name: Run fuzzers on stored corpus and test it with valgrind

# In the case of a pull request happening at the same time as a cron
# job, there is a risk two jobs run at the same time. Therefore,
# the corpus is only uploaded for the master branch. Pull requests will
# fuzz for a short while, but the results are not uploaded.
on:
  push:
  pull_request:
  schedule:
    - cron: 23 */8 * * *

jobs:
  build:    
    runs-on: ubuntu-latest
    env:
      allfuzzers: parser dump dump_raw_tape print_json
      artifactsprefix: -artifact_prefix=fuzzfailure/
    steps:
    - name: Install packages necessary for building
      run: |
        sudo apt update
        sudo apt-get install --quiet ninja-build valgrind zip unzip
        wget https://apt.llvm.org/llvm.sh
        chmod +x llvm.sh
        sudo ./llvm.sh 9

    - uses: actions/checkout@v1
    - name: Create and prepare the initial seed corpus
      run: |
        fuzz/build_corpus.sh
        mv corpus.zip seed_corpus.zip
    - name: Download the corpus from the last run
      run: |
        wget --quiet https://dl.bintray.com/pauldreik/simdjson-fuzz-corpus/corpus/corpus.tar
        tar xf corpus.tar
        rm corpus.tar
    - name: List clang versions
      run: |
        ls /usr/bin/clang*
        which clang++
        clang++ --version
    - name: Build all the variants
      run: fuzz/build_fuzzer_variants.sh
    - name: Verify that the oss-fuzz seed corpus passes without problems
      run: |
        mkdir seedcorpus
        unzip -q -d seedcorpus seed_corpus.zip
        for buildvariant in noavx withavx; do
          for fuzzer in $allfuzzers; do
            build-ossfuzz-$buildvariant/fuzz/fuzz_$fuzzer seedcorpus -max_total_time=1
          done
        done
    - name: Run the fastest fuzzer to explore fast
      run: |
        for fuzzer in $allfuzzers; do
          mkdir -p out/$fuzzer # in case this is a new fuzzer, or corpus.tar is broken
          build-ossfuzz-fast9/fuzz/fuzz_$fuzzer         out/$fuzzer -max_total_time=30 $artifactsprefix || touch failed
          # make sure the failing output is visible in the log
          if [ -e failed ] ; then
            ls fuzzfailure/* |xargs -n1 base64
            exit 1
          fi
        done
    - name: Run the other fuzzer variants for $fuzzer, with sanitizers etc
      run: |
        set -x
        for fuzzer in $allfuzzers; do
          build-ossfuzz-withavx/fuzz/fuzz_$fuzzer       out/$fuzzer -max_total_time=20 $artifactsprefix || touch failed
          build-ossfuzz-noavx/fuzz/fuzz_$fuzzer         out/$fuzzer -max_total_time=10 $artifactsprefix || touch failed
          build-ossfuzz-noavx9/fuzz/fuzz_$fuzzer        out/$fuzzer -max_total_time=10 $artifactsprefix || touch failed
          if [ -e failed ] ; then
            # make sure the failing output is visible in the log
            ls fuzzfailure/* |xargs -n1 base64
            exit 1
          fi
          echo disable msan runs, it fails inside the fuzzing engine and not the fuzzed code!
          echo build-ossfuzz-msan-noavx9/fuzz/fuzz_$fuzzer   out/$fuzzer -max_total_time=10 -reload=0 $artifactsprefix
          echo build-ossfuzz-msan-withavx9/fuzz/fuzz_$fuzzer out/$fuzzer -max_total_time=10 -reload=0 $artifactsprefix
          echo now have $(ls out/$fuzzer |wc -l) files in corpus        
        done
    - name: Minimize the corpus with the fast fuzzer
      run: |
        for fuzzer in $allfuzzers; do      
          mkdir -p out/cmin/$fuzzer
          build-ossfuzz-fast9/fuzz/fuzz_$fuzzer -merge=1  out/cmin/$fuzzer out/$fuzzer
          rm -rf out/$fuzzer
          mv out/cmin/$fuzzer out/$fuzzer
        done
    - name: Package the corpus into an artifact
      run: |
        for fuzzer in $allfuzzers; do      
          tar rf corpus.tar out/$fuzzer
        done
    - name: Save the corpus as a github artifact
      uses: actions/upload-artifact@v1
      with:
        name: corpus
        path: corpus.tar
    - name: Run the corpus through valgrind (normal build)
      run: |
        for fuzzer in $allfuzzers; do      
          find out/$fuzzer -type f |sort|xargs valgrind build-plain-noavx/fuzz/fuzz_$fuzzer  2>&1|tee valgrind-$fuzzer-noavx.txt
        done
    - name: Run the corpus through valgrind (noavx build)
      run: |
        for fuzzer in $allfuzzers; do      
          find out/$fuzzer -type f |sort|xargs valgrind build-plain-normal/fuzz/fuzz_$fuzzer 2>&1|tee valgrind-$fuzzer-normal.txt      
        done  
    - name: Compress the valgrind output
      run: tar cf valgrind.tar valgrind-*.txt
    - name: Save valgrind output as a github artifact
      uses: actions/upload-artifact@v1
      with:
        name: valgrindresults
        path: valgrind.tar
    - name: Upload the corpus and results to bintray if we are on master
      run: |
        if [ $(git rev-parse --verify HEAD) = $(git rev-parse --verify origin/master) ] ; then
          echo uploading each artifact twice, otherwise it will not be published
          curl -T corpus.tar -upauldreik:${{ secrets.bintrayApiKey }} https://api.bintray.com/content/pauldreik/simdjson-fuzz-corpus/corpus/0/corpus/corpus.tar";publish=1;override=1"
          curl -T corpus.tar -upauldreik:${{ secrets.bintrayApiKey }} https://api.bintray.com/content/pauldreik/simdjson-fuzz-corpus/corpus/0/corpus/corpus.tar";publish=1;override=1"
          curl -T valgrind.tar -upauldreik:${{ secrets.bintrayApiKey }} https://api.bintray.com/content/pauldreik/simdjson-fuzz-corpus/corpus/0/corpus/valgrind.tar";publish=1;override=1"
          curl -T valgrind.tar -upauldreik:${{ secrets.bintrayApiKey }} https://api.bintray.com/content/pauldreik/simdjson-fuzz-corpus/corpus/0/corpus/valgrind.tar";publish=1;override=1"
        else
          echo "not on master, won't upload to bintray"
        fi
