# Copyright (c) Microsoft Corporation. All rights reserved. # Licensed under the MIT License. # Check that the options are properly set for # the fuzzing project if (onnxruntime_FUZZ_ENABLED) message(STATUS "Building dependency protobuf-mutator and libfuzzer") # set the options used to control the protobuf-mutator build set(PROTOBUF_LIBRARIES ${PROTOBUF_LIB}) set(LIB_PROTO_MUTATOR_TESTING OFF) # include the protobuf-mutator CMakeLists.txt rather than the projects CMakeLists.txt to avoid target clashes # with google test add_subdirectory("external/libprotobuf-mutator/src") # add the appropriate include directory and compilation flags # needed by the protobuf-mutator target and the libfuzzer set(PROTOBUF_MUT_INCLUDE_DIRS "external/libprotobuf-mutator") onnxruntime_add_include_to_target(protobuf-mutator ${PROTOBUF_LIB}) onnxruntime_add_include_to_target(protobuf-mutator-libfuzzer ${PROTOBUF_LIB}) target_include_directories(protobuf-mutator PRIVATE ${INCLUDE_DIRECTORIES} ${PROTOBUF_MUT_INCLUDE_DIRS}) target_include_directories(protobuf-mutator-libfuzzer PRIVATE ${INCLUDE_DIRECTORIES} ${PROTOBUF_MUT_INCLUDE_DIRS}) if (CMAKE_CXX_COMPILER_ID STREQUAL "MSVC") # MSVC-specific compiler options target_compile_options(protobuf-mutator PRIVATE "/wd4244" "/wd4245" "/wd4267" "/wd4100" "/wd4456") target_compile_options(protobuf-mutator-libfuzzer PRIVATE "/wd4146" "/wd4267") else() # Linux-specific compiler options target_compile_options(protobuf-mutator PRIVATE -Wno-shorten-64-to-32 -Wno-conversion -Wno-sign-compare -Wno-unused-parameter -Wno-shadow -Wno-unused -fexceptions ) target_compile_options(protobuf-mutator-libfuzzer PRIVATE -Wno-shorten-64-to-32 -Wno-conversion -Wno-unused -fexceptions ) endif() # add Fuzzing Engine Build Configuration message(STATUS "Building Fuzzing engine") # set Fuzz root directory set(SEC_FUZZ_ROOT ${TEST_SRC_DIR}/fuzzing) # Security fuzzing engine src file reference set(SEC_FUZ_SRC "${SEC_FUZZ_ROOT}/src/BetaDistribution.cpp" "${SEC_FUZZ_ROOT}/src/OnnxPrediction.cpp" "${SEC_FUZZ_ROOT}/src/testlog.cpp" "${SEC_FUZZ_ROOT}/src/test.cpp") # compile the executables onnxruntime_add_executable(onnxruntime_security_fuzz ${SEC_FUZ_SRC}) # compile with c++17 target_compile_features(onnxruntime_security_fuzz PUBLIC cxx_std_17) # Security fuzzing engine header file reference onnxruntime_add_include_to_target(onnxruntime_security_fuzz onnx onnxruntime) # Assign all include to one variable set(SEC_FUZ_INC "${SEC_FUZZ_ROOT}/include") set(INCLUDE_FILES ${SEC_FUZ_INC} "$") # add all these include directory to the Fuzzing engine target_include_directories(onnxruntime_security_fuzz PRIVATE ${INCLUDE_FILES}) # add link libraries to the project target_link_libraries(onnxruntime_security_fuzz onnx_proto onnxruntime protobuf-mutator ${PROTOBUF_LIB}) # add the dependencies add_dependencies(onnxruntime_security_fuzz onnx_proto onnxruntime protobuf-mutator ${PROTOBUF_LIB}) # copy the shared libraries (DLLs on Windows, SOs on Linux) to the execution directory add_custom_command(TARGET onnxruntime_security_fuzz POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy_if_different $ $ COMMAND ${CMAKE_COMMAND} -E copy_if_different $ $) if (CMAKE_CXX_COMPILER_ID STREQUAL "Clang") # Add a second fuzzer that uses libFuzzer in fuzzer/libfuzzer message(STATUS "Building libProtoBufFuzzer-based fuzzer") # Set source files for the libFuzzer set(LIBFUZZER_SRC "${SEC_FUZZ_ROOT}/src/OnnxPrediction.cpp" "${SEC_FUZZ_ROOT}/src/testlog.cpp" "${SEC_FUZZ_ROOT}/ort_libfuzzer/OrtProtoLibfuzzer.cpp") # Compile the libFuzzer-based fuzzer onnxruntime_add_executable(onnxruntime_proto_libfuzzer ${LIBFUZZER_SRC}) # Security fuzzing engine header file reference onnxruntime_add_include_to_target(onnxruntime_proto_libfuzzer onnx onnxruntime) # Set include directories for libFuzzer target_include_directories(onnxruntime_proto_libfuzzer PRIVATE ${INCLUDE_FILES}) # Add link libraries for libFuzzer target_link_libraries(onnxruntime_proto_libfuzzer onnx_proto onnxruntime protobuf-mutator protobuf-mutator-libfuzzer -fsanitize=fuzzer,address ${PROTOBUF_LIB}) # Add the dependencies for libFuzzer add_dependencies(onnxruntime_proto_libfuzzer onnx_proto onnxruntime protobuf-mutator protobuf-mutator-libfuzzer ${PROTOBUF_LIB}) # Copy shared libraries for libFuzzer add_custom_command(TARGET onnxruntime_proto_libfuzzer POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy_if_different $ $ COMMAND ${CMAKE_COMMAND} -E copy_if_different $ $) # Add a second fuzzer that uses libFuzzer in fuzzer/libfuzzer message(STATUS "Building libBufFuzzer-based fuzzer") # Set source files for the libFuzzer set(LIBFUZZER_SRC "${SEC_FUZZ_ROOT}/src/OnnxPrediction.cpp" "${SEC_FUZZ_ROOT}/src/testlog.cpp" "${SEC_FUZZ_ROOT}/ort_libfuzzer/OrtLibfuzzer.cpp") # Compile the libFuzzer-based fuzzer onnxruntime_add_executable(onnxruntime_libfuzzer_fuzz ${LIBFUZZER_SRC}) # Security fuzzing engine header file reference onnxruntime_add_include_to_target(onnxruntime_libfuzzer_fuzz onnx onnxruntime) # Set include directories for libFuzzer target_compile_definitions(onnxruntime_libfuzzer_fuzz PRIVATE GOOGLE_PROTOBUF_NO_LOGGING=1) target_include_directories(onnxruntime_libfuzzer_fuzz PRIVATE ${INCLUDE_FILES}) # Add link libraries for libFuzzer target_link_libraries(onnxruntime_libfuzzer_fuzz onnx_proto onnxruntime protobuf-mutator protobuf-mutator-libfuzzer -fsanitize=fuzzer,address ${PROTOBUF_LIB}) # Add the dependencies for libFuzzer add_dependencies(onnxruntime_libfuzzer_fuzz onnx_proto onnxruntime protobuf-mutator protobuf-mutator-libfuzzer ${PROTOBUF_LIB}) # Copy shared libraries for libFuzzer add_custom_command(TARGET onnxruntime_libfuzzer_fuzz POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy_if_different $ $ COMMAND ${CMAKE_COMMAND} -E copy_if_different $ $) endif() endif()