tarantool: support luzer-based testing

ligurio · ligurio · commit 7e7f8be5ee5d · 2026-01-21T14:10:34.000+03:00
Depends on google#13929 Depends on ligurio/luzer#73 Depends on ligurio/luzer#74 Depends on ligurio/luzer#76 Depends on ligurio/luzer#78 Depends on ligurio/lunapark#163 Depends on tarantool/tarantool#12097
diff --git a/projects/tarantool/Dockerfile b/projects/tarantool/Dockerfile
@@ -30,3 +30,4 @@ RUN rm -rf test/static
 RUN git clone https://github.com/ligurio/tarantool-corpus test/static
 
 COPY build.sh $SRC/
+COPY compile_lua_fuzzer $SRC/
diff --git a/projects/tarantool/build.sh b/projects/tarantool/build.sh
@@ -47,16 +47,25 @@ fi
 : ${LD:="${CXX}"}
 : ${LDFLAGS:="${CXXFLAGS}"}  # to make sure we link with sanitizer runtime
 
+FUZZER_ARGS=""
+if [[ "$FUZZING_ENGINE" == libfuzzer ]]; then
+  FUZZER_ARGS="-DENABLE_LIBFUZZER_STATIC_LINKAGE=ON"
+fi
+
 cmake_args=(
     # Specific to Tarantool
-    -DENABLE_BACKTRACE=OFF
+    # Tarantool executable binary is needed for running Lua tests,
+    # it should not have any dependencies.
+    -DBUILD_STATIC=ON
+    -DENABLE_BACKTRACE=ON
     -DENABLE_FUZZER=ON
     -DOSS_FUZZ=ON
     -DLUA_USE_APICHECK=ON
     -DLUA_USE_ASSERT=ON
     -DLUAJIT_USE_SYSMALLOC=ON
     -DLUAJIT_ENABLE_GC64=ON
     $SANITIZERS_ARGS
+    $FUZZER_ARGS
 
     -DCMAKE_BUILD_TYPE=Debug
 
@@ -76,7 +85,7 @@ cmake_args=(
 
     # Dependencies
     -DENABLE_BUNDLED_ICU=ON
-    -DENABLE_BUNDLED_LIBUNWIND=OFF
+    -DENABLE_BUNDLED_LIBUNWIND=ON
     -DENABLE_BUNDLED_ZSTD=OFF
 )
 
@@ -90,7 +99,7 @@ cmake --build build --target fuzzers --parallel --verbose
 
 # Archive and copy to $OUT seed corpus if the build succeeded.
 # Postfix `_fuzzer` is used in Tarantool, postfix `_test` is
-# used in Lua C API tests [1].
+# used in additional tests [1].
 #
 # 1. https://github.com/ligurio/lunapark
 cp test/static/*.dict test/static/*.options $OUT/
@@ -105,3 +114,45 @@ do
     zip --quiet -j $OUT/"$name"_seed_corpus.zip $corpus_dir/*
   fi
 done
+
+# Finish execution if libFuzzer is not used, because luzer
+# is libFuzzer-based.
+# UndefinedBehaviorSanitizer is not supported,
+# see https://github.com/tarantool/tarantool/issues/12216.
+if [[ "$FUZZING_ENGINE" != libfuzzer ]] ||
+   [[ "$SANITIZER" == "undefined" ]]; then
+  exit
+fi
+
+# Tarantool binary is required for running luzer-based tests.
+# Beware, tarantool binary is linked with libFuzzer statically
+# when CMake options ENABLE_LIBFUZZER_STATIC_LINKAGE and
+# ENABLE_FUZZER are passed, the linkage can fail
+# when other fuzzing engine is used due to symbols conflict,
+# see FUZZING_ENGINE environment variable.
+cmake --build build --target tarantool --parallel --verbose
+
+LUA_RUNTIME_NAME=tarantool
+TARANTOOL_PATH=build/src/$LUA_RUNTIME_NAME
+LUA_MODULES_DIR=lua_modules
+
+apt install -y luarocks liblua5.1-0 liblua5.1-0-dev liblua5.1-0-dbg lua5.1
+
+# Required by luzer installed using luarocks.
+export OSS_FUZZ=1
+luarocks install --lua-version 5.1 --server=https://luarocks.org/dev --tree=$LUA_MODULES_DIR luzer
+unset OSS_FUZZ
+
+cp build/test/fuzz/lua-tests/src/tests/lapi/lib.lua "$OUT"
+LUZER_TEST_DIR="build/luzer_tests"
+# Copying luzer-based tests to a $LUZER_TEST_DIR.
+cmake --build build --parallel --verbose --target copy_tests
+# Generating test wrappers for luzer-based tests.
+for test_file in $(find $LUZER_TEST_DIR -name "*.lua" -type f);
+do
+  "$SRC/compile_lua_fuzzer" "$LUA_RUNTIME_NAME" $(basename "$test_file")
+  cp "$test_file" "$OUT/"
+done
+
+cp $TARANTOOL_PATH "$OUT/$LUA_RUNTIME_NAME"
+cp -R $LUA_MODULES_DIR "$OUT/"
diff --git a/projects/tarantool/compile_lua_fuzzer b/projects/tarantool/compile_lua_fuzzer
@@ -0,0 +1,36 @@
+#!/bin/bash -eu
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# The Lua runtime name.
+lua_runtime=$1
+# Path to the fuzz target source file relative to the project's root.
+fuzz_target=$2
+
+fuzzer_basename=$(basename -s .lua "$fuzz_target")
+
+# Create an execution wrapper that executes luzer with the correct
+# arguments.
+echo "#!/bin/bash
+
+# LLVMFuzzerTestOneInput so that the wrapper script is recognized
+# as a fuzz target for 'check_build'.
+project_dir=\$(dirname \"\$0\")
+eval \$(luarocks --lua-version 5.1 --tree lua_modules path)
+ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$project_dir/llvm-symbolizer:detect_leaks=0 \
+\$project_dir/$lua_runtime \$project_dir/$fuzz_target \$@" > "$OUT/$fuzzer_basename"
+
+chmod +x "$OUT/$fuzzer_basename"

Original file line number	Diff line number	Diff line change
`@@ -30,3 +30,4 @@ RUN rm -rf test/static`
`30`	`30`	`RUN git clone https://github.com/ligurio/tarantool-corpus test/static`
`31`	`31`
`32`	`32`	`COPY build.sh $SRC/`
	`33`	`+COPY compile_lua_fuzzer $SRC/`