Bug 1464202 - Improve and centralize libFuzzer flag management. r=froydnj

MozReview-Commit-ID: HFrQDAZWtpo

--HG--
extra : rebase_source : ab1da001d7e9280fbfb37858505f1d0d0caf7d54

build/gyp.mozbuild

@@ -12,6 +12,7 @@ gyp_vars.update({
     'ubsan' : 0,
     'fuzzing' : 1 if CONFIG['FUZZING'] else 0,
     'libfuzzer' : 1 if CONFIG['LIBFUZZER'] else 0,
+    'libfuzzer_fuzzer_no_link_flag' : 1 if CONFIG['HAVE_LIBFUZZER_FLAG_FUZZER_NO_LINK'] else 0,
     'build_with_mozilla': 1,
     'build_with_chromium': 0,
     # 10.9 once we move to TC cross-compiles - bug 1270217

build/moz.configure/toolchain.configure

@@ -1624,3 +1624,13 @@ add_gcc_flag(
 add_gcc_flag(
     '-D_GLIBCXX_USE_CXX11_ABI=0', host_cxx_compiler,
     when=libstdcxx_version('MOZ_LIBSTDCXX_HOST_VERSION', host_cxx_compiler))
+
+
+@depends(c_compiler.try_compile(flags=['-fsanitize=fuzzer-no-link'],
+         check_msg='whether the C compiler supports -fsanitize=fuzzer-no-link'))
+def have_libfuzzer_flag_fuzzer_no_link(value):
+    if value:
+        return True
+
+
+set_config('HAVE_LIBFUZZER_FLAG_FUZZER_NO_LINK', have_libfuzzer_flag_fuzzer_no_link)

image/moz.build

@@ -117,8 +117,5 @@ LOCAL_INCLUDES += CONFIG['SKIA_INCLUDES']
 if CONFIG['CC_TYPE'] in ('clang', 'gcc'):
     CXXFLAGS += ['-Wno-error=shadow']
 
-if CONFIG['FUZZING']:
+# Add libFuzzer configuration directives
-    if CONFIG['LIBFUZZER']:
+include('/tools/fuzzing/libfuzzer-config.mozbuild')
-        # Add trace-pc coverage for libfuzzer
-        CFLAGS += ['-fsanitize-coverage=trace-pc-guard']
-        CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard']

js/src/fuzz-tests/moz.build

@@ -34,9 +34,8 @@ if CONFIG['LIBFUZZER']:
         'static:fuzzer',
     ]
 
-    # Add trace-pc coverage for libfuzzer
+    # Add libFuzzer configuration directives
-    CFLAGS += ['-fsanitize-coverage=trace-pc-guard']
+    include('/tools/fuzzing/libfuzzer-config.mozbuild')
-    CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard']
 
 USE_LIBS += [
     'static:js',

js/src/moz.build

@@ -59,8 +59,7 @@ if CONFIG['FUZZING_INTERFACES'] and CONFIG['LIBFUZZER']:
     # Only use this feature on source files that do a lot of constant
     # comparisons that would otherwise be hard to guess by LibFuzzer,
     # as it comes with a larger overhead (requires -use_value_profile=1).
-    libfuzzer_flags = ['-fsanitize-coverage=trace-pc-guard']
+    include('/tools/fuzzing/libfuzzer-flags.mozbuild')
-    libfuzzer_flags_cmp = ['-fsanitize-coverage=trace-pc-guard', '-fsanitize-coverage=trace-cmp']
 
     # Any files that are targeted by LibFuzzer should be added here so they can
     # be built with the necessary instrumentation flags, rather than just building
@@ -68,7 +67,7 @@ if CONFIG['FUZZING_INTERFACES'] and CONFIG['LIBFUZZER']:
     SOURCES += [
         'vm/StructuredClone.cpp',
     ]
-    SOURCES['vm/StructuredClone.cpp'].flags += libfuzzer_flags_cmp
+    SOURCES['vm/StructuredClone.cpp'].flags += libfuzzer_flags
 else:
     UNIFIED_SOURCES += [
         'vm/StructuredClone.cpp',
@@ -718,9 +717,9 @@ if CONFIG['JS_BUILD_BINAST']:
 
     # Instrument BinAST files for fuzzing as we have a fuzzing target for BinAST.
     if CONFIG['FUZZING_INTERFACES'] and CONFIG['LIBFUZZER']:
-        SOURCES['frontend/BinSource.cpp'].flags += libfuzzer_flags_cmp
+        SOURCES['frontend/BinSource.cpp'].flags += libfuzzer_flags
-        SOURCES['frontend/BinToken.cpp'].flags += libfuzzer_flags_cmp
+        SOURCES['frontend/BinToken.cpp'].flags += libfuzzer_flags
-        SOURCES['frontend/BinTokenReaderTester.cpp'].flags += libfuzzer_flags_cmp
+        SOURCES['frontend/BinTokenReaderTester.cpp'].flags += libfuzzer_flags
 
 # Wasm code should use WASM_HUGE_MEMORY instead of JS_CODEGEN_X64
 # so that it is easy to use the huge-mapping optimization for other

media/mtransport/build/moz.build

@@ -28,11 +28,8 @@ EXPORTS.mtransport += [
 
 include('../common.build')
 
-if CONFIG['FUZZING']:
+# Add libFuzzer configuration directives
-    if CONFIG['LIBFUZZER']:
+include('/tools/fuzzing/libfuzzer-config.mozbuild')
-        # Add trace-pc coverage for LibFuzzer
-        CFLAGS += ['-fsanitize-coverage=trace-pc-guard']
-        CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard']
 
 # These files cannot be built in unified mode because of the redefinition of
 # getLogModule, UNIMPLEMENTED, nr_socket_long_term_violation_time,

media/mtransport/fuzztest/moz.build

@@ -22,11 +22,8 @@ LOCAL_INCLUDES += [
   '/media/mtransport/third_party/nrappkit/src/util/libekr',
 ]
 
-if CONFIG['FUZZING']:
+# Add libFuzzer configuration directives
-    if CONFIG['LIBFUZZER']:
+include('/tools/fuzzing/libfuzzer-config.mozbuild')
-        # Add trace-pc coverage for LibFuzzer
-        CFLAGS += ['-fsanitize-coverage=trace-pc-guard']
-        CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard']
 
 SOURCES += [
     'stun_parser_libfuzz.cpp',

media/mtransport/moz.build

@@ -15,11 +15,8 @@ DIRS += [
     '/media/mtransport/ipc',
 ]
 
-if CONFIG['FUZZING']:
+# Add libFuzzer configuration directives
-    if CONFIG['LIBFUZZER']:
+include('/tools/fuzzing/libfuzzer-config.mozbuild')
-        # Add trace-pc coverage for LibFuzzer
-        CFLAGS += ['-fsanitize-coverage=trace-pc-guard']
-        CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard']
 
 if CONFIG['FUZZING_INTERFACES']:
     TEST_DIRS += [

media/mtransport/third_party/nICEr/nicer.gyp

@@ -239,9 +239,14 @@
                   "DONT_HAVE_ETHTOOL_SPEED_HI",
                ]
              }],
-        ['libfuzzer == 1', {
+        ['(libfuzzer == 1) and (libfuzzer_fuzzer_no_link_flag == 1)', {
           'cflags_mozilla': [
-            '-fsanitize-coverage=trace-pc-guard',
+            '-fsanitize=fuzzer-no-link'
+         ],
+        }],
+        ['(libfuzzer == 1) and (libfuzzer_fuzzer_no_link_flag == 0)', {
+          'cflags_mozilla': [
+            '-fsanitize-coverage=trace-pc-guard,trace-cmp'
          ],
         }],
           ],

media/webrtc/moz.build

@@ -113,12 +113,8 @@ if CONFIG['MOZ_WEBRTC_SIGNALING']:
             'trunk/gtest',
         ]
 
-    if CONFIG['FUZZING']:
+    # Add libFuzzer configuration directives
-        if CONFIG['LIBFUZZER']:
+    include('/tools/fuzzing/libfuzzer-config.mozbuild')
-            # Add trace-pc coverage for LibFuzzer
-            CFLAGS += ['-fsanitize-coverage=trace-pc-guard']
-            CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard']
-
     if CONFIG['FUZZING_INTERFACES']:
         TEST_DIRS += [
             'signaling/fuzztest'

media/webrtc/signaling/fuzztest/moz.build

@@ -14,11 +14,8 @@ LOCAL_INCLUDES += [
   '/media/webrtc/signaling/src/peerconnection',
 ]
 
-if CONFIG['FUZZING']:
+# Add libFuzzer configuration directives
-    if CONFIG['LIBFUZZER']:
+include('/tools/fuzzing/libfuzzer-config.mozbuild')
-        # Add trace-pc coverage and trace-cmp for LibFuzzer
-        CFLAGS += ['-fsanitize-coverage=trace-pc-guard', '-fsanitize-coverage=trace-cmp']
-        CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard', '-fsanitize-coverage=trace-cmp']
 
 SOURCES += [
     'sdp_parser_libfuzz.cpp',

media/webrtc/signaling/src/sdp/moz.build

@@ -19,11 +19,8 @@ else:
         'sipcc/sdp_services_unix.c',
     ]
 
-if CONFIG['FUZZING']:
+# Add libFuzzer configuration directives
-    if CONFIG['LIBFUZZER']:
+include('/tools/fuzzing/libfuzzer-config.mozbuild')
-        # Add trace-pc coverage and trace-cmp for LibFuzzer
-        CFLAGS += ['-fsanitize-coverage=trace-pc-guard', '-fsanitize-coverage=trace-cmp']
-        CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard', '-fsanitize-coverage=trace-cmp']
 
 LOCAL_INCLUDES += [
     '/media/mtransport',

tools/fuzzing/libfuzzer-config.mozbuild

@@ -0,0 +1,13 @@
+# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include('libfuzzer-flags.mozbuild')
+
+if CONFIG['FUZZING']:
+    if CONFIG['LIBFUZZER']:
+        # Add trace-pc coverage for libfuzzer
+        CFLAGS += libfuzzer_flags
+        CXXFLAGS += libfuzzer_flags

tools/fuzzing/libfuzzer-flags.mozbuild

@@ -0,0 +1,13 @@
+# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+libfuzzer_flags = []
+
+if CONFIG['HAVE_LIBFUZZER_FLAG_FUZZER_NO_LINK']:
+    libfuzzer_flags += ['-fsanitize=fuzzer-no-link']
+else:
+    # Older Clang versions (<= 5) only support an older set of libFuzzer flags
+    libfuzzer_flags += ['-fsanitize-coverage=trace-pc-guard,trace-cmp']