Roll clang and switch to fsanitize=fuzzer-no-link A bit of build file reshuffling to support standalone fuzzer targets. See discussion in https://chromium-review.googlesource.com/c/chromium/src/+/1244802 TBR: fmayer Test: built with "is_debug=false use_libfuzzer=true is_asan=true" and ran fuzzers Change-Id: Ic64185eedd8b58c59569230c22a5ec880ebdb0b4
diff --git a/.travis.yml b/.travis.yml index 9d3ab45..fcb7192 100644 --- a/.travis.yml +++ b/.travis.yml
@@ -122,6 +122,7 @@ - buildtools/linenoise - buildtools/libcxx - buildtools/libcxxabi + - buildtools/libfuzzer - buildtools/libunwind before_install:
diff --git a/BUILD.gn b/BUILD.gn index 01c1e0d..4111c8c 100644 --- a/BUILD.gn +++ b/BUILD.gn
@@ -262,13 +262,11 @@ } } -if (use_libfuzzer && !build_with_chromium) { - group("fuzzers") { - testonly = true - deps = [ - "src/ipc:buffered_frame_deserializer_fuzzer", - "src/traced/probes/ftrace:cpu_reader_fuzzer", - "test:end_to_end_shared_memory_fuzzer", - ] - } +group("fuzzers") { + testonly = true + deps = [ + "src/ipc:buffered_frame_deserializer_fuzzer", + "src/traced/probes/ftrace:cpu_reader_fuzzer", + "test:end_to_end_shared_memory_fuzzer", + ] }
diff --git a/buildtools/BUILD.gn b/buildtools/BUILD.gn index 0415b3e..c0b003e 100644 --- a/buildtools/BUILD.gn +++ b/buildtools/BUILD.gn
@@ -770,3 +770,35 @@ configs -= [ "//gn/standalone:extra_warnings" ] public_configs = [ ":linenoise_config" ] } + +source_set("libfuzzer") { + configs -= [ + "//gn/standalone:extra_warnings", + "//gn/standalone/sanitizers:sanitizers_cflags", + ] + sources = [ + "libfuzzer/FuzzerCrossOver.cpp", + "libfuzzer/FuzzerDataFlowTrace.cpp", + "libfuzzer/FuzzerDriver.cpp", + "libfuzzer/FuzzerExtFunctionsDlsym.cpp", + "libfuzzer/FuzzerExtFunctionsWeak.cpp", + "libfuzzer/FuzzerExtFunctionsWeakAlias.cpp", + "libfuzzer/FuzzerExtraCounters.cpp", + "libfuzzer/FuzzerIO.cpp", + "libfuzzer/FuzzerIOPosix.cpp", + "libfuzzer/FuzzerIOWindows.cpp", + "libfuzzer/FuzzerLoop.cpp", + "libfuzzer/FuzzerMain.cpp", + "libfuzzer/FuzzerMerge.cpp", + "libfuzzer/FuzzerMutate.cpp", + "libfuzzer/FuzzerSHA1.cpp", + "libfuzzer/FuzzerShmemPosix.cpp", + "libfuzzer/FuzzerTracePC.cpp", + "libfuzzer/FuzzerUtil.cpp", + "libfuzzer/FuzzerUtilDarwin.cpp", + "libfuzzer/FuzzerUtilFuchsia.cpp", + "libfuzzer/FuzzerUtilLinux.cpp", + "libfuzzer/FuzzerUtilPosix.cpp", + "libfuzzer/FuzzerUtilWindows.cpp", + ] +}
diff --git a/gn/BUILD.gn b/gn/BUILD.gn index 92f4dee..ee14601 100644 --- a/gn/BUILD.gn +++ b/gn/BUILD.gn
@@ -135,10 +135,6 @@ ] } -config("fuzzer_config") { - ldflags = [ "-fsanitize=fuzzer" ] -} - # For now JsonCpp is supported only in standalone builds outside of Android or # Chromium. group("jsoncpp_deps") {
diff --git a/gn/fuzzer.gni b/gn/fuzzer.gni new file mode 100644 index 0000000..a6ee675 --- /dev/null +++ b/gn/fuzzer.gni
@@ -0,0 +1,27 @@ +# Copyright (C) 2018 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build_overrides/build.gni") + +if (!build_with_chromium) { + import("//gn/standalone/fuzzer.gni") +} else { + # TODO: integrate fuzzer support for chromium builds. + # For now just create a dummy template to avoid GN warnings. + template("perfetto_fuzzer_test") { + not_needed(invoker, "*") + group(target_name) { + } + } +}
diff --git a/gn/standalone/BUILD.gn b/gn/standalone/BUILD.gn index 9e1b227..863b972 100644 --- a/gn/standalone/BUILD.gn +++ b/gn/standalone/BUILD.gn
@@ -191,6 +191,8 @@ ] if (is_android) { cflags += [ "-Oz" ] + } else if (use_libfuzzer) { + cflags += [ "-O1" ] } else { cflags += [ "-O3" ] }
diff --git a/gn/standalone/fuzzer.gni b/gn/standalone/fuzzer.gni new file mode 100644 index 0000000..4a2ae14 --- /dev/null +++ b/gn/standalone/fuzzer.gni
@@ -0,0 +1,29 @@ +# Copyright (C) 2018 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//gn/standalone/sanitizers/sanitizers.gni") + +template("perfetto_fuzzer_test") { + forward_variables_from(invoker, "*") + + if (use_libfuzzer) { + executable(target_name) { + deps += [ "//buildtools:libfuzzer" ] + } + } else { + not_needed(invoker, "*") + source_set(target_name) { + } + } +} # template
diff --git a/gn/standalone/sanitizers/BUILD.gn b/gn/standalone/sanitizers/BUILD.gn index 27c7941..31718f2 100644 --- a/gn/standalone/sanitizers/BUILD.gn +++ b/gn/standalone/sanitizers/BUILD.gn
@@ -88,7 +88,7 @@ defines += [ "UNDEFINED_SANITIZER" ] } if (use_libfuzzer) { - cflags += [ "-fsanitize=fuzzer" ] + cflags += [ "-fsanitize=fuzzer-no-link" ] if (is_asan) { cflags += [ "-mllvm",
diff --git a/src/ipc/BUILD.gn b/src/ipc/BUILD.gn index 2126edd..4dffcf7 100644 --- a/src/ipc/BUILD.gn +++ b/src/ipc/BUILD.gn
@@ -13,6 +13,7 @@ # limitations under the License. import("../../gn/perfetto.gni") +import("../../gn/fuzzer.gni") import("../../gn/ipc_library.gni") import("../../gn/proto_library.gni") @@ -49,18 +50,15 @@ ] } -if (use_libfuzzer && !build_with_chromium) { - executable("buffered_frame_deserializer_fuzzer") { - sources = [ - "buffered_frame_deserializer_fuzzer.cc", - ] - deps = [ - ":ipc", - ":wire_protocol", - "../../gn:default_deps", - ] - configs += [ "../../gn:fuzzer_config" ] - } +perfetto_fuzzer_test("buffered_frame_deserializer_fuzzer") { + sources = [ + "buffered_frame_deserializer_fuzzer.cc", + ] + deps = [ + ":ipc", + ":wire_protocol", + "../../gn:default_deps", + ] } source_set("unittests") {
diff --git a/src/traced/probes/ftrace/BUILD.gn b/src/traced/probes/ftrace/BUILD.gn index 09e9ac4..e576825 100644 --- a/src/traced/probes/ftrace/BUILD.gn +++ b/src/traced/probes/ftrace/BUILD.gn
@@ -14,6 +14,7 @@ import("../../../../gn/perfetto.gni") import("../../../../gn/proto_library.gni") +import("../../../../gn/fuzzer.gni") import("../../../protozero/protozero_library.gni") # For use_libfuzzer. @@ -160,17 +161,14 @@ } } -if (use_libfuzzer && !build_with_chromium) { - executable("cpu_reader_fuzzer") { - testonly = true - sources = [ - "cpu_reader_fuzzer.cc", - ] - deps = [ - ":ftrace", - ":test_support", - "../../../../gn:default_deps", - ] - configs += [ "../../../../gn:fuzzer_config" ] - } +perfetto_fuzzer_test("cpu_reader_fuzzer") { + testonly = true + sources = [ + "cpu_reader_fuzzer.cc", + ] + deps = [ + ":ftrace", + ":test_support", + "../../../../gn:default_deps", + ] }
diff --git a/test/BUILD.gn b/test/BUILD.gn index bae9dc0..6dd7835 100644 --- a/test/BUILD.gn +++ b/test/BUILD.gn
@@ -12,16 +12,10 @@ # See the License for the specific language governing permissions and # limitations under the License. +import("../gn/fuzzer.gni") import("../gn/perfetto.gni") import("//build_overrides/build.gni") -# For use_libfuzzer. -if (!build_with_chromium) { - import("//gn/standalone/sanitizers/vars.gni") -} else { - import("//build/config/sanitizers/sanitizers.gni") -} - source_set("end_to_end_integrationtests") { testonly = true deps = [ @@ -47,25 +41,22 @@ } } -if (use_libfuzzer && !build_with_chromium) { - executable("end_to_end_shared_memory_fuzzer") { - sources = [ - "end_to_end_shared_memory_fuzzer.cc", - ] - testonly = true - deps = [ - ":task_runner_thread", - ":task_runner_thread_delegates", - ":test_helper", - "../gn:default_deps", - "../protos/perfetto/trace:lite", - "../src/base:test_support", - "../src/protozero", - "../src/tracing", - "../src/tracing:ipc", - ] - configs += [ "../gn:fuzzer_config" ] - } +perfetto_fuzzer_test("end_to_end_shared_memory_fuzzer") { + sources = [ + "end_to_end_shared_memory_fuzzer.cc", + ] + testonly = true + deps = [ + ":task_runner_thread", + ":task_runner_thread_delegates", + ":test_helper", + "../gn:default_deps", + "../protos/perfetto/trace:lite", + "../src/base:test_support", + "../src/protozero", + "../src/tracing", + "../src/tracing:ipc", + ] } source_set("task_runner_thread") {
diff --git a/tools/install-build-deps b/tools/install-build-deps index 9c394e0..7770631 100755 --- a/tools/install-build-deps +++ b/tools/install-build-deps
@@ -119,8 +119,15 @@ # Keep the revision in sync with Chrome's CLANG_REVISION in # tools/clang/scripts/update.py. ('buildtools/clang.tgz', - 'https://commondatastorage.googleapis.com/chromium-browser-clang/Linux_x64/clang-331747-1.tgz', - '973073ca36ae9194019705ec7677852a30c4b54e', + 'https://commondatastorage.googleapis.com/chromium-browser-clang/Linux_x64/clang-342523-1.tgz', + '8ca5cdf045582073386cc227dda82eaf2a3bc2ef', + 'linux2' + ), + + # Keep in sync with chromium DEPS. + ('buildtools/libfuzzer', + 'https://chromium.googlesource.com/chromium/llvm-project/compiler-rt/lib/fuzzer.git', + 'a305a5eb85ed42edc5c965c14f308f576cb245ca', 'linux2' ),