Add the cc_fuzz target.

Adds the cc_fuzz target via a cc_fuzz module. Also implements the libclang runtime interface for the x86 toolchain to allow host-built fuzzers. Bug: 133261679 Bug: 137398545 Test: Build a fuzzer (with all topic patches), notice that you now have a host-built fuzzer :) Change-Id: I7fa069603415f40b3f12a002c253fca6e2aa1988
2019-07-15 09:34:09 -07:00 · 2019-07-15 09:34:09 -07:00 · da9a463794
parent b940a1499b
commit da9a463794
6 changed files with 171 additions and 0 deletions
--- a/Android.bp
+++ b/Android.bp
@ -177,6 +177,7 @@ bootstrap_go_package {
        "cc/linker.go",

        "cc/binary.go",
+        "cc/fuzz.go",
        "cc/library.go",
        "cc/object.go",
        "cc/test.go",
--- a/cc/cc_test.go
+++ b/cc/cc_test.go
@ -2264,6 +2264,19 @@ func TestStaticDepsOrderWithStubs(t *testing.T) {
 	}
 }

+// Simple smoke test for the cc_fuzz target that ensures the rule compiles
+// correctly.
+func TestFuzzTarget(t *testing.T) {
+	ctx := testCc(t, `
+		cc_fuzz {
+			name: "fuzz_smoke_test",
+			srcs: ["foo.c"],
+		}`)
+
+	variant := "android_arm64_armv8-a_core"
+	ctx.ModuleForTests("fuzz_smoke_test", variant).Rule("cc")
+}
+
 func assertString(t *testing.T, got, expected string) {
 	t.Helper()
 	if got != expected {
--- a/cc/config/toolchain.go
+++ b/cc/config/toolchain.go
@ -181,6 +181,9 @@ func LibclangRuntimeLibrary(t Toolchain, library string) string {
 	if arch == "" {
 		return ""
 	}
+	if !t.Bionic() {
+		return "libclang_rt." + library + "-" + arch
+	}
 	return "libclang_rt." + library + "-" + arch + "-android"
 }

@ -224,6 +227,10 @@ func ScudoMinimalRuntimeLibrary(t Toolchain) string {
 	return LibclangRuntimeLibrary(t, "scudo_minimal")
 }

+func LibFuzzerRuntimeLibrary(t Toolchain) string {
+	return LibclangRuntimeLibrary(t, "fuzzer")
+}
+
 func ToolPath(t Toolchain) string {
 	if p := t.ToolPath(); p != "" {
 		return p
--- a/cc/config/x86_linux_host.go
+++ b/cc/config/x86_linux_host.go
@ -233,6 +233,14 @@ func (t *toolchainLinuxX8664) YasmFlags() string {
 	return "${config.LinuxX8664YasmFlags}"
 }

+func (toolchainLinuxX86) LibclangRuntimeLibraryArch() string {
+	return "i686"
+}
+
+func (toolchainLinuxX8664) LibclangRuntimeLibraryArch() string {
+	return "x86_64"
+}
+
 func (t *toolchainLinux) AvailableLibraries() []string {
 	return linuxAvailableLibraries
 }
--- a/cc/fuzz.go
+++ b/cc/fuzz.go
@ -0,0 +1,106 @@
+// Copyright 2016 Google Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cc
+
+import (
+	"android/soong/android"
+	"android/soong/cc/config"
+)
+
+func init() {
+	android.RegisterModuleType("cc_fuzz", FuzzFactory)
+}
+
+// cc_fuzz creates a host/device fuzzer binary. Host binaries can be found at
+// $ANDROID_HOST_OUT/fuzz/, and device binaries can be found at /data/fuzz on
+// your device, or $ANDROID_PRODUCT_OUT/data/fuzz in your build tree.
+func FuzzFactory() android.Module {
+	module := NewFuzz(android.HostAndDeviceSupported)
+	return module.Init()
+}
+
+func NewFuzzInstaller() *baseInstaller {
+	return NewBaseInstaller("fuzz", "fuzz", InstallInData)
+}
+
+type fuzzBinary struct {
+	*binaryDecorator
+	*baseCompiler
+}
+
+func (fuzz *fuzzBinary) linkerProps() []interface{} {
+	props := fuzz.binaryDecorator.linkerProps()
+	return props
+}
+
+func (fuzz *fuzzBinary) linkerInit(ctx BaseModuleContext) {
+	// Add ../lib[64] to rpath so that out/host/linux-x86/fuzz/<fuzzer> can
+	// find out/host/linux-x86/lib[64]/library.so
+	runpaths := []string{"../lib"}
+	for _, runpath := range runpaths {
+		if ctx.toolchain().Is64Bit() {
+			runpath += "64"
+		}
+		fuzz.binaryDecorator.baseLinker.dynamicProperties.RunPaths = append(
+			fuzz.binaryDecorator.baseLinker.dynamicProperties.RunPaths, runpath)
+	}
+
+	// add "" to rpath so that fuzzer binaries can find libraries in their own fuzz directory
+	fuzz.binaryDecorator.baseLinker.dynamicProperties.RunPaths = append(
+		fuzz.binaryDecorator.baseLinker.dynamicProperties.RunPaths, "")
+
+	fuzz.binaryDecorator.linkerInit(ctx)
+}
+
+func (fuzz *fuzzBinary) linkerDeps(ctx DepsContext, deps Deps) Deps {
+	deps.StaticLibs = append(deps.StaticLibs,
+		config.LibFuzzerRuntimeLibrary(ctx.toolchain()))
+	deps = fuzz.binaryDecorator.linkerDeps(ctx, deps)
+	return deps
+}
+
+func (fuzz *fuzzBinary) linkerFlags(ctx ModuleContext, flags Flags) Flags {
+	flags = fuzz.binaryDecorator.linkerFlags(ctx, flags)
+	return flags
+}
+
+func (fuzz *fuzzBinary) install(ctx ModuleContext, file android.Path) {
+	fuzz.binaryDecorator.baseInstaller.dir = "fuzz"
+	fuzz.binaryDecorator.baseInstaller.dir64 = "fuzz"
+	fuzz.binaryDecorator.baseInstaller.install(ctx, file)
+}
+
+func NewFuzz(hod android.HostOrDeviceSupported) *Module {
+	module, binary := NewBinary(hod)
+
+	// TODO(mitchp): The toolchain does not currently export the x86 (32-bit)
+	// variant of libFuzzer for host. There is no way to only disable the host
+	// 32-bit variant, so we specify cc_fuzz targets as 64-bit only. This doesn't
+	// hurt anyone, as cc_fuzz is mostly for experimental targets as of this
+	// moment.
+	module.multilib = "64"
+
+	binary.baseInstaller = NewFuzzInstaller()
+	module.sanitize.SetSanitizer(fuzzer, true)
+
+	fuzz := &fuzzBinary{
+		binaryDecorator: binary,
+		baseCompiler:    NewBaseCompiler(),
+	}
+	module.compiler = fuzz
+	module.linker = fuzz
+	module.installer = fuzz
+	return module
+}
--- a/cc/testing.go
+++ b/cc/testing.go
@ -62,6 +62,41 @@ func GatherRequiredDepsForTest(os android.OsType) string {
 			src: "",
 		}

+		toolchain_library {
+			name: "libclang_rt.fuzzer-arm-android",
+			vendor_available: true,
+			recovery_available: true,
+			src: "",
+		}
+
+		toolchain_library {
+			name: "libclang_rt.fuzzer-aarch64-android",
+			vendor_available: true,
+			recovery_available: true,
+			src: "",
+		}
+
+		toolchain_library {
+			name: "libclang_rt.fuzzer-i686-android",
+			vendor_available: true,
+			recovery_available: true,
+			src: "",
+		}
+
+		toolchain_library {
+			name: "libclang_rt.fuzzer-x86_64-android",
+			vendor_available: true,
+			recovery_available: true,
+			src: "",
+		}
+
+		toolchain_library {
+			name: "libclang_rt.fuzzer-x86_64",
+			vendor_available: true,
+			recovery_available: true,
+			src: "",
+		}
+
 		toolchain_library {
 			name: "libgcc",
 			vendor_available: true,
@ -196,6 +231,7 @@ func CreateTestContext(bp string, fs map[string][]byte,
 	ctx := android.NewTestArchContext()
 	ctx.RegisterModuleType("cc_binary", android.ModuleFactoryAdaptor(BinaryFactory))
 	ctx.RegisterModuleType("cc_binary_host", android.ModuleFactoryAdaptor(binaryHostFactory))
+	ctx.RegisterModuleType("cc_fuzz", android.ModuleFactoryAdaptor(FuzzFactory))
 	ctx.RegisterModuleType("cc_library", android.ModuleFactoryAdaptor(LibraryFactory))
 	ctx.RegisterModuleType("cc_library_shared", android.ModuleFactoryAdaptor(LibrarySharedFactory))
 	ctx.RegisterModuleType("cc_library_static", android.ModuleFactoryAdaptor(LibraryStaticFactory))