forked from openkylin/platform_build
Fix fuzzer builds.
- Updates the fuzzer builds to use SANITIZE_TARGET='fuzzer' instead of 'coverage'. - Removed an old dependency that made fuzzer builds without ASan an error. - Fixed up the build flags to allow fuzzers to be built. Previously, the coverage flags were manually provided. As the toolchain has moved on, these flags are no longer compatible with libFuzzer, and so I've updated them to use the correct, compatible flags. Bug: 121042685 Test: With all patches in the bug merged, build a fuzzer using 'SANITIZE_TARGET=fuzzer mmma <your_fuzzer>'. Change-Id: I86e6a26d27c22b3622cf6ea8760f502f607df6f0
This commit is contained in:
parent
96ba044c94
commit
ee8f4a0ada
|
@ -235,12 +235,17 @@ ifneq ($(filter default-ub,$(my_sanitize)),)
|
||||||
my_sanitize := $(CLANG_DEFAULT_UB_CHECKS)
|
my_sanitize := $(CLANG_DEFAULT_UB_CHECKS)
|
||||||
endif
|
endif
|
||||||
|
|
||||||
ifneq ($(filter coverage,$(my_sanitize)),)
|
ifneq ($(filter fuzzer,$(my_sanitize)),)
|
||||||
ifeq ($(filter address,$(my_sanitize)),)
|
# SANITIZE_TARGET='fuzzer' actually means to create the fuzzer coverage
|
||||||
$(error $(LOCAL_PATH): $(LOCAL_MODULE): Use of 'coverage' also requires 'address')
|
# information, not to link against the fuzzer main().
|
||||||
endif
|
my_sanitize := $(filter-out fuzzer,$(my_sanitize))
|
||||||
my_cflags += -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp
|
my_sanitize += fuzzer-no-link
|
||||||
my_sanitize := $(filter-out coverage,$(my_sanitize))
|
|
||||||
|
# TODO(b/131771163): Disable LTO for fuzzer builds. Note that Cfi causes
|
||||||
|
# dependency on LTO.
|
||||||
|
my_sanitize := $(filter-out cfi,$(my_sanitize))
|
||||||
|
my_cflags += -fno-lto
|
||||||
|
my_ldflags += -fno-lto
|
||||||
endif
|
endif
|
||||||
|
|
||||||
ifneq ($(filter integer_overflow,$(my_sanitize)),)
|
ifneq ($(filter integer_overflow,$(my_sanitize)),)
|
||||||
|
@ -280,7 +285,12 @@ ifneq ($(my_sanitize),)
|
||||||
my_cflags += -fsanitize=$(fsanitize_arg)
|
my_cflags += -fsanitize=$(fsanitize_arg)
|
||||||
my_asflags += -fsanitize=$(fsanitize_arg)
|
my_asflags += -fsanitize=$(fsanitize_arg)
|
||||||
|
|
||||||
ifdef LOCAL_IS_HOST_MODULE
|
# When fuzzing, we wish to crash with diagnostics on any bug.
|
||||||
|
ifneq ($(filter fuzzer-no-link,$(my_sanitize)),)
|
||||||
|
my_cflags += -fno-sanitize-trap=all
|
||||||
|
my_cflags += -fno-sanitize-recover=all
|
||||||
|
my_ldflags += -fsanitize=fuzzer-no-link
|
||||||
|
else ifdef LOCAL_IS_HOST_MODULE
|
||||||
my_cflags += -fno-sanitize-recover=all
|
my_cflags += -fno-sanitize-recover=all
|
||||||
my_ldflags += -fsanitize=$(fsanitize_arg)
|
my_ldflags += -fsanitize=$(fsanitize_arg)
|
||||||
else
|
else
|
||||||
|
@ -378,7 +388,7 @@ ifeq ($(LOCAL_IS_HOST_MODULE)$(LOCAL_IS_AUX_MODULE),)
|
||||||
ifneq ($(filter unsigned-integer-overflow signed-integer-overflow integer,$(my_sanitize)),)
|
ifneq ($(filter unsigned-integer-overflow signed-integer-overflow integer,$(my_sanitize)),)
|
||||||
ifeq ($(filter unsigned-integer-overflow signed-integer-overflow integer,$(my_sanitize_diag)),)
|
ifeq ($(filter unsigned-integer-overflow signed-integer-overflow integer,$(my_sanitize_diag)),)
|
||||||
ifeq ($(filter cfi,$(my_sanitize_diag)),)
|
ifeq ($(filter cfi,$(my_sanitize_diag)),)
|
||||||
ifeq ($(filter address hwaddress,$(my_sanitize)),)
|
ifeq ($(filter address hwaddress fuzzer-no-link,$(my_sanitize)),)
|
||||||
my_cflags += -fsanitize-minimal-runtime
|
my_cflags += -fsanitize-minimal-runtime
|
||||||
my_cflags += -fno-sanitize-trap=integer
|
my_cflags += -fno-sanitize-trap=integer
|
||||||
my_cflags += -fno-sanitize-recover=integer
|
my_cflags += -fno-sanitize-recover=integer
|
||||||
|
|
|
@ -15,8 +15,7 @@ else ifdef TARGET_FUZZ_ENGINE
|
||||||
my_fuzzer:=$(TARGET_FUZZ_ENGINE)
|
my_fuzzer:=$(TARGET_FUZZ_ENGINE)
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
LOCAL_SANITIZE += fuzzer
|
||||||
LOCAL_CFLAGS += -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp
|
|
||||||
|
|
||||||
ifeq ($(my_fuzzer),libFuzzer)
|
ifeq ($(my_fuzzer),libFuzzer)
|
||||||
LOCAL_STATIC_LIBRARIES += libFuzzer
|
LOCAL_STATIC_LIBRARIES += libFuzzer
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
################################################
|
################################################
|
||||||
$(call record-module-type,HOST_FUZZ_TEST)
|
$(call record-module-type,HOST_FUZZ_TEST)
|
||||||
|
|
||||||
LOCAL_CFLAGS += -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp
|
LOCAL_SANITIZE += fuzzer
|
||||||
LOCAL_STATIC_LIBRARIES += libLLVMFuzzer
|
LOCAL_STATIC_LIBRARIES += libLLVMFuzzer
|
||||||
|
|
||||||
include $(BUILD_HOST_EXECUTABLE)
|
include $(BUILD_HOST_EXECUTABLE)
|
||||||
|
|
Loading…
Reference in New Issue