infra: allow passing architecture=i386 to CIFuzz (google#7779)

to mostly make sure that fuzz targets are buildable with architecture=i386. Ideally CIFuzz should also download the latest corpora using the "clusterfuzz-builds-i386" links but it kind of works even without that. It was tested in evverx#13 by pointing evverx/systemd#110 to that fork of the oss-fuzz repository. To judge from https://github.com/evverx/systemd/actions/runs/2406321298 it seems to be working more or less. The "i386" job failed there because systemd/systemd@89b6a3f to test "i386" as much as possible.
MartinPetkov · Aug 15, 2022 · 76732fc · 76732fc
1 parent ad57c46
commit 76732fc
Show file tree

Hide file tree

Showing 7 changed files with 38 additions and 13 deletions.
diff --git a/infra/cifuzz/actions/build_fuzzers/action.yml b/infra/cifuzz/actions/build_fuzzers/action.yml
@@ -18,6 +18,9 @@ inputs:
   sanitizer:
     description: 'The sanitizer to build the fuzzers with.'
     default: 'address'
+  architecture:
+    description: 'The architecture used to build the fuzzers.'
+    default: 'x86_64'
   project-src-path:
     description: "The path to the project's source code checkout."
     required: false
@@ -38,6 +41,7 @@ runs:
     DRY_RUN: ${{ inputs.dry-run}}
     ALLOWED_BROKEN_TARGETS_PERCENTAGE: ${{ inputs.allowed-broken-targets-percentage}}
     SANITIZER: ${{ inputs.sanitizer }}
+    ARCHITECTURE: ${{ inputs.architecture }}
     PROJECT_SRC_PATH: ${{ inputs.project-src-path }}
     LOW_DISK_SPACE: 'True'
     BAD_BUILD_CHECK: ${{ inputs.bad-build-check }}

diff --git a/infra/cifuzz/base_runner_utils.py b/infra/cifuzz/base_runner_utils.py
@@ -27,7 +27,7 @@ def get_env(config, workspace):
   env['OUT'] = workspace.out
   env['CIFUZZ'] = 'True'
   env['FUZZING_ENGINE'] = config_utils.DEFAULT_ENGINE
-  env['ARCHITECTURE'] = config_utils.DEFAULT_ARCHITECTURE
+  env['ARCHITECTURE'] = config.architecture
   # Do this so we don't fail in tests.
   env['FUZZER_ARGS'] = '-rss_limit_mb=2560 -timeout=25'
   return env
diff --git a/infra/cifuzz/build_fuzzers.py b/infra/cifuzz/build_fuzzers.py
@@ -80,7 +80,7 @@ def build_fuzzers(self):
     the fuzzers from that source code. Returns True on success."""
     docker_args, docker_container = docker.get_base_docker_run_args(
         self.workspace, self.config.sanitizer, self.config.language,
-        self.config.docker_in_docker)
+        self.config.architecture, self.config.docker_in_docker)
     if not docker_container:
       docker_args.extend(
           _get_docker_build_fuzzers_args_not_container(self.host_repo_path))

diff --git a/infra/cifuzz/config_utils.py b/infra/cifuzz/config_utils.py
@@ -31,7 +31,6 @@
 
 # TODO(metzman): Set these on config objects so there's one source of truth.
 DEFAULT_ENGINE = 'libfuzzer'
-DEFAULT_ARCHITECTURE = 'x86_64'
 
 # This module deals a lot with env variables. Many of these will be set by users
 # and others beyond CIFuzz's control. Thus, you should be careful about using
@@ -45,6 +44,10 @@ def _get_sanitizer():
   return os.getenv('SANITIZER', constants.DEFAULT_SANITIZER).lower()
 
 
+def _get_architecture():
+  return os.getenv('ARCHITECTURE', constants.DEFAULT_ARCHITECTURE).lower()
+
+
 def _is_dry_run():
   """Returns True if configured to do a dry run."""
   return environment.get_bool('DRY_RUN', False)
@@ -106,6 +109,7 @@ def __init__(self):
 
     self.dry_run = _is_dry_run()  # Check if failures should not be reported.
     self.sanitizer = _get_sanitizer()
+    self.architecture = _get_architecture()
     self.language = _get_language()
     self.low_disk_space = environment.get_bool('LOW_DISK_SPACE', False)
 
@@ -128,6 +132,7 @@ def validate(self):
     """Returns False if the configuration is invalid."""
     # Do validation here so that unittests don't need to make a fully-valid
     # config.
+    # pylint: disable=too-many-return-statements
     if not self.workspace:
       logging.error('Must set WORKSPACE.')
       return False
@@ -137,6 +142,16 @@ def validate(self):
                     self.sanitizer, SANITIZERS)
       return False
 
+    if self.architecture not in constants.ARCHITECTURES:
+      logging.error('Invalid ARCHITECTURE: %s. Must be one of: %s.',
+                    self.architecture, constants.ARCHITECTURES)
+      return False
+
+    if self.architecture == 'i386' and self.sanitizer != 'address':
+      logging.error(
+          'ARCHITECTURE=i386 can be used with SANITIZER=address only.')
+      return False
+
     if self.language not in constants.LANGUAGES:
       logging.error('Invalid LANGUAGE: %s. Must be one of: %s.', self.language,
                     constants.LANGUAGES)

diff --git a/infra/cifuzz/continuous_integration.py b/infra/cifuzz/continuous_integration.py
@@ -240,7 +240,7 @@ def _copy_repo_from_image(self, image_repo_path):
     bash_command = f'cp -r {image_repo_path} {host_repo_path}'
     docker_args, _ = docker.get_base_docker_run_args(
         self.workspace, self.config.sanitizer, self.config.language,
-        self.config.docker_in_docker)
+        self.config.architecture, self.config.docker_in_docker)
     docker_args.extend([
         docker.get_project_image_name(self.config.oss_fuzz_project_name),
         '/bin/bash', '-c', bash_command

diff --git a/infra/cifuzz/docker.py b/infra/cifuzz/docker.py
@@ -28,8 +28,7 @@
 
 # Default fuzz configuration.
 _DEFAULT_DOCKER_RUN_ARGS = [
-    '-e', 'FUZZING_ENGINE=' + constants.DEFAULT_ENGINE, '-e',
-    'ARCHITECTURE=' + constants.DEFAULT_ARCHITECTURE, '-e', 'CIFUZZ=True'
+    '-e', 'FUZZING_ENGINE=' + constants.DEFAULT_ENGINE, '-e', 'CIFUZZ=True'
 ]
 
 EXTERNAL_PROJECT_IMAGE = 'external-project'
@@ -70,12 +69,14 @@ def delete_images(images):
 def get_base_docker_run_args(workspace,
                              sanitizer=constants.DEFAULT_SANITIZER,
                              language=constants.DEFAULT_LANGUAGE,
+                             architecture=constants.DEFAULT_ARCHITECTURE,
                              docker_in_docker=False):
   """Returns arguments that should be passed to every invocation of 'docker
   run'."""
   docker_args = _DEFAULT_DOCKER_RUN_ARGS.copy()
   env_mapping = {
       'SANITIZER': sanitizer,
+      'ARCHITECTURE': architecture,
       'FUZZING_LANGUAGE': language,
       'OUT': workspace.out
   }
@@ -95,11 +96,16 @@ def get_base_docker_run_args(workspace,
 def get_base_docker_run_command(workspace,
                                 sanitizer=constants.DEFAULT_SANITIZER,
                                 language=constants.DEFAULT_LANGUAGE,
+                                architecture=constants.DEFAULT_ARCHITECTURE,
                                 docker_in_docker=False):
   """Returns part of the command that should be used everytime 'docker run' is
   invoked."""
   docker_args, docker_container = get_base_docker_run_args(
-      workspace, sanitizer, language, docker_in_docker=docker_in_docker)
+      workspace,
+      sanitizer,
+      language,
+      architecture,
+      docker_in_docker=docker_in_docker)
   command = _DEFAULT_DOCKER_RUN_COMMAND.copy() + docker_args
   return command, docker_container
 

diff --git a/infra/cifuzz/docker_test.py b/infra/cifuzz/docker_test.py
@@ -69,12 +69,12 @@ def test_get_base_docker_run_args_container(self, _):
         '-e',
         'FUZZING_ENGINE=libfuzzer',
         '-e',
-        'ARCHITECTURE=x86_64',
-        '-e',
         'CIFUZZ=True',
         '-e',
         f'SANITIZER={SANITIZER}',
         '-e',
+        'ARCHITECTURE=x86_64',
+        '-e',
         f'FUZZING_LANGUAGE={LANGUAGE}',
         '-e',
         f'OUT={WORKSPACE.out}',
@@ -91,8 +91,8 @@ def test_get_base_docker_run_args_no_container(self, _):
         WORKSPACE, SANITIZER, LANGUAGE)
     self.assertEqual(docker_container, None)
     expected_docker_args = [
-        '-e', 'FUZZING_ENGINE=libfuzzer', '-e', 'ARCHITECTURE=x86_64', '-e',
-        'CIFUZZ=True', '-e', f'SANITIZER={SANITIZER}', '-e',
+        '-e', 'FUZZING_ENGINE=libfuzzer', '-e', 'CIFUZZ=True', '-e',
+        f'SANITIZER={SANITIZER}', '-e', 'ARCHITECTURE=x86_64', '-e',
         f'FUZZING_LANGUAGE={LANGUAGE}', '-e', f'OUT={WORKSPACE.out}', '-v',
         f'{WORKSPACE.workspace}:{WORKSPACE.workspace}'
     ]
@@ -111,8 +111,8 @@ def test_get_base_docker_run_command_no_container(self, _):
     self.assertEqual(docker_container, None)
     expected_docker_command = [
         'docker', 'run', '--rm', '--privileged', '-e',
-        'FUZZING_ENGINE=libfuzzer', '-e', 'ARCHITECTURE=x86_64', '-e',
-        'CIFUZZ=True', '-e', f'SANITIZER={SANITIZER}', '-e',
+        'FUZZING_ENGINE=libfuzzer', '-e', 'CIFUZZ=True', '-e',
+        f'SANITIZER={SANITIZER}', '-e', 'ARCHITECTURE=x86_64', '-e',
         f'FUZZING_LANGUAGE={LANGUAGE}', '-e', f'OUT={WORKSPACE.out}', '-v',
         f'{WORKSPACE.workspace}:{WORKSPACE.workspace}'
     ]