-
Notifications
You must be signed in to change notification settings - Fork 20
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Reimplement fuzzing instrumentation using Bazel transitions. (#86)
* Reimplement fuzzing instrumentation using Bazel transitions. This approach eliminates the need for inlining the instrumentation options in the bazelrc file and simplifies the adoption of the rules. * Updated the documentation, too. * Fix tagging issues with the new rule separation. * Updated again the documentation. * Fixed CI tests. * Revamped the presubmit tests to include richer smoke testing behavior. * Installing Honggfuzz deps in the smoke test workflow. * Exclude some MSAN smoke tests. * Added code documentation for the cc_engine_sanitizer values. * Address reviewer comments. * Make buildifier happy. * Rename msan-repro sanitizer option to msan-origin-tracking.
- Loading branch information
1 parent
8cc9b29
commit e03b32a
Showing
10 changed files
with
335 additions
and
49 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
# Copyright 2020 Google LLC | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# https://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
"""Fuzz test instrumentation options. | ||
Each fuzzing engine or sanitizer instrumentation recognized by the | ||
//fuzzing:cc_engine_instrumentation and //fuzzing:cc_engine_sanitizer | ||
configuration flag should be defined here. | ||
""" | ||
|
||
def _is_string_list(value): | ||
if type(value) != type([]): | ||
return False | ||
if any([type(element) != type("") for element in value]): | ||
return False | ||
return True | ||
|
||
def instrumentation_opts(copts = [], linkopts = []): | ||
"""Creates new instrumentation options. | ||
The struct fields mirror the argument names of this function. | ||
Args: | ||
copts: A list of compilation options to pass as `--copt` | ||
configuration flags. | ||
linkopts: A list of linker options to pass as `--linkopt` | ||
configuration flags. | ||
Returns: | ||
A struct with the given instrumentation options. | ||
""" | ||
if not _is_string_list(copts): | ||
fail("copts should be a list of strings") | ||
if not _is_string_list(linkopts): | ||
fail("linkopts should be a list of strings") | ||
return struct( | ||
copts = copts, | ||
linkopts = linkopts, | ||
) | ||
|
||
# Base instrumentation applied to all fuzz test executables. | ||
base_opts = instrumentation_opts( | ||
copts = ["-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION"], | ||
linkopts = [], | ||
) | ||
|
||
# Engine-specific instrumentation. | ||
fuzzing_engine_opts = { | ||
"none": instrumentation_opts(), | ||
"libfuzzer": instrumentation_opts( | ||
copts = ["-fsanitize=fuzzer"], | ||
linkopts = ["-fsanitize=fuzzer"], | ||
), | ||
# Reflects the set of options at | ||
# https://github.com/google/honggfuzz/blob/master/hfuzz_cc/hfuzz-cc.c | ||
"honggfuzz": instrumentation_opts( | ||
copts = [ | ||
"-mllvm", | ||
"-inline-threshold=2000", | ||
"-fno-builtin", | ||
"-fno-omit-frame-pointer", | ||
"-D__NO_STRING_INLINES", | ||
"-fsanitize-coverage=trace-pc-guard,trace-cmp,trace-div,indirect-calls", | ||
"-fno-sanitize=fuzzer", | ||
], | ||
linkopts = [ | ||
"-fno-sanitize=fuzzer", | ||
], | ||
), | ||
} | ||
|
||
# Sanitizer-specific instrumentation. | ||
sanitizer_opts = { | ||
"none": instrumentation_opts(), | ||
"asan": instrumentation_opts( | ||
copts = ["-fsanitize=address"], | ||
linkopts = ["-fsanitize=address"], | ||
), | ||
"msan": instrumentation_opts( | ||
copts = ["-fsanitize=memory"], | ||
linkopts = ["-fsanitize=memory"], | ||
), | ||
"msan-origin-tracking": instrumentation_opts( | ||
copts = [ | ||
"-fsanitize=memory", | ||
"-fsanitize-memory-track-origins=2", | ||
], | ||
linkopts = ["-fsanitize=memory"], | ||
), | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -22,4 +22,5 @@ exports_files([ | |
"common.bzl", | ||
"engine.bzl", | ||
"fuzz_test.bzl", | ||
"instrument.bzl", | ||
]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.