPATH=` |
| 148 | cat $TMIN_LOG_FNAME | grep "failed to minimize beyond" | |
| 149 | sed "s|.*\($ARTIFACTS_RDPATH/${{ matrix.target_name }}/[^ ]*\).*|\1|" ` |
| 150 | fi |
| 151 | echo "MINIMIZED_INPUT_RFPATH: $MINIMIZED_INPUT_RFPATH" |
| 152 | echo "MINIMIZED_INPUT_RFPATH=$MINIMIZED_INPUT_RFPATH" >> "$GITHUB_ENV" |
| 153 | |
| 154 | # Extract the minimized input: |
| 155 | MINIMIZED_INPUT=`cat $MINIMIZED_INPUT_RFPATH | tr "\n" "\r"` |
| 156 | # Display the contents of the minimized input file and replace all the occurrences of '\n' with '\r' |
| 157 | # so that the potentially multiline sequence can be "serialized" into the env var, |
| 158 | # while preserving the information about the line breaks. |
| 159 | else |
| 160 | MINIMIZED_INPUT="(Input minimization failed, see the workflow logs and artifacts)" |
| 161 | fi |
| 162 | echo "MINIMIZED_INPUT: '$MINIMIZED_INPUT'" |
| 163 | echo "MINIMIZED_INPUT=$MINIMIZED_INPUT" >> "$GITHUB_ENV" |
| 164 | |
| 165 | # Get the workflow agent system info: |
| 166 | WF_AGENT_SYS_INFO="`uname -a`" |
| 167 | echo "WF_AGENT_SYS_INFO: $WF_AGENT_SYS_INFO" |
| 168 | echo "WF_AGENT_SYS_INFO=$WF_AGENT_SYS_INFO" >> "$GITHUB_ENV" |
| 169 | echo "WF_AGENT_OS=${{ matrix.os }}" >> "$GITHUB_ENV" |
| 170 | |
| 171 | # Get the branch info: |
| 172 | BRANCH_INFO=`git branch | grep '*'` |
| 173 | echo "BRANCH_INFO: '$BRANCH_INFO'" |
| 174 | echo "BRANCH_INFO=$BRANCH_INFO" >> "$GITHUB_ENV" |
| 175 | |
| 176 | # Get the commit info: |
| 177 | COMMIT_INFO=`git log -1 | tr "\n" "\r"` |
| 178 | echo "COMMIT_INFO: '$COMMIT_INFO'" |
| 179 | echo "COMMIT_INFO=$COMMIT_INFO" >> "$GITHUB_ENV" |
| 180 | |
| 181 | # Get the last N bytes of the fuzzing stderr log into the env var |
| 182 | # (N is such that the subsequent GitHub issue reporting does not overflow): |
| 183 | STDERR_LOG=`tail -c 63488 $STDERR_LOG_FNAME | tr "\n" "\r"` |
| 184 | echo "STDERR_LOG: '$STDERR_LOG'" |
| 185 | echo "STDERR_LOG=$STDERR_LOG" >> "$GITHUB_ENV" |
| 186 | |
| 187 | - name: "If Fuzzing Failed: Upload Failure Artifacts" |
| 188 | if: failure() |
| 189 | uses: actions/upload-artifact@v4 |
| 190 | with: |
| 191 | path: | |
| 192 | ${{ env.OWNER_RDPATH }}/${{ env.STDERR_LOG_FNAME }} |
| 193 | ${{ env.OWNER_RDPATH }}/${{ env.TMIN_LOG_FNAME }} |
| 194 | ${{ env.OWNER_RDPATH }}/${{ env.ARTIFACTS_RDPATH }}/${{ matrix.target_name }}/* |
| 195 | ${{ env.OWNER_RDPATH }}/${{ env.SEEDS_RDPATH }}/${{ matrix.target_name }}/${{ env.SEEDS_FNAME }} |
| 196 | if-no-files-found: error |
| 197 | |
| 198 | - name: "If Fuzzing Failed: Report GutHub Issue" |
| 199 | if: failure() |
| 200 | uses: JasonEtco/create-an-issue@v2 |
| 201 | env: |
| 202 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 203 | WORKFLOW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} |
| 204 | with: |
| 205 | filename: ${{ env.GH_ISSUE_TEMPLATE_RFPATH }} |
| 206 | # This issue template file uses a number of env vars collected above. |
| 207 | id: create-issue |
| 208 | |
| 209 | - name: "If Fuzzing Failed: Log Issue Info" |
| 210 | if: failure() |
| 211 | run: | |
| 212 | echo "Created issue #${{ steps.create-issue.outputs.number }} ${{ steps.create-issue.outputs.url }}" |
| 213 | |