Skip to content

Add support for coverage-guided fuzzing #425

Add support for coverage-guided fuzzing

Add support for coverage-guided fuzzing #425

Workflow file for this run

name: CI
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
workflow_dispatch:
jobs:
test-difftest-main:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- name: Mill Installation
run: |
sudo curl -L https://github.com/com-lihaoyi/mill/releases/download/0.11.1/0.11.1 > /usr/local/bin/mill
chmod +x /usr/local/bin/mill
- name: Generate Verilog
run: |
make difftest_verilog NOOP_HOME=$GITHUB_WORKSPACE
test-difftest-nutshell:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- name: Prepare environment
run: |
cd $GITHUB_WORKSPACE/..
git config --global url."https://github.com/".insteadOf git@github.com:
git config --global url."https://".insteadOf git://
git clone https://github.com/OpenXiangShan/xs-env
cd xs-env
sudo -s ./setup-tools.sh
source ./setup.sh
- name: Prepare NutShell
run: |
cd $GITHUB_WORKSPACE/../xs-env
rm -r NutShell
git clone -b dev-difftest --single-branch https://github.com/OSCPU/NutShell.git
cd NutShell && git submodule update --init
rm -r difftest
cp -r $GITHUB_WORKSPACE .
- name: Simulation with No Diff
run: |
cd $GITHUB_WORKSPACE/../xs-env
source ./env.sh
cd $GITHUB_WORKSPACE/../xs-env/NutShell
source ./env.sh
make clean
make emu
./build/emu -b 0 -e 0 -i ./ready-to-run/microbench.bin --no-diff
- name: Basic Difftest
run: |
cd $GITHUB_WORKSPACE/../xs-env
source ./env.sh
cd $GITHUB_WORKSPACE/../xs-env/NutShell
source ./env.sh
./build/emu -b 0 -e 0 -i ./ready-to-run/microbench.bin --diff ./ready-to-run/riscv64-nemu-interpreter-so
- name: Difftest with Snapshot
run: |
cd $GITHUB_WORKSPACE/../xs-env
source ./env.sh
cd $GITHUB_WORKSPACE/../xs-env/NutShell
source ./env.sh
make clean
make emu EMU_SNAPSHOT=1
./build/emu -b 0 -e 0 -i ./ready-to-run/microbench.bin --diff ./ready-to-run/riscv64-nemu-interpreter-so
- name: Difftest with Trace
run: |
cd $GITHUB_WORKSPACE/../xs-env
source ./env.sh
cd $GITHUB_WORKSPACE/../xs-env/NutShell
source ./env.sh
make clean
make emu EMU_TRACE=1
./build/emu -b 10 -e 12 -i ./ready-to-run/microbench.bin --dump-wave --diff ./ready-to-run/riscv64-nemu-interpreter-so
- name: Difftest with two threads
run: |
cd $GITHUB_WORKSPACE/../xs-env
source ./env.sh
cd $GITHUB_WORKSPACE/../xs-env/NutShell
source ./env.sh
make clean
make emu EMU_THREADS=2
./build/emu -b 0 -e 0 -i ./ready-to-run/microbench.bin --diff ./ready-to-run/riscv64-nemu-interpreter-so
- name: Difftest with Verilator Coverage
run: |
cd $GITHUB_WORKSPACE/../xs-env
source ./env.sh
cd $GITHUB_WORKSPACE/../xs-env/NutShell
source ./env.sh
make clean
rm -rf *.coverage
make emu EMU_COVERAGE=1
./build/emu -e 0 -i ./ready-to-run/microbench.bin --diff ./ready-to-run/riscv64-nemu-interpreter-so -C 10000 --dump-coverage
make -C difftest coverage
ls -lh *.coverage
- name: Difftest with DiffTrace
run: |
cd $GITHUB_WORKSPACE/../xs-env
source ./env.sh
cd $GITHUB_WORKSPACE/../xs-env/NutShell
source ./env.sh
make clean
make emu
./build/emu -e 0 -i ./ready-to-run/microbench.bin --diff ./ready-to-run/riscv64-nemu-interpreter-so --dump-difftrace microbench
./build/emu -e 0 -i ./ready-to-run/microbench.bin --diff ./ready-to-run/riscv64-nemu-interpreter-so --load-difftrace microbench
- name: Difftest with Footprints
run: |
cd $GITHUB_WORKSPACE/../xs-env
source ./env.sh
cd $GITHUB_WORKSPACE/../xs-env/NutShell
source ./env.sh
make clean
make emu
./build/emu -e 0 -i ./ready-to-run/microbench.bin --diff ./ready-to-run/riscv64-nemu-interpreter-so --dump-footprints microbench.bin
./build/emu -e 0 -i microbench.bin --diff ./ready-to-run/riscv64-nemu-interpreter-so --as-footprints
- name: Difftest with Coverage-Guided Fuzzer
run: |
git clone https://github.com/OpenXiangShan/riscv-isa-sim.git
export SPIKE_HOME=$(pwd)/riscv-isa-sim
make -C riscv-isa-sim/difftest CPU=NUTSHELL -j2
git clone https://github.com/OpenXiangShan/xfuzz.git
export XFUZZ_HOME=$(pwd)/xfuzz
cargo install cargo-make
cd xfuzz && git submodule update --init && make build-all
cd $GITHUB_WORKSPACE/../xs-env
source ./env.sh
cd $GITHUB_WORKSPACE/../xs-env/NutShell
source ./env.sh
make clean
make emu XFUZZ=1 REF=$SPIKE_HOME/difftest/build/riscv64-spike-so LLVM_COVER=1
./build/fuzzer -v -- ./ready-to-run/microbench.bin -e 0