Bug 1464202 - Improve and centralize libFuzzer flag management. r?froydnj
MozReview-Commit-ID: HFrQDAZWtpo
--- a/build/gyp.mozbuild
+++ b/build/gyp.mozbuild
@@ -7,16 +7,17 @@
include('gyp_base.mozbuild')
gyp_vars.update({
'lsan': 0,
'asan': 0,
'ubsan' : 0,
'fuzzing' : 1 if CONFIG['FUZZING'] else 0,
'libfuzzer' : 1 if CONFIG['LIBFUZZER'] else 0,
+ 'libfuzzer_fuzzer_no_link_flag' : 1 if CONFIG['HAVE_LIBFUZZER_FLAG_FUZZER_NO_LINK'] else 0,
'build_with_mozilla': 1,
'build_with_chromium': 0,
# 10.9 once we move to TC cross-compiles - bug 1270217
'mac_sdk_min': '10.7',
'mac_deployment_target': '10.7',
'use_official_google_api_keys': 0,
'have_clock_monotonic': 1 if CONFIG['HAVE_CLOCK_MONOTONIC'] else 0,
'have_ethtool_cmd_speed_hi': 1 if CONFIG['MOZ_WEBRTC_HAVE_ETHTOOL_SPEED_HI'] else 0,
--- a/build/moz.configure/toolchain.configure
+++ b/build/moz.configure/toolchain.configure
@@ -1619,8 +1619,18 @@ def libstdcxx_version(var, compiler):
add_gcc_flag(
'-D_GLIBCXX_USE_CXX11_ABI=0', cxx_compiler,
when=libstdcxx_version('MOZ_LIBSTDCXX_TARGET_VERSION', cxx_compiler))
add_gcc_flag(
'-D_GLIBCXX_USE_CXX11_ABI=0', host_cxx_compiler,
when=libstdcxx_version('MOZ_LIBSTDCXX_HOST_VERSION', host_cxx_compiler))
+
+
+@depends(c_compiler.try_compile(flags=['-fsanitize=fuzzer-no-link'],
+ check_msg='whether the C compiler supports -fsanitize=fuzzer-no-link'))
+def have_libfuzzer_flag_fuzzer_no_link(value):
+ if value:
+ return True
+
+
+set_config('HAVE_LIBFUZZER_FLAG_FUZZER_NO_LINK', have_libfuzzer_flag_fuzzer_no_link)
--- a/image/moz.build
+++ b/image/moz.build
@@ -112,13 +112,10 @@ LOCAL_INCLUDES += [
# Because imgFrame.cpp includes "cairo.h"
CXXFLAGS += CONFIG['MOZ_CAIRO_CFLAGS']
LOCAL_INCLUDES += CONFIG['SKIA_INCLUDES']
if CONFIG['CC_TYPE'] in ('clang', 'gcc'):
CXXFLAGS += ['-Wno-error=shadow']
-if CONFIG['FUZZING']:
- if CONFIG['LIBFUZZER']:
- # Add trace-pc coverage for libfuzzer
- CFLAGS += ['-fsanitize-coverage=trace-pc-guard']
- CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard']
+# Add libFuzzer configuration directives
+include('/tools/fuzzing/libfuzzer-config.mozbuild')
--- a/js/src/fuzz-tests/moz.build
+++ b/js/src/fuzz-tests/moz.build
@@ -29,19 +29,18 @@ if CONFIG['FUZZING']:
'static:fuzzer-registry',
]
if CONFIG['LIBFUZZER']:
USE_LIBS += [
'static:fuzzer',
]
- # Add trace-pc coverage for libfuzzer
- CFLAGS += ['-fsanitize-coverage=trace-pc-guard']
- CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard']
+ # Add libFuzzer configuration directives
+ include('/tools/fuzzing/libfuzzer-config.mozbuild')
USE_LIBS += [
'static:js',
]
if CONFIG['MOZ_NEEDS_LIBATOMIC']:
OS_LIBS += ['atomic']
--- a/js/src/moz.build
+++ b/js/src/moz.build
@@ -54,26 +54,25 @@ if CONFIG['FUZZING_INTERFACES']:
]
if CONFIG['FUZZING_INTERFACES'] and CONFIG['LIBFUZZER']:
# In addition to regular coverage provided by trace-pc-guard,
# LibFuzzer can use trace-cmp to instrument various compare instructions.
# Only use this feature on source files that do a lot of constant
# comparisons that would otherwise be hard to guess by LibFuzzer,
# as it comes with a larger overhead (requires -use_value_profile=1).
- libfuzzer_flags = ['-fsanitize-coverage=trace-pc-guard']
- libfuzzer_flags_cmp = ['-fsanitize-coverage=trace-pc-guard', '-fsanitize-coverage=trace-cmp']
+ include('/tools/fuzzing/libfuzzer-flags.mozbuild')
# Any files that are targeted by LibFuzzer should be added here so they can
# be built with the necessary instrumentation flags, rather than just building
# the whole JS engine with instrumentation, to reduce the amount of noise.
SOURCES += [
'vm/StructuredClone.cpp',
]
- SOURCES['vm/StructuredClone.cpp'].flags += libfuzzer_flags_cmp
+ SOURCES['vm/StructuredClone.cpp'].flags += libfuzzer_flags
else:
UNIFIED_SOURCES += [
'vm/StructuredClone.cpp',
]
CONFIGURE_SUBST_FILES += [
'devtools/rootAnalysis/Makefile',
]
@@ -714,19 +713,19 @@ if CONFIG['JS_BUILD_BINAST']:
'frontend/BinSource.cpp',
'frontend/BinToken.cpp',
'frontend/BinTokenReaderBase.cpp',
'frontend/BinTokenReaderMultipart.cpp',
]
# Instrument BinAST files for fuzzing as we have a fuzzing target for BinAST.
if CONFIG['FUZZING_INTERFACES'] and CONFIG['LIBFUZZER']:
- SOURCES['frontend/BinSource.cpp'].flags += libfuzzer_flags_cmp
- SOURCES['frontend/BinToken.cpp'].flags += libfuzzer_flags_cmp
- SOURCES['frontend/BinTokenReaderTester.cpp'].flags += libfuzzer_flags_cmp
+ SOURCES['frontend/BinSource.cpp'].flags += libfuzzer_flags
+ SOURCES['frontend/BinToken.cpp'].flags += libfuzzer_flags
+ SOURCES['frontend/BinTokenReaderTester.cpp'].flags += libfuzzer_flags
# Wasm code should use WASM_HUGE_MEMORY instead of JS_CODEGEN_X64
# so that it is easy to use the huge-mapping optimization for other
# 64-bit platforms in the future.
if CONFIG['JS_CODEGEN_X64'] or CONFIG['JS_CODEGEN_ARM64']:
DEFINES['WASM_HUGE_MEMORY'] = True
--- a/media/mtransport/build/moz.build
+++ b/media/mtransport/build/moz.build
@@ -23,20 +23,17 @@ EXPORTS.mtransport += [
'../transportlayerdtls.h',
'../transportlayerice.h',
'../transportlayerlog.h',
'../transportlayerloopback.h',
]
include('../common.build')
-if CONFIG['FUZZING']:
- if CONFIG['LIBFUZZER']:
- # Add trace-pc coverage for LibFuzzer
- CFLAGS += ['-fsanitize-coverage=trace-pc-guard']
- CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard']
+# Add libFuzzer configuration directives
+include('/tools/fuzzing/libfuzzer-config.mozbuild')
# These files cannot be built in unified mode because of the redefinition of
# getLogModule, UNIMPLEMENTED, nr_socket_long_term_violation_time,
# nr_socket_short_term_violation_time.
SOURCES += mtransport_cppsrcs
FINAL_LIBRARY = 'xul'
--- a/media/mtransport/fuzztest/moz.build
+++ b/media/mtransport/fuzztest/moz.build
@@ -17,19 +17,16 @@ LOCAL_INCLUDES += [
'/media/mtransport/third_party/nrappkit/src/log',
'/media/mtransport/third_party/nrappkit/src/plugin',
'/media/mtransport/third_party/nrappkit/src/port/darwin/include',
'/media/mtransport/third_party/nrappkit/src/share',
'/media/mtransport/third_party/nrappkit/src/stats',
'/media/mtransport/third_party/nrappkit/src/util/libekr',
]
-if CONFIG['FUZZING']:
- if CONFIG['LIBFUZZER']:
- # Add trace-pc coverage for LibFuzzer
- CFLAGS += ['-fsanitize-coverage=trace-pc-guard']
- CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard']
+# Add libFuzzer configuration directives
+include('/tools/fuzzing/libfuzzer-config.mozbuild')
SOURCES += [
'stun_parser_libfuzz.cpp',
]
FINAL_LIBRARY = 'xul-gtest'
--- a/media/mtransport/moz.build
+++ b/media/mtransport/moz.build
@@ -10,18 +10,15 @@ with Files("**"):
include("/ipc/chromium/chromium-config.mozbuild")
DIRS += [
'/media/mtransport/third_party',
'/media/mtransport/build',
'/media/mtransport/ipc',
]
-if CONFIG['FUZZING']:
- if CONFIG['LIBFUZZER']:
- # Add trace-pc coverage for LibFuzzer
- CFLAGS += ['-fsanitize-coverage=trace-pc-guard']
- CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard']
+# Add libFuzzer configuration directives
+include('/tools/fuzzing/libfuzzer-config.mozbuild')
- if CONFIG['FUZZING_INTERFACES']:
- TEST_DIRS += [
- 'fuzztest'
- ]
+if CONFIG['FUZZING_INTERFACES']:
+ TEST_DIRS += [
+ 'fuzztest'
+ ]
--- a/media/mtransport/third_party/nICEr/nicer.gyp
+++ b/media/mtransport/third_party/nICEr/nicer.gyp
@@ -234,17 +234,22 @@
'sources': [
],
}],
['have_ethtool_cmd_speed_hi==0', {
'defines': [
"DONT_HAVE_ETHTOOL_SPEED_HI",
]
}],
- ['libfuzzer == 1', {
+ ['(libfuzzer == 1) and (libfuzzer_fuzzer_no_link_flag == 1)', {
'cflags_mozilla': [
- '-fsanitize-coverage=trace-pc-guard',
+ '-fsanitize=fuzzer-no-link'
+ ],
+ }],
+ ['(libfuzzer == 1) and (libfuzzer_fuzzer_no_link_flag == 0)', {
+ 'cflags_mozilla': [
+ '-fsanitize-coverage=trace-pc-guard,trace-cmp'
],
}],
],
}]
}
--- a/media/webrtc/moz.build
+++ b/media/webrtc/moz.build
@@ -108,18 +108,14 @@ if CONFIG['MOZ_WEBRTC_SIGNALING']:
]
if CONFIG['ENABLE_TESTS']:
TEST_DIRS += [
'signaling/gtest',
'trunk/gtest',
]
- if CONFIG['FUZZING']:
- if CONFIG['LIBFUZZER']:
- # Add trace-pc coverage for LibFuzzer
- CFLAGS += ['-fsanitize-coverage=trace-pc-guard']
- CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard']
-
- if CONFIG['FUZZING_INTERFACES']:
- TEST_DIRS += [
- 'signaling/fuzztest'
- ]
+ # Add libFuzzer configuration directives
+ include('/tools/fuzzing/libfuzzer-config.mozbuild')
+ if CONFIG['FUZZING_INTERFACES']:
+ TEST_DIRS += [
+ 'signaling/fuzztest'
+ ]
--- a/media/webrtc/signaling/fuzztest/moz.build
+++ b/media/webrtc/signaling/fuzztest/moz.build
@@ -9,19 +9,16 @@ Library('FuzzingSdp')
LOCAL_INCLUDES += [
'/ipc/chromium/src',
'/media/mtransport',
'/media/webrtc/',
'/media/webrtc/signaling/src/common/time_profiling',
'/media/webrtc/signaling/src/peerconnection',
]
-if CONFIG['FUZZING']:
- if CONFIG['LIBFUZZER']:
- # Add trace-pc coverage and trace-cmp for LibFuzzer
- CFLAGS += ['-fsanitize-coverage=trace-pc-guard', '-fsanitize-coverage=trace-cmp']
- CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard', '-fsanitize-coverage=trace-cmp']
+# Add libFuzzer configuration directives
+include('/tools/fuzzing/libfuzzer-config.mozbuild')
SOURCES += [
'sdp_parser_libfuzz.cpp',
]
FINAL_LIBRARY = 'xul-gtest'
--- a/media/webrtc/signaling/src/sdp/moz.build
+++ b/media/webrtc/signaling/src/sdp/moz.build
@@ -14,21 +14,18 @@ elif CONFIG['OS_TARGET'] == 'Darwin':
'sipcc/sdp_services_unix.c',
]
else:
DEFINES['SIP_OS_LINUX'] = True
SOURCES += [
'sipcc/sdp_services_unix.c',
]
-if CONFIG['FUZZING']:
- if CONFIG['LIBFUZZER']:
- # Add trace-pc coverage and trace-cmp for LibFuzzer
- CFLAGS += ['-fsanitize-coverage=trace-pc-guard', '-fsanitize-coverage=trace-cmp']
- CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard', '-fsanitize-coverage=trace-cmp']
+# Add libFuzzer configuration directives
+include('/tools/fuzzing/libfuzzer-config.mozbuild')
LOCAL_INCLUDES += [
'/media/mtransport',
'/media/webrtc',
'/media/webrtc/signaling/src/common/browser_logging',
'/media/webrtc/trunk',
]
new file mode 100644
--- /dev/null
+++ b/tools/fuzzing/libfuzzer-config.mozbuild
@@ -0,0 +1,13 @@
+# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include('libfuzzer-flags.mozbuild')
+
+if CONFIG['FUZZING']:
+ if CONFIG['LIBFUZZER']:
+ # Add trace-pc coverage for libfuzzer
+ CFLAGS += libfuzzer_flags
+ CXXFLAGS += libfuzzer_flags
new file mode 100644
--- /dev/null
+++ b/tools/fuzzing/libfuzzer-flags.mozbuild
@@ -0,0 +1,13 @@
+# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+libfuzzer_flags = []
+
+if CONFIG['HAVE_LIBFUZZER_FLAG_FUZZER_NO_LINK']:
+ libfuzzer_flags += ['-fsanitize=fuzzer-no-link']
+else:
+ # Older Clang versions (<= 5) only support an older set of libFuzzer flags
+ libfuzzer_flags += ['-fsanitize-coverage=trace-pc-guard,trace-cmp']
