Build a self-contained Docker image for fuzzing OSS-Fuzz projects with FuzzBench fuzzing engines.

infra/build/functions/fuzzbench.py

@@ -46,7 +46,47 @@ def get_env(project, build):
   return env
 
 
-def get_build_fuzzers_step(fuzzing_engine, project, env, build):
+def get_env_dict(env):
+  """Converts a list of environment strings to a dictionary."""
+  env_dict = {}
+  for item in env:
+    item_list = item.split("=")
+    env_dict[item_list[0]] = item_list[1]
+  return env_dict
+
+
+def get_fuzzbench_setup_steps():
+  """Returns the build steps required to set up fuzzbench on oss-fuzz-on-demand
+  build."""
+  fuzzbench_setup_steps = [
+      {
+          'args': [
+              'clone', 'https://github.com/google/fuzzbench', '--depth', '1',
+              FUZZBENCH_PATH
+          ],
+          'name': 'gcr.io/cloud-builders/git',
+          'volumes': [{
+              'name': 'fuzzbench_path',
+              'path': FUZZBENCH_PATH,
+          }],
+      },
+      {
+          'name': 'gcr.io/cloud-builders/docker',
+          'args': ['pull', 'gcr.io/oss-fuzz-base/base-builder-fuzzbench']
+      },
+      {  # TODO(metzman): Don't overwrite base-builder
+          'name':
+              'gcr.io/cloud-builders/docker',
+          'args': [
+              'tag', 'gcr.io/oss-fuzz-base/base-builder-fuzzbench',
+              'gcr.io/oss-fuzz-base/base-builder'
+          ]
+      },
+  ]
+  return fuzzbench_setup_steps
+
+
+def get_build_fuzzers_steps(fuzzing_engine, project, env, build):
   """Returns the build_fuzzers step to build |project| with |fuzzing_engine|,
   for fuzzbench/oss-fuzz-on-demand."""
   steps = []
@@ -70,6 +110,7 @@ def get_build_fuzzers_step(fuzzing_engine, project, env, build):
       },
   ]
   steps.append(engine_step)
+
   compile_project_step = {
       'name':
           get_engine_project_image(fuzzing_engine, project),
@@ -86,11 +127,76 @@ def get_build_fuzzers_step(fuzzing_engine, project, env, build):
           # `cd /src && cd {workdir}` (where {workdir} is parsed from the
           # Dockerfile). Container Builder overrides our workdir so we need
           # to add this step to set it back.
-          (f'ls /fuzzbench && rm -r /out && cd /src && cd {project.workdir} && '
+          (f'rm -r /out && cd /src && cd {project.workdir} && '
            f'mkdir -p {build.out} && compile'),
       ],
   }
   steps.append(compile_project_step)
+
+  return steps
+
+
+def get_build_and_push_ood_image_steps(fuzzing_engine, project, env, build):
+  """Returns the build steps to create and push the oss-fuzz-on-demand
+  self-contained image."""
+  steps = []
+
+  copy_runtime_essential_files_step = {
+      'name':
+          get_engine_project_image(fuzzing_engine, project),
+      'env':
+          env,
+      'volumes': [{
+          'name': 'fuzzbench_path',
+          'path': FUZZBENCH_PATH,
+      }],
+      'args': [
+          'bash', '-c', 'cp /usr/local/bin/fuzzbench_run_fuzzer '
+          '/workspace/fuzzbench_run_fuzzer.sh  && '
+          f'cp -r {FUZZBENCH_PATH} /workspace && ls /workspace'
+      ],
+  }
+  steps.append(copy_runtime_essential_files_step)
+
+  runtime_image_tag = f'us-central1-docker.pkg.dev/oss-fuzz/unsafe/ood/{fuzzing_engine}/{project.name}'
+  fuzzer_runtime_dockerfile_path = os.path.join('/workspace' + FUZZBENCH_PATH,
+                                                'fuzzers', fuzzing_engine,
+                                                'runner.Dockerfile')
+  build_runtime_step = {
+      'name':
+          'gcr.io/cloud-builders/docker',
+      'args': [
+          'build', '--tag', runtime_image_tag, '--file',
+          fuzzer_runtime_dockerfile_path,
+          os.path.join('/workspace' + FUZZBENCH_PATH, 'fuzzers')
+      ]
+  },
+  steps.append(build_runtime_step)
+
+  env_dict = get_env_dict(env)
+  oss_fuzz_on_demand_dockerfile_path = "/workspace/oss-fuzz/infra/build/functions/ood.Dockerfile"
+  build_out_path_without_workspace = build.out[10:]
+  build_ood_image_step = {
+      'name':
+          'gcr.io/cloud-builders/docker',
+      'args': [
+          'build', '--tag', runtime_image_tag, '--file',
+          oss_fuzz_on_demand_dockerfile_path, '--build-arg',
+          f'runtime_image={runtime_image_tag}', '--build-arg',
+          f'BUILD_OUT_PATH={build_out_path_without_workspace}', '--build-arg',
+          f'FUZZING_ENGINE={env_dict["FUZZING_ENGINE"]}', '--build-arg',
+          f'FUZZBENCH_PATH={FUZZBENCH_PATH}', '--build-arg',
+          f'BENCHMARK={env_dict["BENCHMARK"]}', '/workspace'
+      ]
+  }
+  steps.append(build_ood_image_step)
+
+  push_ood_image_step = {
+      'name': 'gcr.io/cloud-builders/docker',
+      'args': ['push', runtime_image_tag]
+  }
+  steps.append(push_ood_image_step)
+
   return steps
 
 
@@ -109,31 +215,7 @@ def get_build_steps(  # pylint: disable=too-many-locals, too-many-arguments
                                 upload=config.upload,
                                 fuzzing_engine=config.fuzzing_engine)
 
-  steps = [
-      {
-          'args': [
-              'clone', 'https://github.com/google/fuzzbench', '--depth', '1',
-              FUZZBENCH_PATH
-          ],
-          'name': 'gcr.io/cloud-builders/git',
-          'volumes': [{
-              'name': 'fuzzbench_path',
-              'path': FUZZBENCH_PATH,
-          }],
-      },
-      {
-          'name': 'gcr.io/cloud-builders/docker',
-          'args': ['pull', 'gcr.io/oss-fuzz-base/base-builder-fuzzbench']
-      },
-      {  # TODO(metzman): Don't overwrite base-builder
-          'name':
-              'gcr.io/cloud-builders/docker',
-          'args': [
-              'tag', 'gcr.io/oss-fuzz-base/base-builder-fuzzbench',
-              'gcr.io/oss-fuzz-base/base-builder'
-          ]
-      },
-  ]
+  steps = get_fuzzbench_setup_steps()
 
   steps += build_lib.get_project_image_steps(project.name,
                                              project.image,
@@ -143,25 +225,11 @@ def get_build_steps(  # pylint: disable=too-many-locals, too-many-arguments
   build = build_project.Build(config.fuzzing_engine, 'address', 'x86_64')
   env = get_env(project, build)
 
-  steps += get_build_fuzzers_step(config.fuzzing_engine, project, env, build)
+  steps += get_build_fuzzers_steps(config.fuzzing_engine, project, env, build)
+
+  steps += get_build_and_push_ood_image_steps(config.fuzzing_engine, project,
+                                              env, build)
 
-  run_fuzzer_step = {
-      'name':
-          get_engine_project_image(config.fuzzing_engine, project),
-      'env':
-          env,
-      'volumes': [{
-          'name': 'fuzzbench_path',
-          'path': FUZZBENCH_PATH,
-      }],
-      'args': [
-          'bash',
-          '-c',
-          (f'ls /fuzzbench && cd {build.out} && ls {build.out} && '
-           'fuzzbench_run_fuzzer'),
-      ],
-  }
-  steps.append(run_fuzzer_step)
   return steps
 
 
@@ -172,4 +240,4 @@ def main():
 
 
 if __name__ == '__main__':
-  sys.exit(main())
+  sys.exit(main())

infra/build/functions/ood.Dockerfile

@@ -0,0 +1,38 @@
+#!/usr/bin/env python3
+#
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+ARG runtime_image
+FROM $runtime_image
+
+ARG BUILD_OUT_PATH
+ARG FUZZING_ENGINE
+ARG FUZZBENCH_PATH
+ARG BENCHMARK
+
+RUN mkdir -p /ood
+RUN mkdir -p /ood$FUZZBENCH_PATH
+
+COPY ./fuzzbench_run_fuzzer.sh /ood
+COPY .$BUILD_OUT_PATH /ood
+COPY .$FUZZBENCH_PATH /ood$FUZZBENCH_PATH
+
+ENV OUT=/ood
+ENV FUZZING_ENGINE=$FUZZING_ENGINE
+ENV FUZZBENCH_PATH=/ood$FUZZBENCH_PATH
+ENV BENCHMARK=$BENCHMARK
+
+CMD ["bash", "-c", "/ood/fuzzbench_run_fuzzer.sh"]