add regression testing tasks (#664)

src/integration-tests/git-bisect/README.md

@@ -0,0 +1,21 @@
+# git-bisect regression source
+
+This assumes you have a working clang with libfuzzer, bash, and git.
+
+This makes a git repo `test` with 9 commits.  Each commit after the first adds a bug.
+
+* `commit 0` has no bugs.
+* `commit 1` will additionally cause an abort if the input is `1`.
+* `commit 2` will additionally cause an abort if the input is `2`.
+* `commit 3` will additionally cause an abort if the input is `3`.
+* etc.
+
+This directory provides exemplar scripts that demonstrate how to perform
+ `git bisect` with libfuzzer.
+
+ * [run-local.sh](run-local.sh) builds & runs the libfuzzer target locally.  It uses [src/bisect-local.sh](src/bisect-local.sh) as the `git bisect run` command.
+ * [run-onefuzz.sh](run-onefuzz.sh) builds the libfuzzer target locally, but uses OneFuzz to run the regression tasks.  It uses [src/bisect-onefuzz.sh](src/bisect-onefuzz.sh) as the `git bisect run` command.
+
+With each project having their own unique paradigm for building, this model
+allows plugging OneFuzz as a `bisect` command in whatever fashion your
+project requires.

src/integration-tests/git-bisect/build.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+set -e
+
+rm -rf test
+
+git init test
+(cd test; git config user.name "Example"; git config user.email example@contoso.com)
+(cp src/Makefile test; cd test; git add Makefile)
+for i in $(seq 0 8); do
+    cp src/fuzz.c test/fuzz.c
+    for j in $(seq $i 8); do
+        if [ $i != $j ]; then
+            sed -i /TEST$j/d test/fuzz.c
+        fi
+    done
+    (cd test; git add fuzz.c; git commit -m "commit $i")
+done

src/integration-tests/git-bisect/run-local.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -e
+
+# build our git repo with our samples in `test`
+# (note, we don't care about the output of this script)
+./build.sh 2>/dev/null > /dev/null
+
+# create our crashing input
+echo -n '3' > test/test.txt
+
+cd test
+
+# start the bisect, looking from HEAD backwards 8 commits
+git bisect start HEAD HEAD~8 --
+git bisect run ../src/bisect-local.sh test.txt
+git bisect reset

src/integration-tests/git-bisect/run-onefuzz.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -e
+
+# build our git repo with our samples in `test`
+# (note, we don't care about the output of this script)
+./build.sh 2>/dev/null > /dev/null
+
+# create our crashing input
+echo -n '3' > test/test.txt
+
+cd test
+
+# start the bisect, looking from HEAD backwards 8 commits
+git bisect start HEAD HEAD~8 --
+git bisect run ../src/bisect-onefuzz.sh test.txt
+git bisect reset

src/integration-tests/git-bisect/src/Makefile

@@ -0,0 +1,13 @@
+CC=clang
+
+CFLAGS=-g3 -fsanitize=fuzzer -fsanitize=address
+
+all: fuzz.exe
+
+fuzz.exe: fuzz.c
+	$(CC) $(CFLAGS) fuzz.c -o fuzz.exe
+
+.PHONY: clean
+
+clean:
+	@rm -f fuzz.exe

src/integration-tests/git-bisect/src/bisect-local.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -ex
+
+make clean
+make
+./fuzz.exe $*

src/integration-tests/git-bisect/src/bisect-onefuzz.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -e
+
+PROJECT=${PROJECT:-regression-test}
+TARGET=${TARGET:-$(uuidgen)}
+BUILD=regression-$(git rev-parse HEAD)
+POOL=${ONEFUZZ_POOL:-linux}
+
+make clean
+make
+onefuzz template regression libfuzzer ${PROJECT} ${TARGET} ${BUILD} ${POOL} --check_regressions --delete_input_container --reports --crashes $*

src/integration-tests/git-bisect/src/fuzz.c

@@ -0,0 +1,13 @@
+#include <stdlib.h>
+int LLVMFuzzerTestOneInput(char *data, size_t len) { 
+   if (len != 1) { return 0; }  
+   if (data[0] == '1') { abort(); } // TEST1
+   if (data[0] == '2') { abort(); } // TEST2
+   if (data[0] == '3') { abort(); } // TEST3
+   if (data[0] == '4') { abort(); } // TEST4
+   if (data[0] == '5') { abort(); } // TEST5
+   if (data[0] == '6') { abort(); } // TEST6
+   if (data[0] == '7') { abort(); } // TEST7
+   if (data[0] == '8') { abort(); } // TEST8
+   return 0;
+}