From ee8f4a0adabd0a188cd9baca582864bf61794f46 Mon Sep 17 00:00:00 2001 From: Mitch Phillips Date: Wed, 1 May 2019 14:37:33 -0700 Subject: [PATCH] Fix fuzzer builds. - Updates the fuzzer builds to use SANITIZE_TARGET='fuzzer' instead of 'coverage'. - Removed an old dependency that made fuzzer builds without ASan an error. - Fixed up the build flags to allow fuzzers to be built. Previously, the coverage flags were manually provided. As the toolchain has moved on, these flags are no longer compatible with libFuzzer, and so I've updated them to use the correct, compatible flags. Bug: 121042685 Test: With all patches in the bug merged, build a fuzzer using 'SANITIZE_TARGET=fuzzer mmma '. Change-Id: I86e6a26d27c22b3622cf6ea8760f502f607df6f0 --- core/config_sanitizers.mk | 26 ++++++++++++++++++-------- core/fuzz_test.mk | 3 +-- core/host_fuzz_test.mk | 2 +- 3 files changed, 20 insertions(+), 11 deletions(-) diff --git a/core/config_sanitizers.mk b/core/config_sanitizers.mk index d3adee5ae..ebce00bc3 100644 --- a/core/config_sanitizers.mk +++ b/core/config_sanitizers.mk @@ -235,12 +235,17 @@ ifneq ($(filter default-ub,$(my_sanitize)),) my_sanitize := $(CLANG_DEFAULT_UB_CHECKS) endif -ifneq ($(filter coverage,$(my_sanitize)),) - ifeq ($(filter address,$(my_sanitize)),) - $(error $(LOCAL_PATH): $(LOCAL_MODULE): Use of 'coverage' also requires 'address') - endif - my_cflags += -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp - my_sanitize := $(filter-out coverage,$(my_sanitize)) +ifneq ($(filter fuzzer,$(my_sanitize)),) + # SANITIZE_TARGET='fuzzer' actually means to create the fuzzer coverage + # information, not to link against the fuzzer main(). + my_sanitize := $(filter-out fuzzer,$(my_sanitize)) + my_sanitize += fuzzer-no-link + + # TODO(b/131771163): Disable LTO for fuzzer builds. Note that Cfi causes + # dependency on LTO. + my_sanitize := $(filter-out cfi,$(my_sanitize)) + my_cflags += -fno-lto + my_ldflags += -fno-lto endif ifneq ($(filter integer_overflow,$(my_sanitize)),) @@ -280,7 +285,12 @@ ifneq ($(my_sanitize),) my_cflags += -fsanitize=$(fsanitize_arg) my_asflags += -fsanitize=$(fsanitize_arg) - ifdef LOCAL_IS_HOST_MODULE + # When fuzzing, we wish to crash with diagnostics on any bug. + ifneq ($(filter fuzzer-no-link,$(my_sanitize)),) + my_cflags += -fno-sanitize-trap=all + my_cflags += -fno-sanitize-recover=all + my_ldflags += -fsanitize=fuzzer-no-link + else ifdef LOCAL_IS_HOST_MODULE my_cflags += -fno-sanitize-recover=all my_ldflags += -fsanitize=$(fsanitize_arg) else @@ -378,7 +388,7 @@ ifeq ($(LOCAL_IS_HOST_MODULE)$(LOCAL_IS_AUX_MODULE),) ifneq ($(filter unsigned-integer-overflow signed-integer-overflow integer,$(my_sanitize)),) ifeq ($(filter unsigned-integer-overflow signed-integer-overflow integer,$(my_sanitize_diag)),) ifeq ($(filter cfi,$(my_sanitize_diag)),) - ifeq ($(filter address hwaddress,$(my_sanitize)),) + ifeq ($(filter address hwaddress fuzzer-no-link,$(my_sanitize)),) my_cflags += -fsanitize-minimal-runtime my_cflags += -fno-sanitize-trap=integer my_cflags += -fno-sanitize-recover=integer diff --git a/core/fuzz_test.mk b/core/fuzz_test.mk index 2cc2e2c6d..f5bdef014 100644 --- a/core/fuzz_test.mk +++ b/core/fuzz_test.mk @@ -15,8 +15,7 @@ else ifdef TARGET_FUZZ_ENGINE my_fuzzer:=$(TARGET_FUZZ_ENGINE) endif - -LOCAL_CFLAGS += -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp +LOCAL_SANITIZE += fuzzer ifeq ($(my_fuzzer),libFuzzer) LOCAL_STATIC_LIBRARIES += libFuzzer diff --git a/core/host_fuzz_test.mk b/core/host_fuzz_test.mk index 556e02f20..54c6577fd 100644 --- a/core/host_fuzz_test.mk +++ b/core/host_fuzz_test.mk @@ -4,7 +4,7 @@ ################################################ $(call record-module-type,HOST_FUZZ_TEST) -LOCAL_CFLAGS += -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp +LOCAL_SANITIZE += fuzzer LOCAL_STATIC_LIBRARIES += libLLVMFuzzer include $(BUILD_HOST_EXECUTABLE)