[minizinc] Initial Fuzzer (#2656)

projects/minizinc/Dockerfile

@@ -0,0 +1,24 @@
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+MAINTAINER Harsil S. Patel <harsil.patel@monash.edu>
+RUN apt-get update && apt-get install -y make autoconf automake libtool cmake git build-essential curl
+RUN curl -L https://gitlab.com/minizinc/minizinc-afl-seed-corpus/-/archive/master/minizinc-afl-seed-corpus-master.zip -o $SRC/minizinc_fuzzer_seed_corpus.zip
+RUN git clone --depth 1 --branch develop https://github.com/MiniZinc/libminizinc.git minizinc
+COPY minizinc_fuzzer.cpp minizinc/
+WORKDIR minizinc
+COPY build.sh minizinc_fuzzer.dict minizinc_fuzzer.options $SRC/

projects/minizinc/build.sh

@@ -0,0 +1,32 @@
+#!/bin/bash -eu
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+build_dir=$WORK/build
+
+mkdir -p $build_dir
+pushd $build_dir
+cmake $SRC/minizinc -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DCMAKE_INSTALL_PREFIX=$WORK/install
+cmake --build . --target install -- -j$(nproc)
+popd
+
+$CXX $CXXFLAGS -std=c++11 -I$WORK/install/include $SRC/minizinc/minizinc_fuzzer.cpp -o $OUT/minizinc_fuzzer $LIB_FUZZING_ENGINE $WORK/install/lib/libmzn.a
+
+rm -rf $OUT/share
+mv $WORK/install/share $OUT
+mv $SRC/minizinc_fuzzer_seed_corpus.zip $OUT/minizinc_fuzzer_seed_corpus.zip
+mv $SRC/minizinc_fuzzer.dict $OUT/minizinc_fuzzer.dict
+mv $SRC/minizinc_fuzzer.options $OUT/minizinc_fuzzer.options

projects/minizinc/minizinc_fuzzer.cpp

@@ -0,0 +1,48 @@
+#include <minizinc/solver.hh>
+
+using namespace std;
+using namespace MiniZinc;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+
+    Timer starttime;
+    bool fSuccess = false;
+    try {
+      MznSolver slv(std::cout,std::cerr);
+      try {
+        std::string model = std::string(reinterpret_cast<const char*>(Data), Size);
+        std::vector<std::string> args({"-c","--solver","org.minizinc.mzn-fzn"});
+        fSuccess = (slv.run(args, model, "minizinc", "model.mzn") != SolverInstance::ERROR);
+      } catch (const LocationException& e) {
+        if (slv.get_flag_verbose())
+          std::cerr << std::endl;
+        std::cerr << e.loc() << ":" << std::endl;
+        std::cerr << e.what() << ": " << e.msg() << std::endl;
+      } catch (const Exception& e) {
+        if (slv.get_flag_verbose())
+          std::cerr << std::endl;
+        std::string what = e.what();
+        std::cerr << what << (what.empty() ? "" : ": ") << e.msg() << std::endl;
+      }
+      catch (const exception& e) {
+        if (slv.get_flag_verbose())
+          std::cerr << std::endl;
+        std::cerr << e.what() << std::endl;
+      }
+      catch (...) {
+        if (slv.get_flag_verbose())
+          std::cerr << std::endl;
+        std::cerr << "  UNKNOWN EXCEPTION." << std::endl;
+      }
+
+      if (slv.get_flag_verbose()) {
+        std::cerr << "   Done (";
+        cerr << "overall time " << starttime.stoptime() << ")." << std::endl;
+      }
+    } catch (const Exception& e) {
+      std::string what = e.what();
+      std::cerr << what << (what.empty() ? "" : ": ") << e.msg() << std::endl;
+    }
+
+  return 0;  // Non-zero return values are reserved for future use.
+}

projects/minizinc/minizinc_fuzzer.dict

@@ -0,0 +1,50 @@
+reserved_keyword_0="ann"
+reserved_keyword_1="annotation"
+reserved_keyword_2="any"
+reserved_keyword_3="array"
+reserved_keyword_4="bool"
+reserved_keyword_5="case"
+reserved_keyword_6="constraint"
+reserved_keyword_7="diff"
+reserved_keyword_8="div"
+reserved_keyword_9="else"
+reserved_keyword_10="elseif"
+reserved_keyword_11="endif"
+reserved_keyword_12="enum"
+reserved_keyword_13="false"
+reserved_keyword_14="float"
+reserved_keyword_15="function"
+reserved_keyword_16="if"
+reserved_keyword_17="in"
+reserved_keyword_18="include"
+reserved_keyword_19="int"
+reserved_keyword_20="intersect"
+reserved_keyword_21="let"
+reserved_keyword_22="list"
+reserved_keyword_23="maximize"
+reserved_keyword_24="minimize"
+reserved_keyword_25="mod"
+reserved_keyword_26="not"
+reserved_keyword_27="of"
+reserved_keyword_28="op"
+reserved_keyword_29="opt"
+reserved_keyword_30="output"
+reserved_keyword_31="par"
+reserved_keyword_32="predicate"
+reserved_keyword_33="record"
+reserved_keyword_34="satisfy"
+reserved_keyword_35="set"
+reserved_keyword_36="solve"
+reserved_keyword_37="string"
+reserved_keyword_38="subset"
+reserved_keyword_39="superset"
+reserved_keyword_40="symdiff"
+reserved_keyword_41="test"
+reserved_keyword_42="then"
+reserved_keyword_43="true"
+reserved_keyword_44="tuple"
+reserved_keyword_45="type"
+reserved_keyword_46="union"
+reserved_keyword_47="var"
+reserved_keyword_48="where"
+reserved_keyword_49="xor"

projects/minizinc/minizinc_fuzzer.options

@@ -0,0 +1,3 @@
+[libfuzzer]
+only_ascii = 1
+detect_leaks = 0

projects/minizinc/project.yaml

@@ -7,4 +7,3 @@ sanitizers:
   - address
   - memory:
      experimental: True
-  - undefined