Bug 1464202 - Improve and centralize libFuzzer flag management. r=froydnj
authorChristian Holler <choller@mozilla.com>
Thu, 24 May 2018 21:11:46 +0200
changeset 474665 e8eb0005b50cbcd82856604682d8dfceb7be1ab7
parent 474664 c2ac7dded317abfb28772626bd8368a217c5091f
child 474666 314e3ae1520f8e1b17e85982e8e2c515dced30a9
push id9374
push userjlund@mozilla.com
push dateMon, 18 Jun 2018 21:43:20 +0000
treeherdermozilla-beta@160e085dfb0b [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersfroydnj
bugs1464202
milestone62.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1464202 - Improve and centralize libFuzzer flag management. r=froydnj MozReview-Commit-ID: HFrQDAZWtpo
build/gyp.mozbuild
build/moz.configure/toolchain.configure
image/moz.build
js/src/fuzz-tests/moz.build
js/src/moz.build
media/mtransport/build/moz.build
media/mtransport/fuzztest/moz.build
media/mtransport/moz.build
media/mtransport/third_party/nICEr/nicer.gyp
media/webrtc/moz.build
media/webrtc/signaling/fuzztest/moz.build
media/webrtc/signaling/src/sdp/moz.build
tools/fuzzing/libfuzzer-config.mozbuild
tools/fuzzing/libfuzzer-flags.mozbuild
--- a/build/gyp.mozbuild
+++ b/build/gyp.mozbuild
@@ -7,16 +7,17 @@
 include('gyp_base.mozbuild')
 
 gyp_vars.update({
     'lsan': 0,
     'asan': 0,
     'ubsan' : 0,
     'fuzzing' : 1 if CONFIG['FUZZING'] else 0,
     'libfuzzer' : 1 if CONFIG['LIBFUZZER'] else 0,
+    'libfuzzer_fuzzer_no_link_flag' : 1 if CONFIG['HAVE_LIBFUZZER_FLAG_FUZZER_NO_LINK'] else 0,
     'build_with_mozilla': 1,
     'build_with_chromium': 0,
     # 10.9 once we move to TC cross-compiles - bug 1270217
     'mac_sdk_min': '10.7',
     'mac_deployment_target': '10.7',
     'use_official_google_api_keys': 0,
     'have_clock_monotonic': 1 if CONFIG['HAVE_CLOCK_MONOTONIC'] else 0,
     'have_ethtool_cmd_speed_hi': 1 if CONFIG['MOZ_WEBRTC_HAVE_ETHTOOL_SPEED_HI'] else 0,
--- a/build/moz.configure/toolchain.configure
+++ b/build/moz.configure/toolchain.configure
@@ -1619,8 +1619,18 @@ def libstdcxx_version(var, compiler):
 
 
 add_gcc_flag(
     '-D_GLIBCXX_USE_CXX11_ABI=0', cxx_compiler,
     when=libstdcxx_version('MOZ_LIBSTDCXX_TARGET_VERSION', cxx_compiler))
 add_gcc_flag(
     '-D_GLIBCXX_USE_CXX11_ABI=0', host_cxx_compiler,
     when=libstdcxx_version('MOZ_LIBSTDCXX_HOST_VERSION', host_cxx_compiler))
+
+
+@depends(c_compiler.try_compile(flags=['-fsanitize=fuzzer-no-link'],
+         check_msg='whether the C compiler supports -fsanitize=fuzzer-no-link'))
+def have_libfuzzer_flag_fuzzer_no_link(value):
+    if value:
+        return True
+
+
+set_config('HAVE_LIBFUZZER_FLAG_FUZZER_NO_LINK', have_libfuzzer_flag_fuzzer_no_link)
--- a/image/moz.build
+++ b/image/moz.build
@@ -112,13 +112,10 @@ LOCAL_INCLUDES += [
 # Because imgFrame.cpp includes "cairo.h"
 CXXFLAGS += CONFIG['MOZ_CAIRO_CFLAGS']
 
 LOCAL_INCLUDES += CONFIG['SKIA_INCLUDES']
 
 if CONFIG['CC_TYPE'] in ('clang', 'gcc'):
     CXXFLAGS += ['-Wno-error=shadow']
 
-if CONFIG['FUZZING']:
-    if CONFIG['LIBFUZZER']:
-        # Add trace-pc coverage for libfuzzer
-        CFLAGS += ['-fsanitize-coverage=trace-pc-guard']
-        CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard']
+# Add libFuzzer configuration directives
+include('/tools/fuzzing/libfuzzer-config.mozbuild')
--- a/js/src/fuzz-tests/moz.build
+++ b/js/src/fuzz-tests/moz.build
@@ -29,19 +29,18 @@ if CONFIG['FUZZING']:
         'static:fuzzer-registry',
     ]
 
 if CONFIG['LIBFUZZER']:
     USE_LIBS += [
         'static:fuzzer',
     ]
 
-    # Add trace-pc coverage for libfuzzer
-    CFLAGS += ['-fsanitize-coverage=trace-pc-guard']
-    CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard']
+    # Add libFuzzer configuration directives
+    include('/tools/fuzzing/libfuzzer-config.mozbuild')
 
 USE_LIBS += [
     'static:js',
 ]
 
 if CONFIG['MOZ_NEEDS_LIBATOMIC']:
     OS_LIBS += ['atomic']
 
--- a/js/src/moz.build
+++ b/js/src/moz.build
@@ -54,26 +54,25 @@ if CONFIG['FUZZING_INTERFACES']:
     ]
 
 if CONFIG['FUZZING_INTERFACES'] and CONFIG['LIBFUZZER']:
     # In addition to regular coverage provided by trace-pc-guard,
     # LibFuzzer can use trace-cmp to instrument various compare instructions.
     # Only use this feature on source files that do a lot of constant
     # comparisons that would otherwise be hard to guess by LibFuzzer,
     # as it comes with a larger overhead (requires -use_value_profile=1).
-    libfuzzer_flags = ['-fsanitize-coverage=trace-pc-guard']
-    libfuzzer_flags_cmp = ['-fsanitize-coverage=trace-pc-guard', '-fsanitize-coverage=trace-cmp']
+    include('/tools/fuzzing/libfuzzer-flags.mozbuild')
 
     # Any files that are targeted by LibFuzzer should be added here so they can
     # be built with the necessary instrumentation flags, rather than just building
     # the whole JS engine with instrumentation, to reduce the amount of noise.
     SOURCES += [
         'vm/StructuredClone.cpp',
     ]
-    SOURCES['vm/StructuredClone.cpp'].flags += libfuzzer_flags_cmp
+    SOURCES['vm/StructuredClone.cpp'].flags += libfuzzer_flags
 else:
     UNIFIED_SOURCES += [
         'vm/StructuredClone.cpp',
     ]
 
 CONFIGURE_SUBST_FILES += [
     'devtools/rootAnalysis/Makefile',
 ]
@@ -713,19 +712,19 @@ if CONFIG['JS_BUILD_BINAST']:
         'frontend/BinSource.cpp',
         'frontend/BinToken.cpp',
         'frontend/BinTokenReaderBase.cpp',
         'frontend/BinTokenReaderMultipart.cpp',
     ]
 
     # Instrument BinAST files for fuzzing as we have a fuzzing target for BinAST.
     if CONFIG['FUZZING_INTERFACES'] and CONFIG['LIBFUZZER']:
-        SOURCES['frontend/BinSource.cpp'].flags += libfuzzer_flags_cmp
-        SOURCES['frontend/BinToken.cpp'].flags += libfuzzer_flags_cmp
-        SOURCES['frontend/BinTokenReaderTester.cpp'].flags += libfuzzer_flags_cmp
+        SOURCES['frontend/BinSource.cpp'].flags += libfuzzer_flags
+        SOURCES['frontend/BinToken.cpp'].flags += libfuzzer_flags
+        SOURCES['frontend/BinTokenReaderTester.cpp'].flags += libfuzzer_flags
 
 # Wasm code should use WASM_HUGE_MEMORY instead of JS_CODEGEN_X64
 # so that it is easy to use the huge-mapping optimization for other
 # 64-bit platforms in the future.
 
 if CONFIG['JS_CODEGEN_X64'] or CONFIG['JS_CODEGEN_ARM64']:
     DEFINES['WASM_HUGE_MEMORY'] = True
 
--- a/media/mtransport/build/moz.build
+++ b/media/mtransport/build/moz.build
@@ -23,20 +23,17 @@ EXPORTS.mtransport += [
     '../transportlayerdtls.h',
     '../transportlayerice.h',
     '../transportlayerlog.h',
     '../transportlayerloopback.h',
 ]
 
 include('../common.build')
 
-if CONFIG['FUZZING']:
-    if CONFIG['LIBFUZZER']:
-        # Add trace-pc coverage for LibFuzzer
-        CFLAGS += ['-fsanitize-coverage=trace-pc-guard']
-        CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard']
+# Add libFuzzer configuration directives
+include('/tools/fuzzing/libfuzzer-config.mozbuild')
 
 # These files cannot be built in unified mode because of the redefinition of
 # getLogModule, UNIMPLEMENTED, nr_socket_long_term_violation_time,
 # nr_socket_short_term_violation_time.
 SOURCES += mtransport_cppsrcs
 
 FINAL_LIBRARY = 'xul'
--- a/media/mtransport/fuzztest/moz.build
+++ b/media/mtransport/fuzztest/moz.build
@@ -17,19 +17,16 @@ LOCAL_INCLUDES += [
   '/media/mtransport/third_party/nrappkit/src/log',
   '/media/mtransport/third_party/nrappkit/src/plugin',
   '/media/mtransport/third_party/nrappkit/src/port/darwin/include',
   '/media/mtransport/third_party/nrappkit/src/share',
   '/media/mtransport/third_party/nrappkit/src/stats',
   '/media/mtransport/third_party/nrappkit/src/util/libekr',
 ]
 
-if CONFIG['FUZZING']:
-    if CONFIG['LIBFUZZER']:
-        # Add trace-pc coverage for LibFuzzer
-        CFLAGS += ['-fsanitize-coverage=trace-pc-guard']
-        CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard']
+# Add libFuzzer configuration directives
+include('/tools/fuzzing/libfuzzer-config.mozbuild')
 
 SOURCES += [
     'stun_parser_libfuzz.cpp',
 ]
 
 FINAL_LIBRARY = 'xul-gtest'
--- a/media/mtransport/moz.build
+++ b/media/mtransport/moz.build
@@ -10,18 +10,15 @@ with Files("**"):
 include("/ipc/chromium/chromium-config.mozbuild")
 
 DIRS += [
     '/media/mtransport/third_party',
     '/media/mtransport/build',
     '/media/mtransport/ipc',
 ]
 
-if CONFIG['FUZZING']:
-    if CONFIG['LIBFUZZER']:
-        # Add trace-pc coverage for LibFuzzer
-        CFLAGS += ['-fsanitize-coverage=trace-pc-guard']
-        CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard']
+# Add libFuzzer configuration directives
+include('/tools/fuzzing/libfuzzer-config.mozbuild')
 
-    if CONFIG['FUZZING_INTERFACES']:
-        TEST_DIRS += [
-            'fuzztest'
-        ]
+if CONFIG['FUZZING_INTERFACES']:
+    TEST_DIRS += [
+        'fuzztest'
+    ]
--- a/media/mtransport/third_party/nICEr/nicer.gyp
+++ b/media/mtransport/third_party/nICEr/nicer.gyp
@@ -234,17 +234,22 @@
                  'sources': [
                  ],
              }],
              ['have_ethtool_cmd_speed_hi==0', {
                'defines': [
                   "DONT_HAVE_ETHTOOL_SPEED_HI",
                ]
              }],
-        ['libfuzzer == 1', {
+        ['(libfuzzer == 1) and (libfuzzer_fuzzer_no_link_flag == 1)', {
           'cflags_mozilla': [
-            '-fsanitize-coverage=trace-pc-guard',
+            '-fsanitize=fuzzer-no-link'
+         ],
+        }],
+        ['(libfuzzer == 1) and (libfuzzer_fuzzer_no_link_flag == 0)', {
+          'cflags_mozilla': [
+            '-fsanitize-coverage=trace-pc-guard,trace-cmp'
          ],
         }],
           ],
       }]
 }
 
--- a/media/webrtc/moz.build
+++ b/media/webrtc/moz.build
@@ -108,18 +108,14 @@ if CONFIG['MOZ_WEBRTC_SIGNALING']:
             ]
 
     if CONFIG['ENABLE_TESTS']:
         TEST_DIRS += [
             'signaling/gtest',
             'trunk/gtest',
         ]
 
-    if CONFIG['FUZZING']:
-        if CONFIG['LIBFUZZER']:
-            # Add trace-pc coverage for LibFuzzer
-            CFLAGS += ['-fsanitize-coverage=trace-pc-guard']
-            CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard']
-
-        if CONFIG['FUZZING_INTERFACES']:
-            TEST_DIRS += [
-                'signaling/fuzztest'
-            ]
+    # Add libFuzzer configuration directives
+    include('/tools/fuzzing/libfuzzer-config.mozbuild')
+    if CONFIG['FUZZING_INTERFACES']:
+        TEST_DIRS += [
+            'signaling/fuzztest'
+        ]
--- a/media/webrtc/signaling/fuzztest/moz.build
+++ b/media/webrtc/signaling/fuzztest/moz.build
@@ -9,19 +9,16 @@ Library('FuzzingSdp')
 LOCAL_INCLUDES += [
   '/ipc/chromium/src',
   '/media/mtransport',
   '/media/webrtc/',
   '/media/webrtc/signaling/src/common/time_profiling',
   '/media/webrtc/signaling/src/peerconnection',
 ]
 
-if CONFIG['FUZZING']:
-    if CONFIG['LIBFUZZER']:
-        # Add trace-pc coverage and trace-cmp for LibFuzzer
-        CFLAGS += ['-fsanitize-coverage=trace-pc-guard', '-fsanitize-coverage=trace-cmp']
-        CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard', '-fsanitize-coverage=trace-cmp']
+# Add libFuzzer configuration directives
+include('/tools/fuzzing/libfuzzer-config.mozbuild')
 
 SOURCES += [
     'sdp_parser_libfuzz.cpp',
 ]
 
 FINAL_LIBRARY = 'xul-gtest'
--- a/media/webrtc/signaling/src/sdp/moz.build
+++ b/media/webrtc/signaling/src/sdp/moz.build
@@ -14,21 +14,18 @@ elif CONFIG['OS_TARGET'] == 'Darwin':
         'sipcc/sdp_services_unix.c',
     ]
 else:
     DEFINES['SIP_OS_LINUX'] = True
     SOURCES += [
         'sipcc/sdp_services_unix.c',
     ]
 
-if CONFIG['FUZZING']:
-    if CONFIG['LIBFUZZER']:
-        # Add trace-pc coverage and trace-cmp for LibFuzzer
-        CFLAGS += ['-fsanitize-coverage=trace-pc-guard', '-fsanitize-coverage=trace-cmp']
-        CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard', '-fsanitize-coverage=trace-cmp']
+# Add libFuzzer configuration directives
+include('/tools/fuzzing/libfuzzer-config.mozbuild')
 
 LOCAL_INCLUDES += [
     '/media/mtransport',
     '/media/webrtc',
     '/media/webrtc/signaling/src/common/browser_logging',
     '/media/webrtc/trunk',
 ]
 
new file mode 100644
--- /dev/null
+++ b/tools/fuzzing/libfuzzer-config.mozbuild
@@ -0,0 +1,13 @@
+# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include('libfuzzer-flags.mozbuild')
+
+if CONFIG['FUZZING']:
+    if CONFIG['LIBFUZZER']:
+        # Add trace-pc coverage for libfuzzer
+        CFLAGS += libfuzzer_flags
+        CXXFLAGS += libfuzzer_flags
new file mode 100644
--- /dev/null
+++ b/tools/fuzzing/libfuzzer-flags.mozbuild
@@ -0,0 +1,13 @@
+# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+libfuzzer_flags = []
+
+if CONFIG['HAVE_LIBFUZZER_FLAG_FUZZER_NO_LINK']:
+    libfuzzer_flags += ['-fsanitize=fuzzer-no-link']
+else:
+    # Older Clang versions (<= 5) only support an older set of libFuzzer flags
+    libfuzzer_flags += ['-fsanitize-coverage=trace-pc-guard,trace-cmp']