From 74b32b8dfcd5fdab7348d473635b056aea484add Mon Sep 17 00:00:00 2001 From: Ivan Krasin Date: Fri, 18 Sep 2015 11:54:43 -0700 Subject: [PATCH] Add support of SANITIZE_TARGET='address coverage' for fuzzing. Also, add trace-cmp instrumentation to fuzz_test and host_fuzz_test. Bug: 22850550 Change-Id: Ifff7b8be693ae991feb0a64e19439370a19b2748 --- core/Makefile | 6 +++--- core/config_sanitizers.mk | 8 ++++++++ core/envsetup.mk | 4 ++-- core/executable.mk | 2 +- core/fuzz_test.mk | 2 +- core/host_fuzz_test.mk | 2 +- 6 files changed, 16 insertions(+), 8 deletions(-) diff --git a/core/Makefile b/core/Makefile index 9ded53b41..dfacf2892 100644 --- a/core/Makefile +++ b/core/Makefile @@ -1383,7 +1383,7 @@ built_ota_tools := \ $(call intermediates-dir-for,EXECUTABLES,sqlite3,,,$(TARGET_PREFER_32_BIT))/sqlite3 # We can't build static executables when SANITIZE_TARGET=address -ifneq (address,$(SANITIZE_TARGET)) +ifeq ($(strip $(SANITIZE_TARGET)),) built_ota_tools += \ $(call intermediates-dir-for,EXECUTABLES,check_prereq,,,$(TARGET_PREFER_32_BIT))/check_prereq \ $(call intermediates-dir-for,EXECUTABLES,applypatch_static,,,$(TARGET_PREFER_32_BIT))/applypatch_static \ @@ -1526,7 +1526,7 @@ ifneq ($(OEM_THUMBPRINT_PROPERTIES),) # OTA scripts are only interested in fingerprint related properties $(hide) echo "oem_fingerprint_properties=$(OEM_THUMBPRINT_PROPERTIES)" >> $(zip_root)/META/misc_info.txt endif -ifeq ($(SANITIZE_TARGET),address) +ifneq ($(strip $(SANITIZE_TARGET)),) # We need to create userdata.img with real data because the instrumented libraries are in userdata.img. $(hide) echo "userdata_img_with_data=true" >> $(zip_root)/META/misc_info.txt endif @@ -1565,7 +1565,7 @@ build_ota_package := true ifeq ($(BUILD_OS),darwin) build_ota_package := false endif -ifeq ($(SANITIZE_TARGET),address) +ifneq ($(strip $(SANITIZE_TARGET)),) build_ota_package := false endif ifeq ($(TARGET_PRODUCT),sdk) diff --git a/core/config_sanitizers.mk b/core/config_sanitizers.mk index 1efc9324c..718933854 100644 --- a/core/config_sanitizers.mk +++ b/core/config_sanitizers.mk @@ -75,6 +75,14 @@ ifneq ($(filter default-ub,$(my_sanitize)),) my_sanitize := $(CLANG_DEFAULT_UB_CHECKS) endif +ifneq ($(filter coverage,$(my_sanitize)),) + ifeq ($(filter address,$(my_sanitize)),) + $(error $(LOCAL_PATH): $(LOCAL_MODULE): Use of 'coverage' also requires 'address') + endif + my_cflags += -fsanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp + my_sanitize := $(filter-out coverage,$(my_sanitize)) +endif + ifneq ($(my_sanitize),) fsanitize_arg := $(subst $(space),$(comma),$(my_sanitize)), my_cflags += -fsanitize=$(fsanitize_arg) diff --git a/core/envsetup.mk b/core/envsetup.mk index ecfca9f60..51a2fb3bd 100644 --- a/core/envsetup.mk +++ b/core/envsetup.mk @@ -276,7 +276,7 @@ TARGET_OUT_GEN := $(PRODUCT_OUT)/gen TARGET_OUT_COMMON_GEN := $(TARGET_COMMON_OUT_ROOT)/gen TARGET_OUT := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_SYSTEM) -ifeq ($(SANITIZE_TARGET),address) +ifneq ($(filter address,$(SANITIZE_TARGET)),) target_out_shared_libraries_base := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_DATA) else target_out_shared_libraries_base := $(TARGET_OUT) @@ -333,7 +333,7 @@ $(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_OUT_DATA_NATIVE_TESTS := $(TARGET_OUT_DATA)/ TARGET_OUT_CACHE := $(PRODUCT_OUT)/cache TARGET_OUT_VENDOR := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_VENDOR) -ifeq ($(SANITIZE_TARGET),address) +ifneq ($(filter address,$(SANITIZE_TARGET)),) target_out_vendor_shared_libraries_base := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_DATA)/vendor else target_out_vendor_shared_libraries_base := $(TARGET_OUT_VENDOR) diff --git a/core/executable.mk b/core/executable.mk index 0ce400cde..70ef0d989 100644 --- a/core/executable.mk +++ b/core/executable.mk @@ -7,7 +7,7 @@ # LOCAL_MODULE_STEM_64 my_skip_this_target := -ifeq (address,$(strip $(SANITIZE_TARGET))) +ifneq ($(filter address,$(SANITIZE_TARGET)),) ifeq (true,$(LOCAL_FORCE_STATIC_EXECUTABLE)) my_skip_this_target := true else ifeq (false, $(LOCAL_CLANG)) diff --git a/core/fuzz_test.mk b/core/fuzz_test.mk index 065cc030e..fc582b3fe 100644 --- a/core/fuzz_test.mk +++ b/core/fuzz_test.mk @@ -7,7 +7,7 @@ ifdef LOCAL_SDK_VERSION $(error $(LOCAL_PATH): $(LOCAL_MODULE): NDK fuzz tests are not supported.) endif -LOCAL_CFLAGS += -fsanitize-coverage=edge,indirect-calls,8bit-counters +LOCAL_CFLAGS += -fsanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp LOCAL_STATIC_LIBRARIES += libLLVMFuzzer ifdef LOCAL_MODULE_PATH diff --git a/core/host_fuzz_test.mk b/core/host_fuzz_test.mk index e917959df..cc7baada1 100644 --- a/core/host_fuzz_test.mk +++ b/core/host_fuzz_test.mk @@ -3,7 +3,7 @@ ## Common flags for host fuzz tests are added. ################################################ -LOCAL_CFLAGS += -fsanitize-coverage=edge,indirect-calls,8bit-counters +LOCAL_CFLAGS += -fsanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp LOCAL_STATIC_LIBRARIES += libLLVMFuzzer include $(BUILD_HOST_EXECUTABLE) -- 2.11.0