Fix fuzzer builds.

- Updates the fuzzer builds to use SANITIZE_TARGET='fuzzer' instead of 'coverage'. - Removed an old dependency that made fuzzer builds without ASan an error. - Fixed up the build flags to allow fuzzers to be built. Previously, the coverage flags were manually provided. As the toolchain has moved on, these flags are no longer compatible with libFuzzer, and so I've updated them to use the correct, compatible flags. Bug: 121042685 Test: With all patches in the bug merged, build a fuzzer using 'SANITIZE_TARGET=fuzzer mmma <your_fuzzer>'. Change-Id: I86e6a26d27c22b3622cf6ea8760f502f607df6f0
5 years ago · ee8f4a0ada
parent 96ba044c94
commit ee8f4a0ada
3 changed files with 20 additions and 11 deletions
--- a/core/config_sanitizers.mk
+++ b/core/config_sanitizers.mk
@ -235,12 +235,17 @@ ifneq ($(filter default-ub,$(my_sanitize)),)
  my_sanitize := $(CLANG_DEFAULT_UB_CHECKS)
 endif

-ifneq ($(filter coverage,$(my_sanitize)),)
-  ifeq ($(filter address,$(my_sanitize)),)
-    $(error $(LOCAL_PATH): $(LOCAL_MODULE): Use of 'coverage' also requires 'address')
-  endif
-  my_cflags += -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp
-  my_sanitize := $(filter-out coverage,$(my_sanitize))
+ifneq ($(filter fuzzer,$(my_sanitize)),)
+  # SANITIZE_TARGET='fuzzer' actually means to create the fuzzer coverage
+  # information, not to link against the fuzzer main().
+  my_sanitize := $(filter-out fuzzer,$(my_sanitize))
+  my_sanitize += fuzzer-no-link
+
+  # TODO(b/131771163): Disable LTO for fuzzer builds. Note that Cfi causes
+  # dependency on LTO.
+  my_sanitize := $(filter-out cfi,$(my_sanitize))
+  my_cflags += -fno-lto
+  my_ldflags += -fno-lto
 endif

 ifneq ($(filter integer_overflow,$(my_sanitize)),)
@ -280,7 +285,12 @@ ifneq ($(my_sanitize),)
  my_cflags += -fsanitize=$(fsanitize_arg)
  my_asflags += -fsanitize=$(fsanitize_arg)

-  ifdef LOCAL_IS_HOST_MODULE
+  # When fuzzing, we wish to crash with diagnostics on any bug.
+  ifneq ($(filter fuzzer-no-link,$(my_sanitize)),)
+    my_cflags += -fno-sanitize-trap=all
+    my_cflags += -fno-sanitize-recover=all
+    my_ldflags += -fsanitize=fuzzer-no-link
+  else ifdef LOCAL_IS_HOST_MODULE
    my_cflags += -fno-sanitize-recover=all
    my_ldflags += -fsanitize=$(fsanitize_arg)
  else
@ -378,7 +388,7 @@ ifeq ($(LOCAL_IS_HOST_MODULE)$(LOCAL_IS_AUX_MODULE),)
  ifneq ($(filter unsigned-integer-overflow signed-integer-overflow integer,$(my_sanitize)),)
    ifeq ($(filter unsigned-integer-overflow signed-integer-overflow integer,$(my_sanitize_diag)),)
      ifeq ($(filter cfi,$(my_sanitize_diag)),)
-        ifeq ($(filter address hwaddress,$(my_sanitize)),)
+        ifeq ($(filter address hwaddress fuzzer-no-link,$(my_sanitize)),)
          my_cflags += -fsanitize-minimal-runtime
          my_cflags += -fno-sanitize-trap=integer
          my_cflags += -fno-sanitize-recover=integer
--- a/core/fuzz_test.mk
+++ b/core/fuzz_test.mk
@ -15,8 +15,7 @@ else ifdef TARGET_FUZZ_ENGINE
    my_fuzzer:=$(TARGET_FUZZ_ENGINE)
 endif

-
-LOCAL_CFLAGS += -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp
+LOCAL_SANITIZE += fuzzer

 ifeq ($(my_fuzzer),libFuzzer)
 LOCAL_STATIC_LIBRARIES += libFuzzer
--- a/core/host_fuzz_test.mk
+++ b/core/host_fuzz_test.mk
@ -4,7 +4,7 @@
 ################################################
 $(call record-module-type,HOST_FUZZ_TEST)

-LOCAL_CFLAGS += -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp
+LOCAL_SANITIZE += fuzzer
 LOCAL_STATIC_LIBRARIES += libLLVMFuzzer

 include $(BUILD_HOST_EXECUTABLE)