FRET-LibAFL/.github/workflows/build_and_test.yml

name: build and test

on:
  push:
    branches: [ main, "pr/**" ]
  pull_request:
    branches: [ main ]
    types: ["labeled", "opened", "synchronize", "reopened"]
  workflow_dispatch:
  merge_group:
env:
  CARGO_TERM_COLOR: always
  CARGO_NET_GIT_FETCH_WITH_CLI: true
  MAIN_LLVM_VERSION: 18

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  common:
    strategy:
      fail-fast: false
      matrix:
        os: [ ubuntu-24.04, windows-latest, macOS-latest ]
    runs-on: ${{ matrix.os }}
    steps:
      - name: Install mimetype
        if: runner.os == 'Linux'
        run: sudo apt-get update && sudo apt-get install -y libfile-mimeinfo-perl
      - name: install mdbook
        uses: baptiste0928/cargo-install@v3
        with:
          crate: mdbook
      - name: install linkcheck
        uses: baptiste0928/cargo-install@v3
        with:
          crate: mdbook-linkcheck
          # NOTE: The current crates.io release of mdbook-linkcheck (v0.7.7) is broken
          #       => https://github.com/Michael-F-Bryan/mdbook-linkcheck/pull/82#issuecomment-2241058491
          git: https://github.com/Michael-F-Bryan/mdbook-linkcheck.git
          rev: 8c783c5d754d83bcd50c28fb4174854b04ece990
      - name: default nightly
        run: rustup default nightly
      - uses: actions/checkout@v4
      - if: runner.os == 'Linux'
        uses: ./.github/workflows/ubuntu-prepare
      - uses: Swatinem/rust-cache@v2
        with: { shared-key: "ubuntu" }
        if: runner.os == 'Linux'
      - uses: Swatinem/rust-cache@v2
        if: runner.os != 'Linux'
      - name: Check for binary blobs
        if: runner.os == 'Linux'
        run: ./scripts/check_for_blobs.sh
      - name: Build libafl debug
        run: cargo build -p libafl
      - name: Test the book (Linux)
        # TODO: fix books test fail with updated windows-rs
        if: runner.os == 'Linux'
        run: cd docs && mdbook test -L ../target/debug/deps
      - name: Test the book (MacOS)
        if: runner.os == 'MacOS'
        run: cd docs && mdbook test -L ../target/debug/deps $(python3-config --ldflags | cut -d ' ' -f1)
      - name: Run tests
        run: cargo test
      - name: Test libafl no_std
        run: cd libafl && cargo test --no-default-features
      - name: Test libafl_bolts no_std no_alloc
        run: cd libafl_bolts && cargo test --no-default-features
      - name: Test libafl_targets no_std
        run: cd libafl_targets && cargo test --no-default-features

  ubuntu-doc-build:
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4
      - uses: ./.github/workflows/ubuntu-prepare
      - uses: Swatinem/rust-cache@v2
      # ---- doc check ----
      - name: Build Docs
        run: RUSTFLAGS="--cfg docsrs" cargo +nightly doc --all-features --no-deps

  ubuntu-doc-test:
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4
      - uses: ./.github/workflows/ubuntu-prepare
      - uses: Swatinem/rust-cache@v2
      # ---- doc check ----
      - name: Test Docs
        run: RUSTFLAGS="--cfg docsrs" cargo +nightly test --doc --all-features

  ubuntu-miri:
    runs-on: ubuntu-24.04
    if: contains( github.event.pull_request.labels.*.name, 'pre-release')
    steps:
      - name: Add nightly clippy
        run: rustup toolchain install nightly --component miri --allow-downgrade
      - uses: actions/checkout@v4
      - uses: ./.github/workflows/ubuntu-prepare
      - uses: Swatinem/rust-cache@v2
      # --- miri undefined behavior test --
      - name: Run miri tests
        run: RUST_BACKTRACE=1 MIRIFLAGS="-Zmiri-disable-isolation" cargo +nightly miri test

  ubuntu:
    runs-on: ubuntu-24.04
    steps:
      - name: Remove Dotnet & Haskell
        run: rm -rf /usr/share/dotnet && rm -rf /opt/ghc
      - uses: actions/checkout@v4
      - uses: ./.github/workflows/ubuntu-prepare
      - uses: Swatinem/rust-cache@v2
        with: { shared-key: "ubuntu" }
      # pcguard edges and pcguard hitcounts are not compatible and we need to build them seperately
      - name: Check pcguard edges
        run: cargo check --features=sancov_pcguard_edges
      - name: run shellcheck
        run: shellcheck ./scripts/*.sh
      # ---- build normal and examples ----
      - name: Run a normal build
        run: cargo build --verbose
      - name: Build examples
        run: cargo build --examples --verbose

  ubuntu-clippy:
    runs-on: ubuntu-24.04
    steps:
      - name: Remove Dotnet & Haskell
        run: rm -rf /usr/share/dotnet && rm -rf /opt/ghc
      - name: Add nightly clippy
        run: rustup toolchain install nightly --component clippy --allow-downgrade && rustup default nightly
      - uses: actions/checkout@v4
      - uses: ./.github/workflows/ubuntu-prepare
      - uses: Swatinem/rust-cache@v2
        with: { shared-key: "ubuntu" }
      - name: Run clippy
        run: LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} ./scripts/clippy.sh
    # --- test embedding the libafl_libfuzzer_runtime library
    # Fix me plz
    # - name: Test Build libafl_libfuzzer with embed
    #  run: cargo +nightly test --features=embed-runtime --manifest-path libafl_libfuzzer/Cargo.toml

  ubuntu-check:
    runs-on: ubuntu-24.04
    needs: ubuntu
    strategy:
      matrix:
        instance_idx: [ "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17" ]
    steps:
      - uses: actions/checkout@v4
      - uses: ./.github/workflows/ubuntu-prepare
      - uses: Swatinem/rust-cache@v2
        with: { shared-key: "ubuntu" }
      # ---- build and feature check ----
      # cargo-hack's --feature-powerset would be nice here but libafl has a too many knobs
      - name: Check each feature
        # Skipping `python` as it has to be built with the `maturin` tool
        # `sancov_pcguard_edges` is tested seperatelyc
        run: python3 ./scripts/parallellize_cargo_check.py ${{ matrix.instance_idx }}

  ubuntu-concolic:
    runs-on: ubuntu-24.04
    needs: ubuntu
    steps:
      - name: Install curl
        run: sudo apt-get update && sudo apt-get install clang
      - uses: dtolnay/rust-toolchain@stable
      - uses: actions/checkout@v4
      - uses: Swatinem/rust-cache@v2
        with: { shared-key: "ubuntu" }
      - name: Install smoke test deps
        run: sudo ./libafl_concolic/test/smoke_test_ubuntu_deps.sh
      - name: Run smoke test
        run: ./libafl_concolic/test/smoke_test.sh

  python-bindings:
    runs-on: ubuntu-24.04
    steps:
      - name: Install deps
        run: sudo apt-get update && sudo apt-get install -y lsb-release wget software-properties-common gnupg ninja-build python3-dev python3-pip python3-venv libz3-dev
      - name: Install maturin
        run: cargo install --locked maturin
      - uses: actions/checkout@v4
      - uses: ./.github/workflows/ubuntu-prepare
      - uses: Swatinem/rust-cache@v2
        with: { shared-key: "ubuntu" }
      - name: Run a maturin build
        run: export LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} && cd ./bindings/pylibafl && python3 -m venv .env && . .env/bin/activate && pip install --upgrade --force-reinstall . && ./test.sh
      - name: Run python test
        run: . ./bindings/pylibafl/.env/bin/activate # && cd ./fuzzers/binary_only/python_qemu/ && python3 fuzzer.py 2>&1 | grep "Bye"

  cargo-fmt:
    runs-on: ubuntu-24.04
    env:
      MAIN_LLVM_VERSION: 19
    steps:
      - uses: actions/checkout@v4
      - uses: ./.github/workflows/ubuntu-prepare
      - name: Add rustfmt nightly
        shell: bash
        run: rustup component add --toolchain nightly-x86_64-unknown-linux-gnu rustfmt
      - uses: Swatinem/rust-cache@v2
        with: { shared-key: "ubuntu" }
      - name: Installing black
        run: python3 -m pip install black
      - name: Format Check
        run: ./scripts/fmt_all.sh check

  check-md-links:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Install linkspector
        shell: bash
        run: sudo apt-get update && sudo apt-get install -y npm && npm install -g @umbrelladocs/linkspector
      - name: Run linkspector
        shell: bash
        run: ./scripts/check_md_links.sh
      # TODO: Use github action once it's fixed (https://github.com/UmbrellaDocs/action-linkspector/issues/20)
      # - name: Run linkspector
      #   uses: umbrelladocs/action-linkspector@v1
      #   with:
      #     fail_on_error: 'true'
      #     config_file: '.github/.linkspector.yml'

  msrv:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: taiki-e/install-action@cargo-hack
      # Note: We currently only specify minimum rust versions for the default workspace members
      - run: cargo hack check --rust-version -p libafl -p libafl_bolts -p libafl_derive -p libafl_cc -p libafl_targets

  fuzzers-preflight:
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4
      - name: Fuzzer in CI Check
        run: ./scripts/check_tested_fuzzers.sh

  fuzzers:
    needs:
      - fuzzers-preflight
    strategy:
      fail-fast: true
      matrix:
        os: [ ubuntu-24.04 ]
        fuzzer:
          # Baby
          - ./fuzzers/baby/baby_fuzzer_swap_differential
          - ./fuzzers/baby/tutorial
          - ./fuzzers/baby/baby_fuzzer
          # - ./fuzzers/baby/backtrace_baby_fuzzers
          - ./fuzzers/baby/baby_fuzzer_unicode
          - ./fuzzers/baby/baby_fuzzer_minimizing
          - ./fuzzers/baby/backtrace_baby_fuzzers/c_code_with_fork_executor
          - ./fuzzers/baby/backtrace_baby_fuzzers/c_code_with_inprocess_executor
          - ./fuzzers/baby/backtrace_baby_fuzzers/rust_code_with_fork_executor
          - ./fuzzers/baby/backtrace_baby_fuzzers/rust_code_with_inprocess_executor
          - ./fuzzers/baby/backtrace_baby_fuzzers/command_executor
          - ./fuzzers/baby/backtrace_baby_fuzzers/forkserver_executor
          - ./fuzzers/baby/baby_fuzzer_custom_executor

          # Binary-only
          - ./fuzzers/binary_only/fuzzbench_fork_qemu
          - ./fuzzers/binary_only/frida_executable_libpng
          - ./fuzzers/binary_only/frida_windows_gdiplus
          - ./fuzzers/binary_only/frida_libpng
          - ./fuzzers/binary_only/fuzzbench_qemu
          - ./fuzzers/binary_only/intel_pt_baby_fuzzer
          - ./fuzzers/binary_only/intel_pt_command_executor
          - ./fuzzers/binary_only/tinyinst_simple

          # Forkserver
          - ./fuzzers/forkserver/forkserver_simple
          - ./fuzzers/forkserver/forkserver_libafl_cc
          - ./fuzzers/forkserver/fuzzbench_forkserver
          - ./fuzzers/forkserver/fuzzbench_forkserver_cmplog
          - ./fuzzers/forkserver/libafl-fuzz
          - ./fuzzers/forkserver/baby_fuzzer_with_forkexecutor

          # Full-system
          - ./fuzzers/full_system/nyx_libxml2_standalone
          - ./fuzzers/full_system/nyx_libxml2_parallel

          # Structure-aware
          - ./fuzzers/structure_aware/nautilus_sync
          - ./fuzzers/structure_aware/baby_fuzzer_grimoire
          - ./fuzzers/structure_aware/baby_fuzzer_gramatron
          - ./fuzzers/structure_aware/baby_fuzzer_tokens
          - ./fuzzers/structure_aware/baby_fuzzer_multi
          - ./fuzzers/structure_aware/baby_fuzzer_custom_input
          - ./fuzzers/structure_aware/baby_fuzzer_nautilus
          - ./fuzzers/structure_aware/forkserver_simple_nautilus

          # In-process
          - ./fuzzers/fuzz_anything/cargo_fuzz
          # - ./fuzzers/inprocess/dynamic_analysis
          - ./fuzzers/inprocess/fuzzbench
          - ./fuzzers/inprocess/fuzzbench_text
          - ./fuzzers/inprocess/fuzzbench_ctx
          - ./fuzzers/inprocess/libfuzzer_libmozjpeg
          - ./fuzzers/inprocess/libfuzzer_libpng
          - ./fuzzers/inprocess/libfuzzer_libpng_launcher
          - ./fuzzers/inprocess/libfuzzer_libpng_accounting
          - ./fuzzers/inprocess/libfuzzer_libpng_centralized
          - ./fuzzers/inprocess/libfuzzer_libpng_cmin
          - ./fuzzers/inprocess/libfuzzer_libpng_norestart
          # - ./fuzzers/inprocess/libfuzzer_libpng_tcp_manager
          - ./fuzzers/inprocess/libfuzzer_stb_image_sugar
          - ./fuzzers/inprocess/libfuzzer_stb_image
          # - ./fuzzers/structure_aware/libfuzzer_stb_image_concolic
          # - ./fuzzers/inprocess/libfuzzer_windows_asan
          # - ./fuzzers/inprocess/sqlite_centralized_multi_machine

          # Fuzz Anything
          - ./fuzzers/fuzz_anything/push_harness
          - ./fuzzers/fuzz_anything/push_stage_harness
          - ./fuzzers/fuzz_anything/libafl_atheris
          - ./fuzzers/fuzz_anything/baby_no_std
          - ./fuzzers/fuzz_anything/baby_fuzzer_wasm

    runs-on: ${{ matrix.os }}
    steps:
      - uses: actions/checkout@v4
      - uses: ./.github/workflows/fuzzer-tester-prepare
      - name: Build and run example fuzzers (Linux)
        if: runner.os == 'Linux'
        shell: bash
        run: RUN_ON_CI=1 LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} ./scripts/test_fuzzer.sh ${{ matrix.fuzzer }}

  changes:
    runs-on: ubuntu-24.04
    permissions:
      pull-requests: read
    outputs:
      qemu: ${{ steps.filter.outputs.qemu }}
    steps:
      - uses: actions/checkout@v4
      - uses: dorny/paths-filter@v3
        id: filter
        with:
          filters: |
            qemu:
              - '.github/**'
              - 'libafl/**'
              - 'libafl_bolts/**'
              - 'libafl_targets/**'
              - 'libafl_qemu/**'
              - 'fuzzers/*qemu*/**'

  fuzzers-qemu:
    needs:
      - changes
    if: ${{ needs.changes.outputs.qemu == 'true' }}
    strategy:
      matrix:
        os: [ubuntu-24.04]
        fuzzer:
          # Binary only
          - ./fuzzers/binary_only/qemu_cmin
          - ./fuzzers/binary_only/qemu_coverage
          - ./fuzzers/binary_only/qemu_launcher

          # Full-system
          - ./fuzzers/full_system/qemu_baremetal
          # - ./fuzzers/full_system/qemu_linux_kernel
          #- ./fuzzers/full_system/qemu_linux_process

    runs-on: [ self-hosted, qemu ]
    container: registry.gitlab.com/qemu-project/qemu/qemu/ubuntu2204:latest
    steps:
      - uses: actions/checkout@v4
      - uses: ./.github/workflows/qemu-fuzzer-tester-prepare
      - name: Build and run example QEMU fuzzers (Linux)
        if: runner.os == 'Linux'
        shell: bash
        run: RUN_ON_CI=1 LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} ./scripts/test_fuzzer.sh ${{ matrix.fuzzer }}

  nostd-build:
    runs-on: ubuntu-24.04
    steps:
      - uses: dtolnay/rust-toolchain@nightly
        with:
          components: rust-src
      - name: Add targets
        run: rustup target add arm-linux-androideabi && rustup target add thumbv6m-none-eabi
      - uses: actions/checkout@v4
      - uses: Swatinem/rust-cache@v2
      - name: Build aarch64-unknown-none
        run: cd ./fuzzers/fuzz_anything/baby_no_std && cargo +nightly build -Zbuild-std=core,alloc --target aarch64-unknown-none -v --release && cd ../..
      - name: run x86_64 until panic!
        run: cd ./fuzzers/fuzz_anything/baby_no_std && cargo +nightly run || test $? -ne 0 || exit 1
      - name: no_std tests
        run: cd ./libafl && cargo test --no-default-features

  nostd-clippy:
    runs-on: ubuntu-24.04
    steps:
      - uses: dtolnay/rust-toolchain@nightly
        with:
          components: clippy, rust-src
      - name: Add targets
        run: rustup target add arm-linux-androideabi && rustup target add thumbv6m-none-eabi
      - uses: actions/checkout@v4
      - uses: Swatinem/rust-cache@v2
      - name: libafl armv6m-none-eabi (32 bit no_std) clippy
        run: cd ./libafl && cargo clippy --target thumbv6m-none-eabi --no-default-features
      - name: Build no_std no_alloc bolts
        run: cd ./libafl_bolts && cargo +nightly build -Zbuild-std=core --target aarch64-unknown-none --no-default-features -v --release && cd ../

  format-toml:
    runs-on: ubuntu-24.04
    steps:
      - name: Install taplo
        run: curl -fsSL https://github.com/tamasfe/taplo/releases/latest/download/taplo-full-linux-x86_64.gz | gzip -d - | install -m 755 /dev/stdin /usr/local/bin/taplo
      - uses: actions/checkout@v4
      - name: Run taplo
        run: taplo format --check

  build-docker:
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4
      - name: Build docker
        run: docker build -t libafl .

  windows-frida-libpng:
    runs-on: windows-latest
    needs:
      - common
    steps:
      - uses: actions/checkout@v4
      - uses: ./.github/workflows/windows-tester-prepare
      - name: Build fuzzers/binary_only/frida_libpng
        run: cd fuzzers/binary_only/frida_libpng/ && cargo make test

  windows-frida-libfuzzer-stb-image:
    runs-on: windows-latest
    needs:
      - common
    steps:
      - uses: actions/checkout@v4
      - uses: ./.github/workflows/windows-tester-prepare
      - name: Build fuzzers/inprocess/libfuzzer_stb_image
        run: cd fuzzers/inprocess/libfuzzer_stb_image && cargo build --release

  windows-frida-gdiplus:
    runs-on: windows-latest
    needs:
      - common
    steps:
      - uses: actions/checkout@v4
      - uses: ./.github/workflows/windows-tester-prepare
      - name: Build fuzzers/binary_only/frida_windows_gdiplus
        run: cd fuzzers/binary_only/frida_windows_gdiplus/ && cargo make test && cargo make test_cmplog

  windows-tinyinst-simple:
    runs-on: windows-latest
    needs:
      - common
    steps:
      - name: install cxx bridge
        run: cargo install cxxbridge-cmd
      - uses: actions/checkout@v4
      - uses: ./.github/workflows/windows-tester-prepare
      - name: Build fuzzers/binary_only/tinyinst_simple
        run: cd fuzzers/binary_only/tinyinst_simple/ && cargo make test

  windows-clippy:
    runs-on: windows-latest
    needs:
      - common
    steps:
      - uses: dtolnay/rust-toolchain@stable
      - uses: actions/checkout@v4
      - uses: ./.github/workflows/windows-tester-prepare
      - uses: Swatinem/rust-cache@v2
      - name: Run real clippy, not the fake one
        shell: pwsh
        run: .\scripts\clippy.ps1

  macos:
    runs-on: macOS-latest
    steps:
      - uses: dtolnay/rust-toolchain@stable
      - name: Add nightly clippy
        run: rustup toolchain install nightly --component clippy --allow-downgrade && rustup default nightly
      - name: Install deps
        run: brew install z3 gtk+3 python
      - name: Install cxxbridge
        run: cargo install cxxbridge-cmd
      - uses: actions/checkout@v4
      - uses: Swatinem/rust-cache@v2
      - name: MacOS Build
        run: cargo build --verbose
      - name: Increase map sizes
        run: ./scripts/shmem_limits_macos.sh
      - name: Run Tests
        run: cargo test
      - name: Clippy
        run: cargo +nightly clippy --tests --all --exclude libafl_nyx --exclude symcc_runtime --exclude runtime_test

  ios:
    runs-on: macOS-latest
    steps:
      - uses: dtolnay/rust-toolchain@stable
      - name: install ios
        run: rustup target add aarch64-apple-ios
      - uses: actions/checkout@v4
      - uses: Swatinem/rust-cache@v2
      - name: Build iOS
        run: PYO3_CROSS_PYTHON_VERSION=$(python3 -c "print('{}.{}'.format(__import__('sys').version_info.major, __import__('sys').version_info.minor))") cargo build --target aarch64-apple-ios && cd libafl_frida && cargo build --target aarch64-apple-ios && cd ..

  android:
    runs-on: ubuntu-24.04
    steps:
      - name: Install curl
        run: sudo apt-get update && sudo apt-get install clang
      - uses: dtolnay/rust-toolchain@stable
      - uses: nttld/setup-ndk@v1
        with:
          ndk-version: r25b
      - name: install android
        run: rustup target add aarch64-linux-android
      - name: install cargo ndk
        run: cargo install cargo-ndk
      - uses: actions/checkout@v4
      - uses: Swatinem/rust-cache@v2
      - name: Build Android
        run: cd libafl && PYO3_CROSS_PYTHON_VERSION=$(python3 -c "print('{}.{}'.format(__import__('sys').version_info.major, __import__('sys').version_info.minor))") cargo ndk -t arm64-v8a build --release

    #run: cargo build --target aarch64-linux-android
    # TODO: Figure out how to properly build stuff with clang
    #- name: Add clang path to $PATH env
    #  if: runner.os == 'Windows'
    #  run: echo "C:\msys64\mingw64\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8
    #- name: Try if clang works
    #  run: clang -v
    #- name: Windows Test
    #  run: C:\Rust\.cargo\bin\cargo.exe test --verbose