platform_build_soong/cc/fuzz.go

517 lines
17 KiB
Go

// Copyright 2016 Google Inc. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package cc
import (
"encoding/json"
"path/filepath"
"sort"
"strings"
"android/soong/android"
"android/soong/cc/config"
)
type FuzzConfig struct {
// Email address of people to CC on bugs or contact about this fuzz target.
Cc []string `json:"cc,omitempty"`
// Specify whether to enable continuous fuzzing on devices. Defaults to true.
Fuzz_on_haiku_device *bool `json:"fuzz_on_haiku_device,omitempty"`
// Specify whether to enable continuous fuzzing on host. Defaults to true.
Fuzz_on_haiku_host *bool `json:"fuzz_on_haiku_host,omitempty"`
// Component in Google's bug tracking system that bugs should be filed to.
Componentid *int64 `json:"componentid,omitempty"`
// Hotlists in Google's bug tracking system that bugs should be marked with.
Hotlists []string `json:"hotlists,omitempty"`
}
func (f *FuzzConfig) String() string {
b, err := json.Marshal(f)
if err != nil {
panic(err)
}
return string(b)
}
type FuzzProperties struct {
// Optional list of seed files to be installed to the fuzz target's output
// directory.
Corpus []string `android:"path"`
// Optional list of data files to be installed to the fuzz target's output
// directory. Directory structure relative to the module is preserved.
Data []string `android:"path"`
// Optional dictionary to be installed to the fuzz target's output directory.
Dictionary *string `android:"path"`
// Config for running the target on fuzzing infrastructure.
Fuzz_config *FuzzConfig
}
func init() {
android.RegisterModuleType("cc_fuzz", FuzzFactory)
android.RegisterSingletonType("cc_fuzz_packaging", fuzzPackagingFactory)
}
// cc_fuzz creates a host/device fuzzer binary. Host binaries can be found at
// $ANDROID_HOST_OUT/fuzz/, and device binaries can be found at /data/fuzz on
// your device, or $ANDROID_PRODUCT_OUT/data/fuzz in your build tree.
func FuzzFactory() android.Module {
module := NewFuzz(android.HostAndDeviceSupported)
return module.Init()
}
func NewFuzzInstaller() *baseInstaller {
return NewBaseInstaller("fuzz", "fuzz", InstallInData)
}
type fuzzBinary struct {
*binaryDecorator
*baseCompiler
Properties FuzzProperties
dictionary android.Path
corpus android.Paths
corpusIntermediateDir android.Path
config android.Path
data android.Paths
dataIntermediateDir android.Path
installedSharedDeps []string
}
func (fuzz *fuzzBinary) linkerProps() []interface{} {
props := fuzz.binaryDecorator.linkerProps()
props = append(props, &fuzz.Properties)
return props
}
func (fuzz *fuzzBinary) linkerInit(ctx BaseModuleContext) {
fuzz.binaryDecorator.linkerInit(ctx)
}
func (fuzz *fuzzBinary) linkerDeps(ctx DepsContext, deps Deps) Deps {
deps.StaticLibs = append(deps.StaticLibs,
config.LibFuzzerRuntimeLibrary(ctx.toolchain()))
deps = fuzz.binaryDecorator.linkerDeps(ctx, deps)
return deps
}
func (fuzz *fuzzBinary) linkerFlags(ctx ModuleContext, flags Flags) Flags {
flags = fuzz.binaryDecorator.linkerFlags(ctx, flags)
// RunPaths on devices isn't instantiated by the base linker. `../lib` for
// installed fuzz targets (both host and device), and `./lib` for fuzz
// target packages.
flags.Local.LdFlags = append(flags.Local.LdFlags, `-Wl,-rpath,\$$ORIGIN/../lib`)
flags.Local.LdFlags = append(flags.Local.LdFlags, `-Wl,-rpath,\$$ORIGIN/lib`)
return flags
}
// This function performs a breadth-first search over the provided module's
// dependencies using `visitDirectDeps` to enumerate all shared library
// dependencies. We require breadth-first expansion, as otherwise we may
// incorrectly use the core libraries (sanitizer runtimes, libc, libdl, etc.)
// from a dependency. This may cause issues when dependencies have explicit
// sanitizer tags, as we may get a dependency on an unsanitized libc, etc.
func collectAllSharedDependencies(ctx android.SingletonContext, module android.Module) android.Paths {
var fringe []android.Module
seen := make(map[android.Module]bool)
// Enumerate the first level of dependencies, as we discard all non-library
// modules in the BFS loop below.
ctx.VisitDirectDeps(module, func(dep android.Module) {
if isValidSharedDependency(dep) {
fringe = append(fringe, dep)
}
})
var sharedLibraries android.Paths
for i := 0; i < len(fringe); i++ {
module := fringe[i]
if seen[module] {
continue
}
seen[module] = true
ccModule := module.(*Module)
sharedLibraries = append(sharedLibraries, ccModule.UnstrippedOutputFile())
ctx.VisitDirectDeps(module, func(dep android.Module) {
if isValidSharedDependency(dep) && !seen[dep] {
fringe = append(fringe, dep)
}
})
}
return sharedLibraries
}
// This function takes a module and determines if it is a unique shared library
// that should be installed in the fuzz target output directories. This function
// returns true, unless:
// - The module is not a shared library, or
// - The module is a header, stub, or vendor-linked library.
func isValidSharedDependency(dependency android.Module) bool {
// TODO(b/144090547): We should be parsing these modules using
// ModuleDependencyTag instead of the current brute-force checking.
if linkable, ok := dependency.(LinkableInterface); !ok || // Discard non-linkables.
!linkable.CcLibraryInterface() || !linkable.Shared() || // Discard static libs.
linkable.UseVndk() || // Discard vendor linked libraries.
// Discard stubs libs (only CCLibrary variants). Prebuilt libraries should not
// be excluded on the basis of they're not CCLibrary()'s.
(linkable.CcLibrary() && linkable.BuildStubs()) {
return false
}
// We discarded module stubs libraries above, but the LLNDK prebuilts stubs
// libraries must be handled differently - by looking for the stubDecorator.
// Discard LLNDK prebuilts stubs as well.
if ccLibrary, isCcLibrary := dependency.(*Module); isCcLibrary {
if _, isLLndkStubLibrary := ccLibrary.linker.(*stubDecorator); isLLndkStubLibrary {
return false
}
}
return true
}
func sharedLibraryInstallLocation(
libraryPath android.Path, isHost bool, archString string) string {
installLocation := "$(PRODUCT_OUT)/data"
if isHost {
installLocation = "$(HOST_OUT)"
}
installLocation = filepath.Join(
installLocation, "fuzz", archString, "lib", libraryPath.Base())
return installLocation
}
func (fuzz *fuzzBinary) install(ctx ModuleContext, file android.Path) {
fuzz.binaryDecorator.baseInstaller.dir = filepath.Join(
"fuzz", ctx.Target().Arch.ArchType.String(), ctx.ModuleName())
fuzz.binaryDecorator.baseInstaller.dir64 = filepath.Join(
"fuzz", ctx.Target().Arch.ArchType.String(), ctx.ModuleName())
fuzz.binaryDecorator.baseInstaller.install(ctx, file)
fuzz.corpus = android.PathsForModuleSrc(ctx, fuzz.Properties.Corpus)
builder := android.NewRuleBuilder()
intermediateDir := android.PathForModuleOut(ctx, "corpus")
for _, entry := range fuzz.corpus {
builder.Command().Text("cp").
Input(entry).
Output(intermediateDir.Join(ctx, entry.Base()))
}
builder.Build(pctx, ctx, "copy_corpus", "copy corpus")
fuzz.corpusIntermediateDir = intermediateDir
fuzz.data = android.PathsForModuleSrc(ctx, fuzz.Properties.Data)
builder = android.NewRuleBuilder()
intermediateDir = android.PathForModuleOut(ctx, "data")
for _, entry := range fuzz.data {
builder.Command().Text("cp").
Input(entry).
Output(intermediateDir.Join(ctx, entry.Rel()))
}
builder.Build(pctx, ctx, "copy_data", "copy data")
fuzz.dataIntermediateDir = intermediateDir
if fuzz.Properties.Dictionary != nil {
fuzz.dictionary = android.PathForModuleSrc(ctx, *fuzz.Properties.Dictionary)
if fuzz.dictionary.Ext() != ".dict" {
ctx.PropertyErrorf("dictionary",
"Fuzzer dictionary %q does not have '.dict' extension",
fuzz.dictionary.String())
}
}
if fuzz.Properties.Fuzz_config != nil {
configPath := android.PathForModuleOut(ctx, "config").Join(ctx, "config.json")
ctx.Build(pctx, android.BuildParams{
Rule: android.WriteFile,
Description: "fuzzer infrastructure configuration",
Output: configPath,
Args: map[string]string{
"content": fuzz.Properties.Fuzz_config.String(),
},
})
fuzz.config = configPath
}
// Grab the list of required shared libraries.
seen := make(map[android.Module]bool)
var sharedLibraries android.Paths
ctx.WalkDeps(func(child, parent android.Module) bool {
if seen[child] {
return false
}
seen[child] = true
if isValidSharedDependency(child) {
sharedLibraries = append(sharedLibraries, child.(*Module).UnstrippedOutputFile())
return true
}
return false
})
for _, lib := range sharedLibraries {
fuzz.installedSharedDeps = append(fuzz.installedSharedDeps,
sharedLibraryInstallLocation(
lib, ctx.Host(), ctx.Arch().ArchType.String()))
}
}
func NewFuzz(hod android.HostOrDeviceSupported) *Module {
module, binary := NewBinary(hod)
binary.baseInstaller = NewFuzzInstaller()
module.sanitize.SetSanitizer(fuzzer, true)
fuzz := &fuzzBinary{
binaryDecorator: binary,
baseCompiler: NewBaseCompiler(),
}
module.compiler = fuzz
module.linker = fuzz
module.installer = fuzz
// The fuzzer runtime is not present for darwin host modules, disable cc_fuzz modules when targeting darwin.
android.AddLoadHook(module, func(ctx android.LoadHookContext) {
disableDarwinAndLinuxBionic := struct {
Target struct {
Darwin struct {
Enabled *bool
}
Linux_bionic struct {
Enabled *bool
}
}
}{}
disableDarwinAndLinuxBionic.Target.Darwin.Enabled = BoolPtr(false)
disableDarwinAndLinuxBionic.Target.Linux_bionic.Enabled = BoolPtr(false)
ctx.AppendProperties(&disableDarwinAndLinuxBionic)
})
return module
}
// Responsible for generating GNU Make rules that package fuzz targets into
// their architecture & target/host specific zip file.
type fuzzPackager struct {
packages android.Paths
sharedLibInstallStrings []string
fuzzTargets map[string]bool
}
func fuzzPackagingFactory() android.Singleton {
return &fuzzPackager{}
}
type fileToZip struct {
SourceFilePath android.Path
DestinationPathPrefix string
}
type archOs struct {
hostOrTarget string
arch string
dir string
}
func (s *fuzzPackager) GenerateBuildActions(ctx android.SingletonContext) {
// Map between each architecture + host/device combination, and the files that
// need to be packaged (in the tuple of {source file, destination folder in
// archive}).
archDirs := make(map[archOs][]fileToZip)
// Map tracking whether each shared library has an install rule to avoid duplicate install rules from
// multiple fuzzers that depend on the same shared library.
sharedLibraryInstalled := make(map[string]bool)
// List of individual fuzz targets, so that 'make fuzz' also installs the targets
// to the correct output directories as well.
s.fuzzTargets = make(map[string]bool)
ctx.VisitAllModules(func(module android.Module) {
// Discard non-fuzz targets.
ccModule, ok := module.(*Module)
if !ok {
return
}
fuzzModule, ok := ccModule.compiler.(*fuzzBinary)
if !ok {
return
}
// Discard vendor-NDK-linked + recovery modules, they're duplicates of
// fuzz targets we're going to package anyway.
if !ccModule.Enabled() || ccModule.Properties.PreventInstall ||
ccModule.UseVndk() || ccModule.InRecovery() {
return
}
// Discard modules that are in an unavailable namespace.
if !ccModule.ExportedToMake() {
return
}
s.fuzzTargets[module.Name()] = true
hostOrTargetString := "target"
if ccModule.Host() {
hostOrTargetString = "host"
}
archString := ccModule.Arch().ArchType.String()
archDir := android.PathForIntermediates(ctx, "fuzz", hostOrTargetString, archString)
archOs := archOs{hostOrTarget: hostOrTargetString, arch: archString, dir: archDir.String()}
// Grab the list of required shared libraries.
sharedLibraries := collectAllSharedDependencies(ctx, module)
var files []fileToZip
builder := android.NewRuleBuilder()
// Package the corpora into a zipfile.
if fuzzModule.corpus != nil {
corpusZip := archDir.Join(ctx, module.Name()+"_seed_corpus.zip")
command := builder.Command().BuiltTool(ctx, "soong_zip").
Flag("-j").
FlagWithOutput("-o ", corpusZip)
command.FlagWithRspFileInputList("-l ", fuzzModule.corpus)
files = append(files, fileToZip{corpusZip, ""})
}
// Package the data into a zipfile.
if fuzzModule.data != nil {
dataZip := archDir.Join(ctx, module.Name()+"_data.zip")
command := builder.Command().BuiltTool(ctx, "soong_zip").
FlagWithOutput("-o ", dataZip)
for _, f := range fuzzModule.data {
intermediateDir := strings.TrimSuffix(f.String(), f.Rel())
command.FlagWithArg("-C ", intermediateDir)
command.FlagWithInput("-f ", f)
}
files = append(files, fileToZip{dataZip, ""})
}
// Find and mark all the transiently-dependent shared libraries for
// packaging.
for _, library := range sharedLibraries {
files = append(files, fileToZip{library, "lib"})
// For each architecture-specific shared library dependency, we need to
// install it to the output directory. Setup the install destination here,
// which will be used by $(copy-many-files) in the Make backend.
installDestination := sharedLibraryInstallLocation(
library, ccModule.Host(), archString)
if sharedLibraryInstalled[installDestination] {
continue
}
sharedLibraryInstalled[installDestination] = true
// Escape all the variables, as the install destination here will be called
// via. $(eval) in Make.
installDestination = strings.ReplaceAll(
installDestination, "$", "$$")
s.sharedLibInstallStrings = append(s.sharedLibInstallStrings,
library.String()+":"+installDestination)
}
// The executable.
files = append(files, fileToZip{ccModule.UnstrippedOutputFile(), ""})
// The dictionary.
if fuzzModule.dictionary != nil {
files = append(files, fileToZip{fuzzModule.dictionary, ""})
}
// Additional fuzz config.
if fuzzModule.config != nil {
files = append(files, fileToZip{fuzzModule.config, ""})
}
fuzzZip := archDir.Join(ctx, module.Name()+".zip")
command := builder.Command().BuiltTool(ctx, "soong_zip").
Flag("-j").
FlagWithOutput("-o ", fuzzZip)
for _, file := range files {
if file.DestinationPathPrefix != "" {
command.FlagWithArg("-P ", file.DestinationPathPrefix)
} else {
command.Flag("-P ''")
}
command.FlagWithInput("-f ", file.SourceFilePath)
}
builder.Build(pctx, ctx, "create-"+fuzzZip.String(),
"Package "+module.Name()+" for "+archString+"-"+hostOrTargetString)
archDirs[archOs] = append(archDirs[archOs], fileToZip{fuzzZip, ""})
})
var archOsList []archOs
for archOs := range archDirs {
archOsList = append(archOsList, archOs)
}
sort.Slice(archOsList, func(i, j int) bool { return archOsList[i].dir < archOsList[j].dir })
for _, archOs := range archOsList {
filesToZip := archDirs[archOs]
arch := archOs.arch
hostOrTarget := archOs.hostOrTarget
builder := android.NewRuleBuilder()
outputFile := android.PathForOutput(ctx, "fuzz-"+hostOrTarget+"-"+arch+".zip")
s.packages = append(s.packages, outputFile)
command := builder.Command().BuiltTool(ctx, "soong_zip").
Flag("-j").
FlagWithOutput("-o ", outputFile).
Flag("-L 0") // No need to try and re-compress the zipfiles.
for _, fileToZip := range filesToZip {
if fileToZip.DestinationPathPrefix != "" {
command.FlagWithArg("-P ", fileToZip.DestinationPathPrefix)
} else {
command.Flag("-P ''")
}
command.FlagWithInput("-f ", fileToZip.SourceFilePath)
}
builder.Build(pctx, ctx, "create-fuzz-package-"+arch+"-"+hostOrTarget,
"Create fuzz target packages for "+arch+"-"+hostOrTarget)
}
}
func (s *fuzzPackager) MakeVars(ctx android.MakeVarsContext) {
packages := s.packages.Strings()
sort.Strings(packages)
sort.Strings(s.sharedLibInstallStrings)
// TODO(mitchp): Migrate this to use MakeVarsContext::DistForGoal() when it's
// ready to handle phony targets created in Soong. In the meantime, this
// exports the phony 'fuzz' target and dependencies on packages to
// core/main.mk so that we can use dist-for-goals.
ctx.Strict("SOONG_FUZZ_PACKAGING_ARCH_MODULES", strings.Join(packages, " "))
ctx.Strict("FUZZ_TARGET_SHARED_DEPS_INSTALL_PAIRS",
strings.Join(s.sharedLibInstallStrings, " "))
// Preallocate the slice of fuzz targets to minimise memory allocations.
fuzzTargets := make([]string, 0, len(s.fuzzTargets))
for target, _ := range s.fuzzTargets {
fuzzTargets = append(fuzzTargets, target)
}
sort.Strings(fuzzTargets)
ctx.Strict("ALL_FUZZ_TARGETS", strings.Join(fuzzTargets, " "))
}