From 570031d38c1f9bc37f39cd20b10405e4b95f9247 Mon Sep 17 00:00:00 2001 From: Christian Holler Date: Thu, 24 May 2018 21:11:46 +0200 Subject: [PATCH] Bug 1464202 - Improve and centralize libFuzzer flag management. r=froydnj MozReview-Commit-ID: HFrQDAZWtpo --HG-- extra : rebase_source : ab1da001d7e9280fbfb37858505f1d0d0caf7d54 --- build/gyp.mozbuild | 1 + build/moz.configure/toolchain.configure | 10 ++++++++++ image/moz.build | 7 ++----- js/src/fuzz-tests/moz.build | 5 ++--- js/src/moz.build | 11 +++++------ media/mtransport/build/moz.build | 7 ++----- media/mtransport/fuzztest/moz.build | 7 ++----- media/mtransport/moz.build | 15 ++++++--------- media/mtransport/third_party/nICEr/nicer.gyp | 9 +++++++-- media/webrtc/moz.build | 16 ++++++---------- media/webrtc/signaling/fuzztest/moz.build | 7 ++----- media/webrtc/signaling/src/sdp/moz.build | 7 ++----- tools/fuzzing/libfuzzer-config.mozbuild | 13 +++++++++++++ tools/fuzzing/libfuzzer-flags.mozbuild | 13 +++++++++++++ 14 files changed, 73 insertions(+), 55 deletions(-) create mode 100644 tools/fuzzing/libfuzzer-config.mozbuild create mode 100644 tools/fuzzing/libfuzzer-flags.mozbuild diff --git a/build/gyp.mozbuild b/build/gyp.mozbuild index 45b42ae28526..83b85d43baf0 100644 --- a/build/gyp.mozbuild +++ b/build/gyp.mozbuild @@ -12,6 +12,7 @@ gyp_vars.update({ 'ubsan' : 0, 'fuzzing' : 1 if CONFIG['FUZZING'] else 0, 'libfuzzer' : 1 if CONFIG['LIBFUZZER'] else 0, + 'libfuzzer_fuzzer_no_link_flag' : 1 if CONFIG['HAVE_LIBFUZZER_FLAG_FUZZER_NO_LINK'] else 0, 'build_with_mozilla': 1, 'build_with_chromium': 0, # 10.9 once we move to TC cross-compiles - bug 1270217 diff --git a/build/moz.configure/toolchain.configure b/build/moz.configure/toolchain.configure index e987ad7d4eca..d4e98f8335aa 100755 --- a/build/moz.configure/toolchain.configure +++ b/build/moz.configure/toolchain.configure @@ -1624,3 +1624,13 @@ add_gcc_flag( add_gcc_flag( '-D_GLIBCXX_USE_CXX11_ABI=0', host_cxx_compiler, when=libstdcxx_version('MOZ_LIBSTDCXX_HOST_VERSION', host_cxx_compiler)) + + +@depends(c_compiler.try_compile(flags=['-fsanitize=fuzzer-no-link'], + check_msg='whether the C compiler supports -fsanitize=fuzzer-no-link')) +def have_libfuzzer_flag_fuzzer_no_link(value): + if value: + return True + + +set_config('HAVE_LIBFUZZER_FLAG_FUZZER_NO_LINK', have_libfuzzer_flag_fuzzer_no_link) diff --git a/image/moz.build b/image/moz.build index 609c38dd877e..352e8a266973 100644 --- a/image/moz.build +++ b/image/moz.build @@ -117,8 +117,5 @@ LOCAL_INCLUDES += CONFIG['SKIA_INCLUDES'] if CONFIG['CC_TYPE'] in ('clang', 'gcc'): CXXFLAGS += ['-Wno-error=shadow'] -if CONFIG['FUZZING']: - if CONFIG['LIBFUZZER']: - # Add trace-pc coverage for libfuzzer - CFLAGS += ['-fsanitize-coverage=trace-pc-guard'] - CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard'] +# Add libFuzzer configuration directives +include('/tools/fuzzing/libfuzzer-config.mozbuild') diff --git a/js/src/fuzz-tests/moz.build b/js/src/fuzz-tests/moz.build index 410323be7dd5..9d038ecc7873 100644 --- a/js/src/fuzz-tests/moz.build +++ b/js/src/fuzz-tests/moz.build @@ -34,9 +34,8 @@ if CONFIG['LIBFUZZER']: 'static:fuzzer', ] - # Add trace-pc coverage for libfuzzer - CFLAGS += ['-fsanitize-coverage=trace-pc-guard'] - CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard'] + # Add libFuzzer configuration directives + include('/tools/fuzzing/libfuzzer-config.mozbuild') USE_LIBS += [ 'static:js', diff --git a/js/src/moz.build b/js/src/moz.build index 076add781fbb..7b5dbcee66a6 100755 --- a/js/src/moz.build +++ b/js/src/moz.build @@ -59,8 +59,7 @@ if CONFIG['FUZZING_INTERFACES'] and CONFIG['LIBFUZZER']: # Only use this feature on source files that do a lot of constant # comparisons that would otherwise be hard to guess by LibFuzzer, # as it comes with a larger overhead (requires -use_value_profile=1). - libfuzzer_flags = ['-fsanitize-coverage=trace-pc-guard'] - libfuzzer_flags_cmp = ['-fsanitize-coverage=trace-pc-guard', '-fsanitize-coverage=trace-cmp'] + include('/tools/fuzzing/libfuzzer-flags.mozbuild') # Any files that are targeted by LibFuzzer should be added here so they can # be built with the necessary instrumentation flags, rather than just building @@ -68,7 +67,7 @@ if CONFIG['FUZZING_INTERFACES'] and CONFIG['LIBFUZZER']: SOURCES += [ 'vm/StructuredClone.cpp', ] - SOURCES['vm/StructuredClone.cpp'].flags += libfuzzer_flags_cmp + SOURCES['vm/StructuredClone.cpp'].flags += libfuzzer_flags else: UNIFIED_SOURCES += [ 'vm/StructuredClone.cpp', @@ -718,9 +717,9 @@ if CONFIG['JS_BUILD_BINAST']: # Instrument BinAST files for fuzzing as we have a fuzzing target for BinAST. if CONFIG['FUZZING_INTERFACES'] and CONFIG['LIBFUZZER']: - SOURCES['frontend/BinSource.cpp'].flags += libfuzzer_flags_cmp - SOURCES['frontend/BinToken.cpp'].flags += libfuzzer_flags_cmp - SOURCES['frontend/BinTokenReaderTester.cpp'].flags += libfuzzer_flags_cmp + SOURCES['frontend/BinSource.cpp'].flags += libfuzzer_flags + SOURCES['frontend/BinToken.cpp'].flags += libfuzzer_flags + SOURCES['frontend/BinTokenReaderTester.cpp'].flags += libfuzzer_flags # Wasm code should use WASM_HUGE_MEMORY instead of JS_CODEGEN_X64 # so that it is easy to use the huge-mapping optimization for other diff --git a/media/mtransport/build/moz.build b/media/mtransport/build/moz.build index e0237ac3905b..d133d85451d4 100644 --- a/media/mtransport/build/moz.build +++ b/media/mtransport/build/moz.build @@ -28,11 +28,8 @@ EXPORTS.mtransport += [ include('../common.build') -if CONFIG['FUZZING']: - if CONFIG['LIBFUZZER']: - # Add trace-pc coverage for LibFuzzer - CFLAGS += ['-fsanitize-coverage=trace-pc-guard'] - CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard'] +# Add libFuzzer configuration directives +include('/tools/fuzzing/libfuzzer-config.mozbuild') # These files cannot be built in unified mode because of the redefinition of # getLogModule, UNIMPLEMENTED, nr_socket_long_term_violation_time, diff --git a/media/mtransport/fuzztest/moz.build b/media/mtransport/fuzztest/moz.build index 460b87d9b618..5d2e43b57055 100644 --- a/media/mtransport/fuzztest/moz.build +++ b/media/mtransport/fuzztest/moz.build @@ -22,11 +22,8 @@ LOCAL_INCLUDES += [ '/media/mtransport/third_party/nrappkit/src/util/libekr', ] -if CONFIG['FUZZING']: - if CONFIG['LIBFUZZER']: - # Add trace-pc coverage for LibFuzzer - CFLAGS += ['-fsanitize-coverage=trace-pc-guard'] - CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard'] +# Add libFuzzer configuration directives +include('/tools/fuzzing/libfuzzer-config.mozbuild') SOURCES += [ 'stun_parser_libfuzz.cpp', diff --git a/media/mtransport/moz.build b/media/mtransport/moz.build index fe735d06a0d0..fcdb47bc1d7e 100644 --- a/media/mtransport/moz.build +++ b/media/mtransport/moz.build @@ -15,13 +15,10 @@ DIRS += [ '/media/mtransport/ipc', ] -if CONFIG['FUZZING']: - if CONFIG['LIBFUZZER']: - # Add trace-pc coverage for LibFuzzer - CFLAGS += ['-fsanitize-coverage=trace-pc-guard'] - CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard'] +# Add libFuzzer configuration directives +include('/tools/fuzzing/libfuzzer-config.mozbuild') - if CONFIG['FUZZING_INTERFACES']: - TEST_DIRS += [ - 'fuzztest' - ] +if CONFIG['FUZZING_INTERFACES']: + TEST_DIRS += [ + 'fuzztest' + ] diff --git a/media/mtransport/third_party/nICEr/nicer.gyp b/media/mtransport/third_party/nICEr/nicer.gyp index 3435e0588b02..3f61939eb432 100644 --- a/media/mtransport/third_party/nICEr/nicer.gyp +++ b/media/mtransport/third_party/nICEr/nicer.gyp @@ -239,9 +239,14 @@ "DONT_HAVE_ETHTOOL_SPEED_HI", ] }], - ['libfuzzer == 1', { + ['(libfuzzer == 1) and (libfuzzer_fuzzer_no_link_flag == 1)', { 'cflags_mozilla': [ - '-fsanitize-coverage=trace-pc-guard', + '-fsanitize=fuzzer-no-link' + ], + }], + ['(libfuzzer == 1) and (libfuzzer_fuzzer_no_link_flag == 0)', { + 'cflags_mozilla': [ + '-fsanitize-coverage=trace-pc-guard,trace-cmp' ], }], ], diff --git a/media/webrtc/moz.build b/media/webrtc/moz.build index 5c4867acd1df..27d2364c4c04 100644 --- a/media/webrtc/moz.build +++ b/media/webrtc/moz.build @@ -113,13 +113,9 @@ if CONFIG['MOZ_WEBRTC_SIGNALING']: 'trunk/gtest', ] - if CONFIG['FUZZING']: - if CONFIG['LIBFUZZER']: - # Add trace-pc coverage for LibFuzzer - CFLAGS += ['-fsanitize-coverage=trace-pc-guard'] - CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard'] - - if CONFIG['FUZZING_INTERFACES']: - TEST_DIRS += [ - 'signaling/fuzztest' - ] + # Add libFuzzer configuration directives + include('/tools/fuzzing/libfuzzer-config.mozbuild') + if CONFIG['FUZZING_INTERFACES']: + TEST_DIRS += [ + 'signaling/fuzztest' + ] diff --git a/media/webrtc/signaling/fuzztest/moz.build b/media/webrtc/signaling/fuzztest/moz.build index e0a9f3d4de19..1d93344bfa76 100644 --- a/media/webrtc/signaling/fuzztest/moz.build +++ b/media/webrtc/signaling/fuzztest/moz.build @@ -14,11 +14,8 @@ LOCAL_INCLUDES += [ '/media/webrtc/signaling/src/peerconnection', ] -if CONFIG['FUZZING']: - if CONFIG['LIBFUZZER']: - # Add trace-pc coverage and trace-cmp for LibFuzzer - CFLAGS += ['-fsanitize-coverage=trace-pc-guard', '-fsanitize-coverage=trace-cmp'] - CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard', '-fsanitize-coverage=trace-cmp'] +# Add libFuzzer configuration directives +include('/tools/fuzzing/libfuzzer-config.mozbuild') SOURCES += [ 'sdp_parser_libfuzz.cpp', diff --git a/media/webrtc/signaling/src/sdp/moz.build b/media/webrtc/signaling/src/sdp/moz.build index a66101ff5ee6..94fe0f617148 100644 --- a/media/webrtc/signaling/src/sdp/moz.build +++ b/media/webrtc/signaling/src/sdp/moz.build @@ -19,11 +19,8 @@ else: 'sipcc/sdp_services_unix.c', ] -if CONFIG['FUZZING']: - if CONFIG['LIBFUZZER']: - # Add trace-pc coverage and trace-cmp for LibFuzzer - CFLAGS += ['-fsanitize-coverage=trace-pc-guard', '-fsanitize-coverage=trace-cmp'] - CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard', '-fsanitize-coverage=trace-cmp'] +# Add libFuzzer configuration directives +include('/tools/fuzzing/libfuzzer-config.mozbuild') LOCAL_INCLUDES += [ '/media/mtransport', diff --git a/tools/fuzzing/libfuzzer-config.mozbuild b/tools/fuzzing/libfuzzer-config.mozbuild new file mode 100644 index 000000000000..91998e0050b7 --- /dev/null +++ b/tools/fuzzing/libfuzzer-config.mozbuild @@ -0,0 +1,13 @@ +# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +include('libfuzzer-flags.mozbuild') + +if CONFIG['FUZZING']: + if CONFIG['LIBFUZZER']: + # Add trace-pc coverage for libfuzzer + CFLAGS += libfuzzer_flags + CXXFLAGS += libfuzzer_flags diff --git a/tools/fuzzing/libfuzzer-flags.mozbuild b/tools/fuzzing/libfuzzer-flags.mozbuild new file mode 100644 index 000000000000..90fcde732834 --- /dev/null +++ b/tools/fuzzing/libfuzzer-flags.mozbuild @@ -0,0 +1,13 @@ +# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +libfuzzer_flags = [] + +if CONFIG['HAVE_LIBFUZZER_FLAG_FUZZER_NO_LINK']: + libfuzzer_flags += ['-fsanitize=fuzzer-no-link'] +else: + # Older Clang versions (<= 5) only support an older set of libFuzzer flags + libfuzzer_flags += ['-fsanitize-coverage=trace-pc-guard,trace-cmp']