From ccf709f2ab43a858380b727f8284a2ab4a8e5305 Mon Sep 17 00:00:00 2001 From: Fabian Meumertzheim Date: Mon, 15 Jan 2024 14:55:16 +0100 Subject: [PATCH] Add support for Bzlmod Requires fixing a case of a non-hermetic Python import in `dict_validation_test` that breaks with Python 3.11, with which Bazel uses `PYTHONSAFEPATH` by default. A follow-up PR will provide the publishing setup for releases to the Bazel Central Registry (BCR). --- .bazelrc | 4 -- .bazelversion | 2 +- .github/workflows/bazel_test.yml | 20 ++++++++++ .gitignore | 9 +++++ MODULE.bazel | 57 +++++++++++++++++++++++++++ WORKSPACE.bzlmod | 1 + examples/bzlmod/.bazelrc | 17 ++++++++ examples/bzlmod/BUILD.bazel | 13 ++++++ examples/bzlmod/JavaFuzzTest.java | 23 +++++++++++ examples/bzlmod/MODULE.bazel | 5 +++ examples/bzlmod/cc_fuzz_test.cc | 22 +++++++++++ examples/java/BUILD | 1 - fuzzing/private/extensions.bzl | 22 +++++++++++ fuzzing/repositories.bzl | 6 +-- fuzzing/tools/dict_validation_test.py | 2 +- 15 files changed, 194 insertions(+), 10 deletions(-) create mode 100644 MODULE.bazel create mode 100644 WORKSPACE.bzlmod create mode 100644 examples/bzlmod/.bazelrc create mode 100644 examples/bzlmod/BUILD.bazel create mode 100644 examples/bzlmod/JavaFuzzTest.java create mode 100644 examples/bzlmod/MODULE.bazel create mode 100644 examples/bzlmod/cc_fuzz_test.cc create mode 100644 fuzzing/private/extensions.bzl diff --git a/.bazelrc b/.bazelrc index 49a9e99b..876b6f5e 100644 --- a/.bazelrc +++ b/.bazelrc @@ -12,10 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -# rules_fuzzing is not yet compatible with Bzlmod. -# Use the experimental version of the flag for Bazel 5 compatibility. -common --noexperimental_enable_bzlmod - # Force the use of Clang for all builds. build --repo_env=CC=clang diff --git a/.bazelversion b/.bazelversion index 66ce77b7..c048360c 100644 --- a/.bazelversion +++ b/.bazelversion @@ -1 +1 @@ -7.0.0 +7.0.1rc2 diff --git a/.github/workflows/bazel_test.yml b/.github/workflows/bazel_test.yml index 79fa5c5e..b724e460 100644 --- a/.github/workflows/bazel_test.yml +++ b/.github/workflows/bazel_test.yml @@ -169,3 +169,23 @@ jobs: - name: Run regression tests on macOS run: | bazel test --verbose_failures --test_output=all //examples/... + bzlmod_examples_libfuzzer: + name: Bzlmod examples (libFuzzer) + runs-on: ubuntu-20.04 + steps: + - name: Checkout repository + uses: actions/checkout@v2 + - name: Run regression tests on macOS + run: | + cd examples/bzlmod + bazel test --verbose_failures --test_output=all --@rules_fuzzing//fuzzing:cc_engine=@rules_fuzzing//fuzzing/engines:libfuzzer //... + bzlmod_examples_replay: + name: Bzlmod examples (replay) + runs-on: ubuntu-20.04 + steps: + - name: Checkout repository + uses: actions/checkout@v2 + - name: Run regression tests on macOS + run: | + cd examples/bzlmod + bazel test --verbose_failures --test_output=all --@rules_fuzzing//fuzzing:cc_engine=@rules_fuzzing//fuzzing/engines:replay //... diff --git a/.gitignore b/.gitignore index f7b2d3da..261cdc1f 100644 --- a/.gitignore +++ b/.gitignore @@ -14,6 +14,7 @@ # Bazel-generated files. /bazel-* +/examples/bzlmod/bazel-* # Visual Studio Code configuration. /.vscode @@ -21,3 +22,11 @@ # IntelliSense configuration generated by # https://github.com/grailbio/bazel-compilation-database compile_commands.json + +# IntelliJ & CLion +.clwb +.ijwb + +# The Bzlmod lockfile is platform-dependent with Python and thus hard +# to keep up-to-date in CI. It still speeds up local development. +MODULE.bazel.lock diff --git a/MODULE.bazel b/MODULE.bazel new file mode 100644 index 00000000..ea4f8eb9 --- /dev/null +++ b/MODULE.bazel @@ -0,0 +1,57 @@ +module( + name = "rules_fuzzing", + # Automatically updated during releases by the Publish to BCR app. + version = "0.0.0", +) + +bazel_dep(name = "abseil-cpp", version = "20230802.1", repo_name = "com_google_absl") +bazel_dep(name = "bazel_skylib", version = "1.5.0") +bazel_dep(name = "platforms", version = "0.0.8") +bazel_dep(name = "rules_python", version = "0.28.0") + +bazel_dep(name = "stardoc", version = "0.6.2", dev_dependency = True, repo_name = "io_bazel_stardoc") +bazel_dep(name = "googletest", version = "1.14.0.bcr.1", dev_dependency = True, repo_name = "com_google_googletest") +bazel_dep(name = "re2", version = "2023-11-01", dev_dependency = True) + +non_module_dependencies = use_extension("//fuzzing/private:extensions.bzl", "non_module_dependencies") +use_repo( + non_module_dependencies, + "honggfuzz", + "rules_fuzzing_jazzer", + "rules_fuzzing_jazzer_api", + "rules_fuzzing_oss_fuzz", +) + +SUPPORTED_PYTHON_VERSIONS = [ + "3.8", + "3.9", + "3.10", + "3.11", + "3.12", +] + +python = use_extension("@rules_python//python/extensions:python.bzl", "python") + +[ + python.toolchain( + # Required to avoid an error when running as root in OSS-Fuzz. + ignore_root_user_error = True, + is_default = python_version == SUPPORTED_PYTHON_VERSIONS[-1], + python_version = python_version, + ) + for python_version in SUPPORTED_PYTHON_VERSIONS +] + +pip = use_extension("@rules_python//python/extensions:pip.bzl", "pip") + +[ + pip.parse( + extra_pip_args = ["--require-hashes"], + hub_name = "rules_fuzzing_py_deps", + python_version = python_version, + requirements_lock = "//fuzzing:requirements.txt", + ) + for python_version in SUPPORTED_PYTHON_VERSIONS +] + +use_repo(pip, fuzzing_py_deps = "rules_fuzzing_py_deps") diff --git a/WORKSPACE.bzlmod b/WORKSPACE.bzlmod new file mode 100644 index 00000000..5bcb080e --- /dev/null +++ b/WORKSPACE.bzlmod @@ -0,0 +1 @@ +# Intentionally left blank as all deps are defined in MODULE.bazel. diff --git a/examples/bzlmod/.bazelrc b/examples/bzlmod/.bazelrc new file mode 100644 index 00000000..2782899e --- /dev/null +++ b/examples/bzlmod/.bazelrc @@ -0,0 +1,17 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +common --repo_env=CC=clang +common --@rules_fuzzing//fuzzing:cc_engine_instrumentation=libfuzzer +common --@rules_fuzzing//fuzzing:cc_engine_sanitizer=asan diff --git a/examples/bzlmod/BUILD.bazel b/examples/bzlmod/BUILD.bazel new file mode 100644 index 00000000..693a6129 --- /dev/null +++ b/examples/bzlmod/BUILD.bazel @@ -0,0 +1,13 @@ +load("@rules_fuzzing//fuzzing:cc_defs.bzl", "cc_fuzz_test") +load("@rules_fuzzing//fuzzing:java_defs.bzl", "java_fuzz_test") + +cc_fuzz_test( + name = "cc_fuzz_test", + srcs = ["cc_fuzz_test.cc"], +) + +java_fuzz_test( + name = "java_fuzz_test", + srcs = ["JavaFuzzTest.java"], + target_class = "com.example.JavaFuzzTest", +) diff --git a/examples/bzlmod/JavaFuzzTest.java b/examples/bzlmod/JavaFuzzTest.java new file mode 100644 index 00000000..841398c8 --- /dev/null +++ b/examples/bzlmod/JavaFuzzTest.java @@ -0,0 +1,23 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// A plain fuzz target that does nothing. + +package com.example; + +import com.code_intelligence.jazzer.api.FuzzedDataProvider; + +public class JavaFuzzTest { + public static void fuzzerTestOneInput(FuzzedDataProvider data) {} +} diff --git a/examples/bzlmod/MODULE.bazel b/examples/bzlmod/MODULE.bazel new file mode 100644 index 00000000..44da7ad1 --- /dev/null +++ b/examples/bzlmod/MODULE.bazel @@ -0,0 +1,5 @@ +bazel_dep(name = "rules_fuzzing") +local_path_override( + module_name = "rules_fuzzing", + path = "../..", +) diff --git a/examples/bzlmod/cc_fuzz_test.cc b/examples/bzlmod/cc_fuzz_test.cc new file mode 100644 index 00000000..b08b0028 --- /dev/null +++ b/examples/bzlmod/cc_fuzz_test.cc @@ -0,0 +1,22 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// A plain fuzz target that does nothing (just returns). + +#include +#include + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + return 0; +} diff --git a/examples/java/BUILD b/examples/java/BUILD index b6a8b425..91515241 100644 --- a/examples/java/BUILD +++ b/examples/java/BUILD @@ -16,7 +16,6 @@ # serve as regression tests. Targets that are expected to crash or hang are # disabled in the OSS-Fuzz integration using the "no-oss-fuzz" tag. -load("@rules_cc//cc:defs.bzl", "cc_binary") load("//fuzzing:java_defs.bzl", "java_fuzz_test") filegroup( diff --git a/fuzzing/private/extensions.bzl b/fuzzing/private/extensions.bzl new file mode 100644 index 00000000..d97ee96c --- /dev/null +++ b/fuzzing/private/extensions.bzl @@ -0,0 +1,22 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Internal dependencies that are not Bazel modules.""" + +load("//fuzzing:repositories.bzl", "rules_fuzzing_dependencies") + +def _non_module_dependencies(_): + rules_fuzzing_dependencies() + +non_module_dependencies = module_extension(_non_module_dependencies) diff --git a/fuzzing/repositories.bzl b/fuzzing/repositories.bzl index a807bc6b..27ea78f8 100644 --- a/fuzzing/repositories.bzl +++ b/fuzzing/repositories.bzl @@ -46,11 +46,11 @@ def rules_fuzzing_dependencies(oss_fuzz = True, honggfuzz = True, jazzer = True) maybe( http_archive, name = "bazel_skylib", + sha256 = "cd55a062e763b9349921f0f5db8c3933288dc8ba4f76dd9416aac68acee3cb94", urls = [ - "https://github.com/bazelbuild/bazel-skylib/releases/download/1.0.3/bazel-skylib-1.0.3.tar.gz", - "https://mirror.bazel.build/github.com/bazelbuild/bazel-skylib/releases/download/1.0.3/bazel-skylib-1.0.3.tar.gz", + "https://mirror.bazel.build/github.com/bazelbuild/bazel-skylib/releases/download/1.5.0/bazel-skylib-1.5.0.tar.gz", + "https://github.com/bazelbuild/bazel-skylib/releases/download/1.5.0/bazel-skylib-1.5.0.tar.gz", ], - sha256 = "1c531376ac7e5a180e0237938a2536de0c54d93f5c278634818e0efc952dd56c", ) maybe( http_archive, diff --git a/fuzzing/tools/dict_validation_test.py b/fuzzing/tools/dict_validation_test.py index 513f803c..fefe7910 100644 --- a/fuzzing/tools/dict_validation_test.py +++ b/fuzzing/tools/dict_validation_test.py @@ -18,7 +18,7 @@ """ import unittest -from dict_validation import validate_line +from fuzzing.tools.dict_validation import validate_line class DictValidatorTest(unittest.TestCase):