Bug 1464202 - Improve and centralize libFuzzer flag management. r=froydnj

MozReview-Commit-ID: HFrQDAZWtpo --HG-- extra : rebase_source : ab1da001d7e9280fbfb37858505f1d0d0caf7d54
2018-05-24 21:11:46 +02:00 · 2018-05-24 21:11:46 +02:00 · 570031d38c
commit 570031d38c
parent e4bec62788
14 changed files with 73 additions and 55 deletions
--- a/build/gyp.mozbuild
+++ b/build/gyp.mozbuild
@ -12,6 +12,7 @@ gyp_vars.update({
    'ubsan' : 0,
    'fuzzing' : 1 if CONFIG['FUZZING'] else 0,
    'libfuzzer' : 1 if CONFIG['LIBFUZZER'] else 0,
+    'libfuzzer_fuzzer_no_link_flag' : 1 if CONFIG['HAVE_LIBFUZZER_FLAG_FUZZER_NO_LINK'] else 0,
    'build_with_mozilla': 1,
    'build_with_chromium': 0,
    # 10.9 once we move to TC cross-compiles - bug 1270217
--- a/build/moz.configure/toolchain.configure
+++ b/build/moz.configure/toolchain.configure
@ -1624,3 +1624,13 @@ add_gcc_flag(
 add_gcc_flag(
    '-D_GLIBCXX_USE_CXX11_ABI=0', host_cxx_compiler,
    when=libstdcxx_version('MOZ_LIBSTDCXX_HOST_VERSION', host_cxx_compiler))
+
+
+@depends(c_compiler.try_compile(flags=['-fsanitize=fuzzer-no-link'],
+         check_msg='whether the C compiler supports -fsanitize=fuzzer-no-link'))
+def have_libfuzzer_flag_fuzzer_no_link(value):
+    if value:
+        return True
+
+
+set_config('HAVE_LIBFUZZER_FLAG_FUZZER_NO_LINK', have_libfuzzer_flag_fuzzer_no_link)
--- a/image/moz.build
+++ b/image/moz.build
@ -117,8 +117,5 @@ LOCAL_INCLUDES += CONFIG['SKIA_INCLUDES']
 if CONFIG['CC_TYPE'] in ('clang', 'gcc'):
    CXXFLAGS += ['-Wno-error=shadow']

-if CONFIG['FUZZING']:
-    if CONFIG['LIBFUZZER']:
-        # Add trace-pc coverage for libfuzzer
-        CFLAGS += ['-fsanitize-coverage=trace-pc-guard']
-        CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard']
+# Add libFuzzer configuration directives
+include('/tools/fuzzing/libfuzzer-config.mozbuild')
--- a/js/src/fuzz-tests/moz.build
+++ b/js/src/fuzz-tests/moz.build
@ -34,9 +34,8 @@ if CONFIG['LIBFUZZER']:
        'static:fuzzer',
    ]

-    # Add trace-pc coverage for libfuzzer
-    CFLAGS += ['-fsanitize-coverage=trace-pc-guard']
-    CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard']
+    # Add libFuzzer configuration directives
+    include('/tools/fuzzing/libfuzzer-config.mozbuild')

 USE_LIBS += [
    'static:js',
--- a/js/src/moz.build
+++ b/js/src/moz.build
@ -59,8 +59,7 @@ if CONFIG['FUZZING_INTERFACES'] and CONFIG['LIBFUZZER']:
    # Only use this feature on source files that do a lot of constant
    # comparisons that would otherwise be hard to guess by LibFuzzer,
    # as it comes with a larger overhead (requires -use_value_profile=1).
-    libfuzzer_flags = ['-fsanitize-coverage=trace-pc-guard']
-    libfuzzer_flags_cmp = ['-fsanitize-coverage=trace-pc-guard', '-fsanitize-coverage=trace-cmp']
+    include('/tools/fuzzing/libfuzzer-flags.mozbuild')

    # Any files that are targeted by LibFuzzer should be added here so they can
    # be built with the necessary instrumentation flags, rather than just building
@ -68,7 +67,7 @@ if CONFIG['FUZZING_INTERFACES'] and CONFIG['LIBFUZZER']:
    SOURCES += [
        'vm/StructuredClone.cpp',
    ]
-    SOURCES['vm/StructuredClone.cpp'].flags += libfuzzer_flags_cmp
+    SOURCES['vm/StructuredClone.cpp'].flags += libfuzzer_flags
 else:
    UNIFIED_SOURCES += [
        'vm/StructuredClone.cpp',
@ -718,9 +717,9 @@ if CONFIG['JS_BUILD_BINAST']:

    # Instrument BinAST files for fuzzing as we have a fuzzing target for BinAST.
    if CONFIG['FUZZING_INTERFACES'] and CONFIG['LIBFUZZER']:
-        SOURCES['frontend/BinSource.cpp'].flags += libfuzzer_flags_cmp
-        SOURCES['frontend/BinToken.cpp'].flags += libfuzzer_flags_cmp
-        SOURCES['frontend/BinTokenReaderTester.cpp'].flags += libfuzzer_flags_cmp
+        SOURCES['frontend/BinSource.cpp'].flags += libfuzzer_flags
+        SOURCES['frontend/BinToken.cpp'].flags += libfuzzer_flags
+        SOURCES['frontend/BinTokenReaderTester.cpp'].flags += libfuzzer_flags

 # Wasm code should use WASM_HUGE_MEMORY instead of JS_CODEGEN_X64
 # so that it is easy to use the huge-mapping optimization for other
--- a/media/mtransport/build/moz.build
+++ b/media/mtransport/build/moz.build
@ -28,11 +28,8 @@ EXPORTS.mtransport += [

 include('../common.build')

-if CONFIG['FUZZING']:
-    if CONFIG['LIBFUZZER']:
-        # Add trace-pc coverage for LibFuzzer
-        CFLAGS += ['-fsanitize-coverage=trace-pc-guard']
-        CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard']
+# Add libFuzzer configuration directives
+include('/tools/fuzzing/libfuzzer-config.mozbuild')

 # These files cannot be built in unified mode because of the redefinition of
 # getLogModule, UNIMPLEMENTED, nr_socket_long_term_violation_time,
--- a/media/mtransport/fuzztest/moz.build
+++ b/media/mtransport/fuzztest/moz.build
@ -22,11 +22,8 @@ LOCAL_INCLUDES += [
  '/media/mtransport/third_party/nrappkit/src/util/libekr',
 ]

-if CONFIG['FUZZING']:
-    if CONFIG['LIBFUZZER']:
-        # Add trace-pc coverage for LibFuzzer
-        CFLAGS += ['-fsanitize-coverage=trace-pc-guard']
-        CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard']
+# Add libFuzzer configuration directives
+include('/tools/fuzzing/libfuzzer-config.mozbuild')

 SOURCES += [
    'stun_parser_libfuzz.cpp',
--- a/media/mtransport/moz.build
+++ b/media/mtransport/moz.build
@ -15,13 +15,10 @@ DIRS += [
    '/media/mtransport/ipc',
 ]

-if CONFIG['FUZZING']:
-    if CONFIG['LIBFUZZER']:
-        # Add trace-pc coverage for LibFuzzer
-        CFLAGS += ['-fsanitize-coverage=trace-pc-guard']
-        CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard']
+# Add libFuzzer configuration directives
+include('/tools/fuzzing/libfuzzer-config.mozbuild')

-    if CONFIG['FUZZING_INTERFACES']:
-        TEST_DIRS += [
-            'fuzztest'
-        ]
+if CONFIG['FUZZING_INTERFACES']:
+    TEST_DIRS += [
+        'fuzztest'
+    ]
--- a/media/mtransport/third_party/nICEr/nicer.gyp
+++ b/media/mtransport/third_party/nICEr/nicer.gyp
@ -239,9 +239,14 @@
                  "DONT_HAVE_ETHTOOL_SPEED_HI",
               ]
             }],
-        ['libfuzzer == 1', {
+        ['(libfuzzer == 1) and (libfuzzer_fuzzer_no_link_flag == 1)', {
          'cflags_mozilla': [
-            '-fsanitize-coverage=trace-pc-guard',
+            '-fsanitize=fuzzer-no-link'
+         ],
+        }],
+        ['(libfuzzer == 1) and (libfuzzer_fuzzer_no_link_flag == 0)', {
+          'cflags_mozilla': [
+            '-fsanitize-coverage=trace-pc-guard,trace-cmp'
         ],
        }],
          ],
--- a/media/webrtc/moz.build
+++ b/media/webrtc/moz.build
@ -113,13 +113,9 @@ if CONFIG['MOZ_WEBRTC_SIGNALING']:
            'trunk/gtest',
        ]

-    if CONFIG['FUZZING']:
-        if CONFIG['LIBFUZZER']:
-            # Add trace-pc coverage for LibFuzzer
-            CFLAGS += ['-fsanitize-coverage=trace-pc-guard']
-            CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard']
-
-        if CONFIG['FUZZING_INTERFACES']:
-            TEST_DIRS += [
-                'signaling/fuzztest'
-            ]
+    # Add libFuzzer configuration directives
+    include('/tools/fuzzing/libfuzzer-config.mozbuild')
+    if CONFIG['FUZZING_INTERFACES']:
+        TEST_DIRS += [
+            'signaling/fuzztest'
+        ]
--- a/media/webrtc/signaling/fuzztest/moz.build
+++ b/media/webrtc/signaling/fuzztest/moz.build
@ -14,11 +14,8 @@ LOCAL_INCLUDES += [
  '/media/webrtc/signaling/src/peerconnection',
 ]

-if CONFIG['FUZZING']:
-    if CONFIG['LIBFUZZER']:
-        # Add trace-pc coverage and trace-cmp for LibFuzzer
-        CFLAGS += ['-fsanitize-coverage=trace-pc-guard', '-fsanitize-coverage=trace-cmp']
-        CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard', '-fsanitize-coverage=trace-cmp']
+# Add libFuzzer configuration directives
+include('/tools/fuzzing/libfuzzer-config.mozbuild')

 SOURCES += [
    'sdp_parser_libfuzz.cpp',
--- a/media/webrtc/signaling/src/sdp/moz.build
+++ b/media/webrtc/signaling/src/sdp/moz.build
@ -19,11 +19,8 @@ else:
        'sipcc/sdp_services_unix.c',
    ]

-if CONFIG['FUZZING']:
-    if CONFIG['LIBFUZZER']:
-        # Add trace-pc coverage and trace-cmp for LibFuzzer
-        CFLAGS += ['-fsanitize-coverage=trace-pc-guard', '-fsanitize-coverage=trace-cmp']
-        CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard', '-fsanitize-coverage=trace-cmp']
+# Add libFuzzer configuration directives
+include('/tools/fuzzing/libfuzzer-config.mozbuild')

 LOCAL_INCLUDES += [
    '/media/mtransport',
--- a/tools/fuzzing/libfuzzer-config.mozbuild
+++ b/tools/fuzzing/libfuzzer-config.mozbuild
@ -0,0 +1,13 @@
+# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include('libfuzzer-flags.mozbuild')
+
+if CONFIG['FUZZING']:
+    if CONFIG['LIBFUZZER']:
+        # Add trace-pc coverage for libfuzzer
+        CFLAGS += libfuzzer_flags
+        CXXFLAGS += libfuzzer_flags
--- a/tools/fuzzing/libfuzzer-flags.mozbuild
+++ b/tools/fuzzing/libfuzzer-flags.mozbuild
@ -0,0 +1,13 @@
+# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+libfuzzer_flags = []
+
+if CONFIG['HAVE_LIBFUZZER_FLAG_FUZZER_NO_LINK']:
+    libfuzzer_flags += ['-fsanitize=fuzzer-no-link']
+else:
+    # Older Clang versions (<= 5) only support an older set of libFuzzer flags
+    libfuzzer_flags += ['-fsanitize-coverage=trace-pc-guard,trace-cmp']