diff options
author | 2019-04-09 07:25:14 -0700 | |
---|---|---|
committer | 2019-04-09 07:25:14 -0700 | |
commit | 946d0603bafb32b9d7010f62fb1357383fb6419a (patch) | |
tree | 158cf5fc905ed06a3de2d1cbf68e8acfb8ca6997 /infra/base-images | |
parent | 5c5a10a16dce31ebfdb68d62311119aa09ef33e2 (diff) |
[infra] Enabling DataFlow build configuration (#1632). (#2292)
* [infra] Enabling DataFlow build configuration (#1632).
* Copy all data flow scripts from the libFuzzer repo.
Diffstat (limited to 'infra/base-images')
-rw-r--r-- | infra/base-images/base-builder/Dockerfile | 6 | ||||
-rwxr-xr-x | infra/base-images/base-builder/compile | 4 | ||||
-rwxr-xr-x | infra/base-images/base-builder/compile_dataflow | 28 | ||||
-rwxr-xr-x | infra/base-images/base-builder/compile_libfuzzer | 1 | ||||
-rwxr-xr-x | infra/base-images/base-clang/checkout_build_install_llvm.sh | 3 |
5 files changed, 39 insertions, 3 deletions
diff --git a/infra/base-images/base-builder/Dockerfile b/infra/base-images/base-builder/Dockerfile index 59ab3ba0..49540078 100644 --- a/infra/base-images/base-builder/Dockerfile +++ b/infra/base-images/base-builder/Dockerfile @@ -23,8 +23,11 @@ ENV SANITIZER_FLAGS_address "-fsanitize=address -fsanitize-address-use-after-sco # Set of '-fsanitize' flags matches '-fno-sanitize-recover' + 'unsigned-integer-overflow'. ENV SANITIZER_FLAGS_undefined "-fsanitize=bool,array-bounds,float-divide-by-zero,function,integer-divide-by-zero,return,shift,signed-integer-overflow,unsigned-integer-overflow,vla-bound,vptr -fno-sanitize-recover=bool,array-bounds,float-divide-by-zero,function,integer-divide-by-zero,return,shift,signed-integer-overflow,vla-bound,vptr" + ENV SANITIZER_FLAGS_memory "-fsanitize=memory -fsanitize-memory-track-origins" +ENV SANITIZER_FLAGS_dataflow "-fsanitize=dataflow -fsanitize-coverage=trace-pc-guard,pc-table,func,trace-cmp" + # Do not use any sanitizers in the coverage build. ENV SANITIZER_FLAGS_coverage "" @@ -63,6 +66,7 @@ RUN mkdir honggfuzz && \ tar -xzv --strip-components=1 -f $SRC/oss-fuzz.tar.gz && \ rm -rf $SRC/oss-fuzz.tar.gz -COPY compile compile_afl compile_libfuzzer compile_honggfuzz srcmap write_labels.py /usr/local/bin/ +COPY compile compile_afl compile_dataflow compile_libfuzzer compile_honggfuzz \ + srcmap write_labels.py /usr/local/bin/ CMD ["compile"] diff --git a/infra/base-images/base-builder/compile b/infra/base-images/base-builder/compile index 54f7a6a4..b72f78aa 100755 --- a/infra/base-images/base-builder/compile +++ b/infra/base-images/base-builder/compile @@ -49,8 +49,8 @@ then export COVERAGE_FLAGS="${!COVERAGE_FLAGS_VAR}" fi - # Don't need coverage instrumentation for engine-less builds. -if [[ $FUZZING_ENGINE = "none" ]]; then + # Don't need coverage instrumentation for engine-less or DFSan builds. +if [ $FUZZING_ENGINE = "none" ] || [ $FUZZING_ENGINE = "dataflow" ]; then export COVERAGE_FLAGS= fi diff --git a/infra/base-images/base-builder/compile_dataflow b/infra/base-images/base-builder/compile_dataflow new file mode 100755 index 00000000..ce517aee --- /dev/null +++ b/infra/base-images/base-builder/compile_dataflow @@ -0,0 +1,28 @@ +#!/bin/bash -eu +# Copyright 2019 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +echo -n "Compiling DataFlow to $LIB_FUZZING_ENGINE... " +mkdir -p $WORK/libfuzzer +pushd $WORK/libfuzzer > /dev/null + +# Intentionally do not use $SANITIZER_FLAGS, we need -fsanitize=dataflow only. +$CXX $CXXFLAGS -fsanitize=dataflow -std=c++11 -O2 -c \ + $SRC/libfuzzer/dataflow/*.cpp +ar r $LIB_FUZZING_ENGINE $WORK/libfuzzer/*.o +popd > /dev/null +rm -rf $WORK/libfuzzer +echo " done." diff --git a/infra/base-images/base-builder/compile_libfuzzer b/infra/base-images/base-builder/compile_libfuzzer index 9b135d6f..2b60f258 100755 --- a/infra/base-images/base-builder/compile_libfuzzer +++ b/infra/base-images/base-builder/compile_libfuzzer @@ -18,6 +18,7 @@ echo -n "Compiling libFuzzer to $LIB_FUZZING_ENGINE... " mkdir -p $WORK/libfuzzer pushd $WORK/libfuzzer > /dev/null + # Use -fPIC to allow preloading (LD_PRELOAD). $CXX $CXXFLAGS -std=c++11 -O2 -fPIC $SANITIZER_FLAGS -fno-sanitize=vptr \ -c $SRC/libfuzzer/*.cpp -I$SRC/libfuzzer diff --git a/infra/base-images/base-clang/checkout_build_install_llvm.sh b/infra/base-images/base-clang/checkout_build_install_llvm.sh index f2ad1375..4c45cf28 100755 --- a/infra/base-images/base-clang/checkout_build_install_llvm.sh +++ b/infra/base-images/base-clang/checkout_build_install_llvm.sh @@ -109,6 +109,9 @@ rm -rf $WORK/msan # Pull trunk libfuzzer. cd $SRC && svn co https://llvm.org/svn/llvm-project/compiler-rt/trunk/lib/fuzzer libfuzzer +# Copy DataFlow scripts for collecting and merging the traces. +cp libfuzzer/scripts/*_data_flow.py /usr/local/bin/ + # Cleanup rm -rf $SRC/llvm rm -rf $SRC/chromium_tools |