.github/workflows/fuzzing.yml - third_party/expat - Git at Google

 #                          __  __            _
 #                       ___\ \/ /_ __   __ _| |_
 #                      / _ \\  /| '_ \ / _` | __|
 #                     |  __//  \| |_) | (_| | |_
 #                      \___/_/\_\ .__/ \__,_|\__|
 #                               |_| XML parser
 #
 # Copyright (c) 2024-2025 Sebastian Pipping <sebastian@pipping.org>
 # Licensed under the MIT license:
 #
 # Permission is  hereby granted,  free of charge,  to any  person obtaining
 # a  copy  of  this  software   and  associated  documentation  files  (the
 # "Software"),  to  deal in  the  Software  without restriction,  including
 # without  limitation the  rights  to use,  copy,  modify, merge,  publish,
 # distribute, sublicense, and/or sell copies of the Software, and to permit
 # persons  to whom  the Software  is  furnished to  do so,  subject to  the
 # following conditions:
 #
 # The above copyright  notice and this permission notice  shall be included
 # in all copies or substantial portions of the Software.
 #
 # THE  SOFTWARE  IS  PROVIDED  "AS  IS",  WITHOUT  WARRANTY  OF  ANY  KIND,
 # EXPRESS  OR IMPLIED,  INCLUDING  BUT  NOT LIMITED  TO  THE WARRANTIES  OF
 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
 # NO EVENT SHALL THE AUTHORS OR  COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
 # DAMAGES OR  OTHER LIABILITY, WHETHER  IN AN  ACTION OF CONTRACT,  TORT OR
 # OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
 # USE OR OTHER DEALINGS IN THE SOFTWARE.

 name: Run fuzzing regression tests

 on:
   pull_request:
   push:
   schedule:
     - cron: '0 2 * * 5'  # Every Friday at 2am
   workflow_dispatch:

 permissions:
   contents: read

 jobs:
   run_fuzzers:
     name: Run fuzzing regression tests
     strategy:
       fail-fast: false
       matrix:
         fuzzer:
           - xml_parse_fuzzer_UTF-8
           - xml_parsebuffer_fuzzer_UTF-16LE
     runs-on: ubuntu-24.04
     env:
       fuzzer: ${{ matrix.fuzzer }}
     steps:
     - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8  # v5.0.0

     - name: Install Clang 20
       run: |-
         set -x
         source /etc/os-release
         wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -
         sudo add-apt-repository "deb https://apt.llvm.org/${UBUNTU_CODENAME}/ llvm-toolchain-${UBUNTU_CODENAME}-20 main"
         sudo apt-get update  # due to new repository
         sudo apt-get install --yes --no-install-recommends -V \
             clang-20 \
             libclang-rt-20-dev \
             llvm-20
         echo /usr/lib/llvm-20/bin >>"${GITHUB_PATH}"

     - name: Install build dependencies
       run: |-
         set -x
         sudo apt-get install --yes --no-install-recommends -V \
             autoconf \
             automake \
             docbook2x \
             libtool \
             libprotobuf-dev \
             lzip \
             protobuf-compiler

     - name: Turn Git clone into Autotools "make dist" release tarball
       run: |-
         set -x
         pushd expat/
           ./buildconf.sh
           ./configure
           make dist
         popd
         tar xf expat/expat-*.tar.xz
         rm -R expat/
         mv expat-* expat

     - name: Build Expat fuzzers
       run: |
         set -x -o pipefail

         type -P clang clang++
         clang --version | head -n1
         clang++ --version | head -n1

         cd expat/
         args=(
             # Build nothing but fuzzers
             -DEXPAT_BUILD_DOCS=OFF
             -DEXPAT_BUILD_EXAMPLES=OFF
             -DEXPAT_BUILD_FUZZERS=ON
             -DEXPAT_BUILD_PKGCONFIG=OFF
             -DEXPAT_BUILD_TESTS=OFF
             -DEXPAT_BUILD_TOOLS=OFF

             # Tune compilation of fuzzers to use Clang with ASan and UBSan
             -DCMAKE_C_COMPILER=clang
             -DCMAKE_CXX_COMPILER=clang++
             -DCMAKE_{C,CXX}_FLAGS='-Wall -Wextra -pedantic -O1 -g -fsanitize=address,undefined -fno-sanitize-recover=all -fno-omit-frame-pointer -fno-common -fprofile-instr-generate -fcoverage-mapping'
             -DCMAKE_{EXE,MODULE,SHARED}_LINKER_FLAGS='-g -fsanitize=address,undefined'
             -DEXPAT_WARNINGS_AS_ERRORS=ON
         )
         cmake "${args[@]}" -S . -B build
         make -C build VERBOSE=1 -j$(nproc)

         ./build/fuzz/xml_lpm_fuzzer -help=1

     - name: Download and extract Expat fuzzing corpora
       run: |-
         set -x
         cd expat/build/
         wget -q -O corpus.zip "https://storage.googleapis.com/expat-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/expat_${fuzzer}/public.zip"
         unzip -q -d corpus/ corpus.zip

     - name: Run fuzzing regression tests (1 to 5 minutes)
       run: |
         fuzz_args=(
             -jobs=$(nproc)
             -print_final_stats=1
             -rss_limit_mb=2560  # from OSS-Fuzz
             -timeout=25         # from OSS-Fuzz
         )

         set -x -o pipefail
         cd expat/build/

         mkdir coverage/
         export LLVM_PROFILE_FILE=coverage/expat-%p.profraw

         find corpus/ -type f | sort | xargs "fuzz/${fuzzer}" "${fuzz_args[@]}"

     - name: Store fuzzing logs of last batch
       uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4.6.2
       with:
         name: ${{ matrix.fuzzer }}_${{ github.sha }}_logs_last
         path: expat/build/fuzz-*.log
         if-no-files-found: error

     - name: Render coverage report
       run: |
         set -x -o pipefail
         cd expat/build/

         # Merged and convert to a single indexed profile data file
         llvm-profdata merge -sparse -o coverage/expat.profdata coverage/expat-*.profraw

         # Render report
         llvm-cov show fuzz/${fuzzer} -instr-profile=coverage/expat.profdata -show-branches=count -format=html -output-dir=coverage/html/
         llvm-cov report fuzz/${fuzzer} -instr-profile=coverage/expat.profdata -show-functions -sources ../lib/ | tee coverage/report_functions.txt
         llvm-cov report fuzz/${fuzzer} -instr-profile=coverage/expat.profdata                 -sources ../lib/ | tee coverage/report_files.txt

     - name: Store coverage report
       uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4.6.2
       with:
         name: ${{ matrix.fuzzer }}_${{ github.sha }}_coverage
         path: expat/build/coverage/
         if-no-files-found: error
	# __ __ _
	# ___\ \/ /_ __ __ _\| \|_
	# / _ \\ /\| '_ \ / _` \| __\|
	# \| __// \\| \|_) \| (_\| \| \|_
	# \___/_/\_\ .__/ \__,_\|\__\|
	# \|_\| XML parser
	#
	# Copyright (c) 2024-2025 Sebastian Pipping <sebastian@pipping.org>
	# Licensed under the MIT license:
	#
	# Permission is hereby granted, free of charge, to any person obtaining
	# a copy of this software and associated documentation files (the
	# "Software"), to deal in the Software without restriction, including
	# without limitation the rights to use, copy, modify, merge, publish,
	# distribute, sublicense, and/or sell copies of the Software, and to permit
	# persons to whom the Software is furnished to do so, subject to the
	# following conditions:
	#
	# The above copyright notice and this permission notice shall be included
	# in all copies or substantial portions of the Software.
	#
	# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
	# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
	# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
	# NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
	# DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
	# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
	# USE OR OTHER DEALINGS IN THE SOFTWARE.

	name: Run fuzzing regression tests

	on:
	pull_request:
	push:
	schedule:
	- cron: '0 2 * * 5' # Every Friday at 2am
	workflow_dispatch:

	permissions:
	contents: read

	jobs:
	run_fuzzers:
	name: Run fuzzing regression tests
	strategy:
	fail-fast: false
	matrix:
	fuzzer:
	- xml_parse_fuzzer_UTF-8
	- xml_parsebuffer_fuzzer_UTF-16LE
	runs-on: ubuntu-24.04
	env:
	fuzzer: ${{ matrix.fuzzer }}
	steps:
	- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

	- name: Install Clang 20
	run: \|-
	set -x
	source /etc/os-release
	wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key \| sudo apt-key add -
	sudo add-apt-repository "deb https://apt.llvm.org/${UBUNTU_CODENAME}/ llvm-toolchain-${UBUNTU_CODENAME}-20 main"
	sudo apt-get update # due to new repository
	sudo apt-get install --yes --no-install-recommends -V \
	clang-20 \
	libclang-rt-20-dev \
	llvm-20
	echo /usr/lib/llvm-20/bin >>"${GITHUB_PATH}"

	- name: Install build dependencies
	run: \|-
	set -x
	sudo apt-get install --yes --no-install-recommends -V \
	autoconf \
	automake \
	docbook2x \
	libtool \
	libprotobuf-dev \
	lzip \
	protobuf-compiler

	- name: Turn Git clone into Autotools "make dist" release tarball
	run: \|-
	set -x
	pushd expat/
	./buildconf.sh
	./configure
	make dist
	popd
	tar xf expat/expat-*.tar.xz
	rm -R expat/
	mv expat-* expat

	- name: Build Expat fuzzers
	run: \|
	set -x -o pipefail

	type -P clang clang++
	clang --version \| head -n1
	clang++ --version \| head -n1

	cd expat/
	args=(
	# Build nothing but fuzzers
	-DEXPAT_BUILD_DOCS=OFF
	-DEXPAT_BUILD_EXAMPLES=OFF
	-DEXPAT_BUILD_FUZZERS=ON
	-DEXPAT_BUILD_PKGCONFIG=OFF
	-DEXPAT_BUILD_TESTS=OFF
	-DEXPAT_BUILD_TOOLS=OFF

	# Tune compilation of fuzzers to use Clang with ASan and UBSan
	-DCMAKE_C_COMPILER=clang
	-DCMAKE_CXX_COMPILER=clang++
	-DCMAKE_{C,CXX}_FLAGS='-Wall -Wextra -pedantic -O1 -g -fsanitize=address,undefined -fno-sanitize-recover=all -fno-omit-frame-pointer -fno-common -fprofile-instr-generate -fcoverage-mapping'
	-DCMAKE_{EXE,MODULE,SHARED}_LINKER_FLAGS='-g -fsanitize=address,undefined'
	-DEXPAT_WARNINGS_AS_ERRORS=ON
	)
	cmake "${args[@]}" -S . -B build
	make -C build VERBOSE=1 -j$(nproc)

	./build/fuzz/xml_lpm_fuzzer -help=1

	- name: Download and extract Expat fuzzing corpora
	run: \|-
	set -x
	cd expat/build/
	wget -q -O corpus.zip "https://storage.googleapis.com/expat-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/expat_${fuzzer}/public.zip"
	unzip -q -d corpus/ corpus.zip

	- name: Run fuzzing regression tests (1 to 5 minutes)
	run: \|
	fuzz_args=(
	-jobs=$(nproc)
	-print_final_stats=1
	-rss_limit_mb=2560 # from OSS-Fuzz
	-timeout=25 # from OSS-Fuzz
	)

	set -x -o pipefail
	cd expat/build/

	mkdir coverage/
	export LLVM_PROFILE_FILE=coverage/expat-%p.profraw

	find corpus/ -type f \| sort \| xargs "fuzz/${fuzzer}" "${fuzz_args[@]}"

	- name: Store fuzzing logs of last batch
	uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
	with:
	name: ${{ matrix.fuzzer }}_${{ github.sha }}_logs_last
	path: expat/build/fuzz-*.log
	if-no-files-found: error

	- name: Render coverage report
	run: \|
	set -x -o pipefail
	cd expat/build/

	# Merged and convert to a single indexed profile data file
	llvm-profdata merge -sparse -o coverage/expat.profdata coverage/expat-*.profraw

	# Render report
	llvm-cov show fuzz/${fuzzer} -instr-profile=coverage/expat.profdata -show-branches=count -format=html -output-dir=coverage/html/
	llvm-cov report fuzz/${fuzzer} -instr-profile=coverage/expat.profdata -show-functions -sources ../lib/ \| tee coverage/report_functions.txt
	llvm-cov report fuzz/${fuzzer} -instr-profile=coverage/expat.profdata -sources ../lib/ \| tee coverage/report_files.txt

	- name: Store coverage report
	uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
	with:
	name: ${{ matrix.fuzzer }}_${{ github.sha }}_coverage
	path: expat/build/coverage/
	if-no-files-found: error