maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

Flag -fsanitize=fuzzer to enable libfuzzer 

Previously, adding libfuzzer to a project was a multi-step procedure,
involving libfuzzer compilation, linking the library, and specifying
coverage flags.
With this change,libfuzzer can be enabled by adding a single
-fsanitize=fuzzer flag instead.

llvm-svn: 301212
This commit is contained in:
George Karpenkov 2017-04-24 18:23:24 +00:00
parent f9796b76e9
commit f2fc5b068e
8 changed files with 64 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
clang/include/clang/Basic/Sanitizers.def
View File

@ -47,6 +47,9 @@ SANITIZER("kernel-address", KernelAddress)
// MemorySanitizer // MemorySanitizer
SANITIZER("memory", Memory) SANITIZER("memory", Memory)
// libFuzzer
SANITIZER("fuzzer", Fuzzer)
// ThreadSanitizer // ThreadSanitizer
SANITIZER("thread", Thread) SANITIZER("thread", Thread)

1
clang/include/clang/Driver/SanitizerArgs.h
View File

@ -50,6 +50,7 @@ class SanitizerArgs {
bool needsSharedAsanRt() const { return AsanSharedRuntime; } bool needsSharedAsanRt() const { return AsanSharedRuntime; }
bool needsTsanRt() const { return Sanitizers.has(SanitizerKind::Thread); } bool needsTsanRt() const { return Sanitizers.has(SanitizerKind::Thread); }
bool needsMsanRt() const { return Sanitizers.has(SanitizerKind::Memory); } bool needsMsanRt() const { return Sanitizers.has(SanitizerKind::Memory); }
bool needsFuzzer() const { return Sanitizers.has(SanitizerKind::Fuzzer); }
bool needsLsanRt() const { bool needsLsanRt() const {
return Sanitizers.has(SanitizerKind::Leak) && return Sanitizers.has(SanitizerKind::Leak) &&
!Sanitizers.has(SanitizerKind::Address); !Sanitizers.has(SanitizerKind::Address);

4
clang/lib/Driver/SanitizerArgs.cpp
View File

@ -265,6 +265,10 @@ SanitizerArgs::SanitizerArgs(const ToolChain &TC,
Add &= ~InvalidTrappingKinds; Add &= ~InvalidTrappingKinds;
Add &= Supported; Add &= Supported;
// Enable coverage if the fuzzing flag is set.
if (Add & Fuzzer)
CoverageFeatures |= CoverageTracePCGuard | CoverageIndirCall | CoverageTraceCmp;
Kinds |= Add; Kinds |= Add;
} else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) { } else if (Arg->getOption().matches(options::OPT_fno_sanitize_EQ)) {
Arg->claim(); Arg->claim();

16
clang/lib/Driver/ToolChains/CommonArgs.cpp
View File

@ -577,6 +577,17 @@ collectSanitizerRuntimes(const ToolChain &TC, const ArgList &Args,
StaticRuntimes.push_back("esan"); StaticRuntimes.push_back("esan");
} }
static void addLibFuzzerRuntime(const ToolChain &TC,
const ArgList &Args,
ArgStringList &CmdArgs) {
StringRef ParentDir = llvm::sys::path::parent_path(TC.getDriver().InstalledDir);
SmallString<128> P(ParentDir);
llvm::sys::path::append(P, "lib", "libLLVMFuzzer.a");
CmdArgs.push_back(Args.MakeArgString(P));
TC.AddCXXStdlibLibArgs(Args, CmdArgs);
}
// Should be called before we add system libraries (C++ ABI, libstdc++/libc++, // Should be called before we add system libraries (C++ ABI, libstdc++/libc++,
// C runtime, etc). Returns true if sanitizer system deps need to be linked in. // C runtime, etc). Returns true if sanitizer system deps need to be linked in.
bool tools::addSanitizerRuntimes(const ToolChain &TC, const ArgList &Args, bool tools::addSanitizerRuntimes(const ToolChain &TC, const ArgList &Args,
@ -586,6 +597,11 @@ bool tools::addSanitizerRuntimes(const ToolChain &TC, const ArgList &Args,
collectSanitizerRuntimes(TC, Args, SharedRuntimes, StaticRuntimes, collectSanitizerRuntimes(TC, Args, SharedRuntimes, StaticRuntimes,
NonWholeStaticRuntimes, HelperStaticRuntimes, NonWholeStaticRuntimes, HelperStaticRuntimes,
RequiredSymbols); RequiredSymbols);
// Inject libfuzzer dependencies.
if (TC.getSanitizerArgs().needsFuzzer()) {
addLibFuzzerRuntime(TC, Args, CmdArgs);
}
for (auto RT : SharedRuntimes) for (auto RT : SharedRuntimes)
addSanitizerRuntime(TC, Args, CmdArgs, RT, true, false); addSanitizerRuntime(TC, Args, CmdArgs, RT, true, false);
for (auto RT : HelperStaticRuntimes) for (auto RT : HelperStaticRuntimes)

15
clang/lib/Driver/ToolChains/Darwin.cpp
View File

@ -930,6 +930,18 @@ void MachO::AddLinkRuntimeLib(const ArgList &Args, ArgStringList &CmdArgs,
} }
} }
void MachO::AddFuzzerLinkArgs(const ArgList &Args, ArgStringList &CmdArgs) const {
// Go up one directory from Clang to find the libfuzzer archive file.
StringRef ParentDir = llvm::sys::path::parent_path(getDriver().InstalledDir);
SmallString<128> P(ParentDir);
llvm::sys::path::append(P, "lib", "libLLVMFuzzer.a");
CmdArgs.push_back(Args.MakeArgString(P));
// Libfuzzer is written in C++ and requires libcxx.
AddCXXStdlibLibArgs(Args, CmdArgs);
}
StringRef Darwin::getPlatformFamily() const { StringRef Darwin::getPlatformFamily() const {
switch (TargetPlatform) { switch (TargetPlatform) {
case DarwinPlatformKind::MacOS: case DarwinPlatformKind::MacOS:
@ -1041,6 +1053,8 @@ void DarwinClang::AddLinkRuntimeLibArgs(const ArgList &Args,
AddLinkSanitizerLibArgs(Args, CmdArgs, "ubsan"); AddLinkSanitizerLibArgs(Args, CmdArgs, "ubsan");
if (Sanitize.needsTsanRt()) if (Sanitize.needsTsanRt())
AddLinkSanitizerLibArgs(Args, CmdArgs, "tsan"); AddLinkSanitizerLibArgs(Args, CmdArgs, "tsan");
if (Sanitize.needsFuzzer())
AddFuzzerLinkArgs(Args, CmdArgs);
if (Sanitize.needsStatsRt()) { if (Sanitize.needsStatsRt()) {
StringRef OS = isTargetMacOS() ? "osx" : "iossim"; StringRef OS = isTargetMacOS() ? "osx" : "iossim";
AddLinkRuntimeLib(Args, CmdArgs, AddLinkRuntimeLib(Args, CmdArgs,
@ -1895,6 +1909,7 @@ SanitizerMask Darwin::getSupportedSanitizers() const {
SanitizerMask Res = ToolChain::getSupportedSanitizers(); SanitizerMask Res = ToolChain::getSupportedSanitizers();
Res |= SanitizerKind::Address; Res |= SanitizerKind::Address;
Res |= SanitizerKind::Leak; Res |= SanitizerKind::Leak;
Res |= SanitizerKind::Fuzzer;
if (isTargetMacOS()) { if (isTargetMacOS()) {
if (!isMacosxVersionLT(10, 9)) if (!isMacosxVersionLT(10, 9))
Res |= SanitizerKind::Vptr; Res |= SanitizerKind::Vptr;

2
clang/lib/Driver/ToolChains/Darwin.h
View File

@ -154,6 +154,8 @@ public:
/// Add the linker arguments to link the compiler runtime library. /// Add the linker arguments to link the compiler runtime library.
virtual void AddLinkRuntimeLibArgs(const llvm::opt::ArgList &Args, virtual void AddLinkRuntimeLibArgs(const llvm::opt::ArgList &Args,
llvm::opt::ArgStringList &CmdArgs) const; llvm::opt::ArgStringList &CmdArgs) const;
virtual void AddFuzzerLinkArgs(const llvm::opt::ArgList &Args,
llvm::opt::ArgStringList &CmdArgs) const;
virtual void addStartObjectFileArgs(const llvm::opt::ArgList &Args, virtual void addStartObjectFileArgs(const llvm::opt::ArgList &Args,
llvm::opt::ArgStringList &CmdArgs) const { llvm::opt::ArgStringList &CmdArgs) const {

1
clang/lib/Driver/ToolChains/Linux.cpp
View File

@ -869,6 +869,7 @@ SanitizerMask Linux::getSupportedSanitizers() const {
llvm::Triple::thumbeb; llvm::Triple::thumbeb;
SanitizerMask Res = ToolChain::getSupportedSanitizers(); SanitizerMask Res = ToolChain::getSupportedSanitizers();
Res |= SanitizerKind::Address; Res |= SanitizerKind::Address;
Res |= SanitizerKind::Fuzzer;
Res |= SanitizerKind::KernelAddress; Res |= SanitizerKind::KernelAddress;
Res |= SanitizerKind::Vptr; Res |= SanitizerKind::Vptr;
Res |= SanitizerKind::SafeStack; Res |= SanitizerKind::SafeStack;

22
clang/test/Driver/fuzzer.c Normal file
View File

@ -0,0 +1,22 @@
// Test flags inserted by -fsanitize=fuzzer.
// RUN: %clang -fsanitize=fuzzer %s -### 2>&1 | FileCheck --check-prefixes=CHECK-FUZZER-LIB,CHECK-COVERAGE-FLAGS %s
//
// CHECK-FUZZER-LIB: libLLVMFuzzer.a
// CHECK-COVERAGE: -fsanitize-coverage-trace-pc-guard
// CHECK-COVERAGE-SAME: -fsanitize-coverage-indirect-calls
// CHECK-COVERAGE-SAME: -fsanitize-coverage-trace-cmp
// RUN: %clang -fsanitize=fuzzer -target i386-unknown-linux %s -### 2>&1 | FileCheck --check-prefixes=CHECK-LIBCXX-LINUX %s
//
// CHECK-LIBCXX-LINUX: -lstdc++
// RUN: %clang -target x86_64-apple-darwin14 -fsanitize=fuzzer %s -### 2>&1 | FileCheck --check-prefixes=CHECK-LIBCXX-DARWIN %s
//
// CHECK-LIBCXX-DARWIN: -lc++
// RUN: %clang -fsanitize=fuzzer %s
int LLVMFuzzerTestOneInput(const char *Data, long Size) {
return 0;
}