Commit Graph

27 Commits

Author SHA1 Message Date
hamzeh 3478a0d8a0 Adding capability to granular disable of fuzzer
This change is to add granularity for disabling
of the fuzzer from running on host, device or both.

Bug: 145824604
Test: make haiku successfully completes after change
Change-Id: I686b439e36c622108f7b5b3e3f4738b8295320a7
2019-12-18 13:58:59 -08:00
Tri Vo ad172d88b6 cc_fuzz: add "data" field
"data" field specifies data dependencies that will be installed in
fuzzer's output directory.

"data" behaves similar to "corpus", except "data" preserves directory
structure, e.g.

    data: ["foo/bar.txt"]

is installed into

    $OUT/data/fuzz/<arch>/<target>/data/foo/bar.txt

Test: build a fuzzer with data depenency, check data is installed
correctly
Change-Id: Ia1255026278435181b6d93f91f8f9ad39c96d07f
2019-12-05 14:45:51 -08:00
Mitch Phillips 6a9bf214f9 Fix cc_fuzz ignoring soong namespaces.
cc_fuzz ignored soong namespaces, and built all cc_fuzz modules into the
architecture package. This caused naming conflicts where two modules had
the same name but were in different namespaces.

Now, cc_fuzz will only build modules that are in the same namespace as
the product definition - resolving the duplicate definitions error.

Bug: 145240569
Test: m haiku
Change-Id: I0a0acd139426301586ac5e3aba8ce5527cb7a1b5
2019-12-05 09:38:56 -08:00
Colin Cross dc809f9bc5 Make fuzz rules reproducible
Use lists instead of maps to make the order and contents of fuzz
packaging rules reproducible.

Test: m nothing; touch Android.bp; m nothing
Change-Id: Id11323f7528e594370c391bfe82eb7367bc1bcd5
2019-11-21 11:03:23 -08:00
Mitch Phillips 1f7f54f441 Add $$ORIGIN/lib to rpath for fuzz targets.
RPATH needs to be set to traverse the local directory's lib folder for
fuzz target packages.

Bug: N/A
Test: m fuzz
Change-Id: Idea4f04ce4c55315df7e808de5b2b4f06a88d82a
2019-11-14 15:08:59 -08:00
Mitch Phillips f50bddb790 Prebuilt shared libraries should be collected for fuzz targets.
Currently, prebuilt shared libraries fail the linkable.CcLibrary()
check, as the module returned by NewPrebuiltSharedLibrary uses a
prebuiltLibraryLinker as the module.linker, rather than a
libraryDecorator (which is the check by CcLibrary()).

We also need to ensure that we discard LLNDK stubs libraries, so we
manually categorise and discard them as well. They unfortunately are are
cc.Modules that aren't CcLibraries, as they use a custom linker object
as well (stubDecorator).

Fixes: 144415986
Test: m fuzz
Change-Id: I3b85ef66d1602cb8c035a0a90bddf30674e2eb71
2019-11-14 11:02:50 -08:00
Mitch Phillips 2edbe8e6ed Package fuzz targets into zipfiles, then coalesce.
Instead of writing all fuzz target files into a huge zipfile (by number
of entries), we instead write each fuzz target and its files to a
zipfile, then coalesce them into a big zipfile.

This should simplify the repackager significantly, as no unzipping and
repackaging should be needed (just renaming).

This also solves b/144418402, where we are very close to hitting the
POSIX args limit on the soong_zip command for the device fuzz package,
due to the line length generated by all the entries in the huge zipfile.

Fixes: 144418402
Test: make fuzz
Change-Id: I89797e1bea2691ff4a33a227306f2f9083d8af6e
2019-11-14 08:14:24 -08:00
Mitch Phillips 13ed3f5e34 'm fuzz' shared lib package should be per-fuzzer.
Change the ClusterFuzz package built by 'make fuzz' to now package
shared libraries per-fuzz target.

Changes documented in go/proposed-clusterfuzz-package

This has the impact of:
 - This package is much easier to post-process in the Haiku export
 cronjob.
 - Shared libraries are now per-fuzz-target. This means that we will
 have some level of duplication (libdl, libc, libc++, libclang_rt.*,
 etc.) as these libraries will be in multiple fuzz target's dirs.

This *only* affects the fuzz-$target-$arch.zip file, not the fuzz targets in
$ANDROID_HOST_OUT/fuzz or $ANDROID_PRODUCT_OUT/data/fuzz. These two
install directories still use the global shared libraries in order to
preserve space on devices.

Bug: 144360679
Test: m fuzz
Change-Id: I5f19a13070e01d2d39598f9f215a983b398a9f37
2019-11-12 11:12:10 -08:00
Mitch Phillips 0553ba356e Sort fuzz target dependencies to avoid rebuilds.
Some fuzz target dependencies are generated at Soong-time in a
nondeterministic fashion. When these are interpreted by Make, they may
cause rebuilds due to being in a different order.

Ensure that the dependencies are always sorted, which should avoid
triggering unnecessary rebuilds.

Bug: 144250431
Test: make <module> && make <module>, ensure no rebuild.
Change-Id: I44edc1a3bb3f57be3e3f093f765241b41928fa4d
2019-11-11 07:46:58 -08:00
Mitch Phillips e1ee1a1297 Soong frontend for shared library fuzzing.
Additional context (for Googlers): go/android-fuzzing-shared

This patch adds the Soong frontend for shared library fuzzing. We
traverse dependencies at soong install time to find all transient shared
libraries that $module depends on. We then ask the Make backend to
depend on the shared library.

We also create the source:destination mappings between where the shared
libraries are built to where they should be installed to for fuzzing.
This is then depended on by the Make backend.

Bug: N/A
Test: m fuzz, note the contents of $ANDROID_PRODUCT_OUT/data/fuzz/lib,
and out/soong/fuzz-target-*.zip now has shared libraries.

Change-Id: Id7afbd34bc9c055110af96cd3c668b730d404aee
2019-11-08 08:48:13 -08:00
Kris Alder db97af4a4b change output file extension (config.txt -> config.json)
This is causing some build errors because the config.json file isn't
associated with a rule (because the rule looks for .txt).

Test: ran locally, checked output directory
Bug: 142551000
Change-Id: Idcdb226fa2d23055a8850b2a0545202921edc3b1
2019-10-30 20:58:54 +00:00
Mitch Phillips d5bd5773e3 Use unstripped binaries in fuzz target packaging.
Unstripped binaries allow for online symbolization, and offline
symbolization using the debug info in the binary. Debug information
isn't stripped for host binaries, but is for target. Target should also
contain debugging info.

Bug: N/A
Test: m fuzz && # Check that fuzz targets in the fuzz-*.zip package have
debug info.

Change-Id: Ibd3002674d519e927340a50dfdfbf44f2d809d58
2019-10-29 17:04:22 -07:00
Ivan Lozano 765fe7a501 Merge changes Ia7deed13,I7378a46f
* changes:
  Add support for Rust C libraries.
  Add a common interface for cc linkable libraries.
2019-10-29 21:47:14 +00:00
Ivan Lozano 52767be335 Add support for Rust C libraries.
Adds the ability for rust modules to be compiled as C libraries, and
allows cc modules to depend on these rust-generated modules. This also
means that soong-rust should not have any dependencies on soong-cc aside
from what's required for testing.

There's a couple small fixes included as well:

 - A bug in libNameFromFilePath that caused issues when library's had
 "lib" in their name.
 - VariantName is removed from rust library MutatedProperties since this
 was unused.

Bug: 140726209
Test: Soong tests pass.
Test: Example cc_binary can include a rust shared library as a dep.
Test: m crosvm.experimental
Change-Id: Ia7deed1345d2423001089014cc65ce7934123da4
2019-10-28 22:09:01 -07:00
Kris Alder f979ee3873 add additional fields to cc_fuzz build types
Specifically, this adds:
* Owner
* Disable (stop fuzzer from running in Haiku)
* Bug Component
* Bug Hotlist

The fields are all inside a new 'options' struct.

The values from these fields (if any) are written into a config file as
json.

Bug: 142551000
Test: ran locally with a modified build file and verified output in .zip
Change-Id: I86edf74c2cebe9912ac0ad203f99028be4062c8b
2019-10-28 16:15:50 -07:00
Mitch Phillips 8a2bc0b9fd Re-plumb fuzz corpora.
Re-plumb the fuzz corpora through an intermediates directory.
Previously, due to the way that LOCAL_TEST_DATA is implemented, we would
break when corpora were included:
 a) outside of a corpus/ directory, or
 b) not directly under the module directory (i.e. my_module/subdir/corpus)

Corpora are now written into an intermediates directory so that they
play nice with LOCAL_TEST_DATA, because unfortunately the key-value pair
required there is not as simple as source:destination.

Test: m example_fuzzer && ls \
$ANDROID_PRODUCT_OUT/data/fuzz/arm64/example_fuzzer/corpus
Bug: N/A

Change-Id: I5888b06ed349781c6712f1ae77cc3582283a9552
2019-10-17 16:11:00 -07:00
Treehugger Robot 959a3ffbda Merge "Fuzz corpus entries should not go in a subdirectory." 2019-10-16 21:09:59 +00:00
Mitch Phillips 302f964aa0 Do not link libc++.so statically on device.
If fuzzer coverage sanitized shared libraries are not deployed - we shouldn't
break users during dynamic link time. I need to think more about how we
should solve this problem in earnest, but for now let's just disable
static linkage of libc++ on device.

Bug: 142671952
Test: Cherrypick ag/9550833 and ag/9544155, make and run the fuzz target
there.

Change-Id: I39dfd6ba314e7a610ef3f0b30f35383a5e3a1e4b
2019-10-14 18:35:17 -07:00
Mitch Phillips 641575ad41 Fuzz corpus entries should not go in a subdirectory.
Corpus files called 'FOO' incorrectly go into a subdirectory in the
exported zipfile, e.g.:
my_fuzzer/corpus/FOO/FOO

This patch removes that extra, unnecessary intermediate directory,
e.g.:
my_fuzzer/corpus/FOO

Bug: 142432347
Test: m fuzz && unzip -l out/soong/fuzz-host-x86_64.zip
Change-Id: Id23d4dd2d8322a8ad0234f8acb6878ea4dc3c6e4
2019-10-09 17:34:42 -07:00
Mitch Phillips a0a5e19140 Move fuzz phony to be make-defined, and add to dist.
Add the fuzz packages to dist. This requires that the phony for 'make'
be define in make itself, rather than in Soong. See comments on other
patch in topic for more information.

Bug: 141026328
Test: m fuzz dist

Change-Id: I4cd476adcfa42e4b40911c4a32427a7b00c67cc3
2019-09-30 10:36:11 -07:00
Mitch Phillips d3254b4899 Add 'make fuzz' build rule.
Adds the `make fuzz` build rule. This offers a few features on top of
`make haiku`:
 1. Identifies all fuzz targets through the build system, rather than
 having to maintain a golden file.
 2. Packages now exist in out/soong/ and are packaged on a per-architecture
 basis. Packages also now contain fuzzer seed corpus && dictionary.
 3. This gives us further extension options:
  - Packaging shared libraries for shared library fuzzing.
  - Presubmit tests for fuzzing. Each fuzz target could be made into a
  regression test by adding the crash testcase to the corpus. We can
  also ensure that example_fuzzer finds a bug with an ASan report as a
  presubmit smoke test.

Bug: 141026328
Test: m fuzz && unzip -l out/soong/fuzz-$ARCH.zip

Change-Id: I7aaad616d6b194a3beaf908241a9817df9dfdce1
2019-09-24 20:48:00 -07:00
Mitch Phillips 4e4ab8a141 Add corpus and dictionary properties to cc_fuzz.
Adds the corpus and dictionary properties to the cc_fuzz target.
Propagates these entries to the makefile backend via LOCAL_FUZZ_DATA, in
a similar manner to LOCAL_TEST_DATA.

Bug: 141026328
Test: m example_fuzzer, fuzz target should have adjacent corpus/dict
files.

Change-Id: If5add5a597cc479f4e084bdafbd0fc175cfd6321
2019-09-18 18:55:27 -07:00
Mitch Phillips 4de896e1ef Add i386 host fuzzing support w/ cc_fuzz.
Adds the host fuzzing support back for 32-bit x86 targets, now that the
toolchain has been updated to export this library.

Bug: 133261679
Test: `m example_fuzzer` on a 32-bit target/cross
Change-Id: I28285d531a53eebd28c9e1b733035be48696b48f
2019-09-05 13:34:44 -07:00
Mitch Phillips d0bd16d9d1 [cc_fuzz] Statically link libcxx.
Statically links libcxx in order to not require shared library
deployment during packing of fuzz targets.

Test: m example_fuzzer && ldd $ANDROID_HOST_OUT/fuzz/example_fuzzer.
Note that the ldd results don't include libc++.so.
Bug: 139880425

Change-Id: I86d1945768de53217d54cb762392c20714494416
2019-08-23 11:27:08 -07:00
Alex Light 71123ec1bc Disable linux_bionic fuzzers
fuzzers require linking to libclang_rt which does not support
linux_bionic. Therefore always disable this target.

Test: ./art/tools/build_linux_bionic_tests.sh
Bug: 138307504
Bug: 118058804
Change-Id: I12816f302d32d5ee846f90c62814744ae35c49bb
2019-07-24 21:13:05 +00:00
Colin Cross eec9b286b0 Disable cc_fuzz darwin host modules
The fuzzer runtime is not present for darwin host modules, disable
cc_fuzz modules when targeting darwin.

Test: m on darwin
Change-Id: I9da319e00e36c3e0a5912329de7890a6409f1a55
2019-07-18 16:23:45 -07:00
Mitch Phillips da9a463794 Add the cc_fuzz target.
Adds the cc_fuzz target via a cc_fuzz module. Also implements the
libclang runtime interface for the x86 toolchain to allow host-built
fuzzers.

Bug: 133261679
Bug: 137398545

Test: Build a fuzzer (with all topic patches), notice that you now
have a host-built fuzzer :)

Change-Id: I7fa069603415f40b3f12a002c253fca6e2aa1988
2019-07-16 16:30:53 -07:00