tarantool: support luzer-based testing

cd infra/base-images/base-runner/
sudo docker build -f ubuntu-24-04.Dockerfile -t gcr.io/oss-fuzz-base/base-runner:ubuntu-24-04 .

sudo python infra/helper.py build_fuzzers tarantool
sudo python infra/helper.py check_build tarantool decimal_new_test
sudo python infra/helper.py run_fuzzer tarantool decimal_new_test

/tmp/not-out/tmpl_6fepn3/tarantool: error while loading shared libraries: libncurses.so.6: cannot open shared object file: No such file or directory

Depends on google#13929
Depends on ligurio/luzer#74

Author: ligurio

infra/base-images/base-runner/ubuntu-20-04.Dockerfile

@@ -117,6 +117,8 @@ COPY --from=base-ruby /usr/local/bin/gem /usr/local/bin/gem
 COPY --from=base-ruby /usr/local/lib/ruby /usr/local/lib/ruby
 COPY --from=base-ruby /usr/local/include/ruby-3.3.0 /usr/local/include/ruby-3.3.0
 
+RUN apt-get update && apt-get install -y luarocks
+
 # Do this last to make developing these files easier/faster due to caching.
 COPY bad_build_check \
     coverage \

infra/base-images/base-runner/ubuntu-24-04.Dockerfile

@@ -117,6 +117,8 @@ COPY --from=base-ruby /usr/local/bin/gem /usr/local/bin/gem
 COPY --from=base-ruby /usr/local/lib/ruby /usr/local/lib/ruby
 COPY --from=base-ruby /usr/local/include/ruby-3.3.0 /usr/local/include/ruby-3.3.0
 
+RUN apt-get update && apt-get install -y luarocks
+
 # Do this last to make developing these files easier/faster due to caching.
 COPY bad_build_check \
     coverage \

projects/tarantool/Dockerfile

@@ -22,11 +22,12 @@ RUN apt-get update && apt-get install -y \
 	libunwind-dev luajit wget ninja-build \
 	libzstd-dev libyaml-dev libcurl4-openssl-dev
 
-RUN git clone --jobs $(nproc) --recursive https://github.com/tarantool/tarantool
+RUN git clone --branch ligurio/gh-12097-support-oss-fuzz --jobs $(nproc) --recursive https://github.com/ligurio/tarantool
 WORKDIR $SRC/tarantool
 
 # Download a seed corpus.
-RUN rm -rf test/static
-RUN git clone https://github.com/ligurio/tarantool-corpus test/static
+# RUN rm -rf test/static
+# RUN git clone https://github.com/ligurio/tarantool-corpus test/static
 
 COPY build.sh $SRC/
+COPY compile_lua_fuzzer $SRC/

projects/tarantool/build.sh

@@ -49,6 +49,7 @@ fi
 
 cmake_args=(
     # Specific to Tarantool
+    -DBUILD_STATIC=ON
     -DENABLE_BACKTRACE=OFF
     -DENABLE_FUZZER=ON
     -DOSS_FUZZ=ON
@@ -82,18 +83,22 @@ cmake_args=(
 
 # To deal with a host filesystem from inside of container.
 git config --global --add safe.directory '*'
+git pull --rebase
+
+# Required by luzer and tarantool.
+export OSS_FUZZ=1
 
 # Build the project and fuzzers.
 [[ -e build ]] && rm -rf build
 cmake "${cmake_args[@]}" -S . -B build
-cmake --build build --target fuzzers --parallel --verbose
+cmake --build build --parallel --verbose --target tarantool --target fuzzers
 
 # Archive and copy to $OUT seed corpus if the build succeeded.
 # Postfix `_fuzzer` is used in Tarantool, postfix `_test` is
 # used in Lua C API tests [1].
 #
 # 1. https://github.com/ligurio/lua-c-api-tests/
-cp test/static/*.dict test/static/*.options $OUT/
+# cp test/static/*.dict test/static/*.options $OUT/
 for f in $(find build/test/fuzz/ \( -name '*_fuzzer' -o -name '*_test' \) -type f);
 do
   name=$(basename $f);
@@ -105,3 +110,36 @@ do
     zip --quiet -j $OUT/"$name"_seed_corpus.zip $corpus_dir/*
   fi
 done
+
+# Finish execution if libFuzzer is not used, because luzer
+# is libFuzzer-based.
+if [[ "$FUZZING_ENGINE" != libfuzzer ]]; then
+  return
+fi
+
+apt install -y cmake luarocks liblua5.1-0 liblua5.1-0-dev liblua5.1-0-dbg lua5.1
+
+luarocks install --lua-version 5.1 --server=https://luarocks.org/dev --tree=lua_modules luzer
+
+LUA_RUNTIME_NAME=tarantool
+TARANTOOL_PATH=build/src/$LUA_RUNTIME_NAME
+
+for f in $(find test/fuzz/lua -name '*_test.lua' -type f);
+do
+  $SRC/compile_lua_fuzzer $LUA_RUNTIME_NAME $(basename $f)
+  cp $f "$OUT/"
+done
+
+$SRC/compile_lua_fuzzer $LUA_RUNTIME_NAME test/fuzz/lua/test_engine.lua
+cp test/fuzz/lua/test_engine.lua "$OUT/"
+
+# ./test/fuzz/lua-tests/src/tests/lapi/math_atan_test.lua
+for f in $(find build/test/fuzz -name '*_test.lua' -type f);
+do
+  $SRC/compile_lua_fuzzer $LUA_RUNTIME_NAME $(basename $f)
+  cp $f "$OUT/"
+done
+cp build/test/fuzz/lua-tests/src/tests/lapi/lib.lua "$OUT"
+
+cp $TARANTOOL_PATH "$OUT/$LUA_RUNTIME_NAME"
+cp -R lua_modules "$OUT/"

projects/tarantool/compile_lua_fuzzer

@@ -0,0 +1,36 @@
+#!/bin/bash -eu
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# The Lua runtime name.
+lua_runtime=$1
+# Path to the fuzz target source file relative to the project's root.
+fuzz_target=$2
+
+fuzzer_basename=$(basename -s .lua "$fuzz_target")
+
+# Create an execution wrapper that executes luzer with the correct
+# arguments.
+echo "#!/bin/bash
+
+# LLVMFuzzerTestOneInput so that the wrapper script is recognized
+# as a fuzz target for 'check_build'.
+project_dir=\$(dirname \"\$0\")
+eval \$(luarocks --lua-version 5.1 --tree lua_modules path)
+ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$project_dir/llvm-symbolizer:detect_leaks=0 \
+\$project_dir/$lua_runtime \$project_dir/$fuzz_target \$@" > "$OUT/$fuzzer_basename"
+
+chmod +x "$OUT/$fuzzer_basename"