Add the cc_fuzz target.
Adds the cc_fuzz target via a cc_fuzz module. Also implements the
libclang runtime interface for the x86 toolchain to allow host-built
fuzzers.
Bug: 133261679
Bug: 137398545
Test: Build a fuzzer (with all topic patches), notice that you now
have a host-built fuzzer :)
Change-Id: I7fa069603415f40b3f12a002c253fca6e2aa1988
diff --git a/Android.bp b/Android.bp
index 1b68adb..ab43aec 100644
--- a/Android.bp
+++ b/Android.bp
@@ -177,6 +177,7 @@
"cc/linker.go",
"cc/binary.go",
+ "cc/fuzz.go",
"cc/library.go",
"cc/object.go",
"cc/test.go",
diff --git a/cc/cc_test.go b/cc/cc_test.go
index ca34185..a1b753c 100644
--- a/cc/cc_test.go
+++ b/cc/cc_test.go
@@ -2264,6 +2264,19 @@
}
}
+// Simple smoke test for the cc_fuzz target that ensures the rule compiles
+// correctly.
+func TestFuzzTarget(t *testing.T) {
+ ctx := testCc(t, `
+ cc_fuzz {
+ name: "fuzz_smoke_test",
+ srcs: ["foo.c"],
+ }`)
+
+ variant := "android_arm64_armv8-a_core"
+ ctx.ModuleForTests("fuzz_smoke_test", variant).Rule("cc")
+}
+
func assertString(t *testing.T, got, expected string) {
t.Helper()
if got != expected {
diff --git a/cc/config/toolchain.go b/cc/config/toolchain.go
index d5e9d01..db9092d 100644
--- a/cc/config/toolchain.go
+++ b/cc/config/toolchain.go
@@ -181,6 +181,9 @@
if arch == "" {
return ""
}
+ if !t.Bionic() {
+ return "libclang_rt." + library + "-" + arch
+ }
return "libclang_rt." + library + "-" + arch + "-android"
}
@@ -224,6 +227,10 @@
return LibclangRuntimeLibrary(t, "scudo_minimal")
}
+func LibFuzzerRuntimeLibrary(t Toolchain) string {
+ return LibclangRuntimeLibrary(t, "fuzzer")
+}
+
func ToolPath(t Toolchain) string {
if p := t.ToolPath(); p != "" {
return p
diff --git a/cc/config/x86_linux_host.go b/cc/config/x86_linux_host.go
index f072f34..f08a379 100644
--- a/cc/config/x86_linux_host.go
+++ b/cc/config/x86_linux_host.go
@@ -233,6 +233,14 @@
return "${config.LinuxX8664YasmFlags}"
}
+func (toolchainLinuxX86) LibclangRuntimeLibraryArch() string {
+ return "i686"
+}
+
+func (toolchainLinuxX8664) LibclangRuntimeLibraryArch() string {
+ return "x86_64"
+}
+
func (t *toolchainLinux) AvailableLibraries() []string {
return linuxAvailableLibraries
}
diff --git a/cc/fuzz.go b/cc/fuzz.go
new file mode 100644
index 0000000..d13e04a
--- /dev/null
+++ b/cc/fuzz.go
@@ -0,0 +1,106 @@
+// Copyright 2016 Google Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cc
+
+import (
+ "android/soong/android"
+ "android/soong/cc/config"
+)
+
+func init() {
+ android.RegisterModuleType("cc_fuzz", FuzzFactory)
+}
+
+// cc_fuzz creates a host/device fuzzer binary. Host binaries can be found at
+// $ANDROID_HOST_OUT/fuzz/, and device binaries can be found at /data/fuzz on
+// your device, or $ANDROID_PRODUCT_OUT/data/fuzz in your build tree.
+func FuzzFactory() android.Module {
+ module := NewFuzz(android.HostAndDeviceSupported)
+ return module.Init()
+}
+
+func NewFuzzInstaller() *baseInstaller {
+ return NewBaseInstaller("fuzz", "fuzz", InstallInData)
+}
+
+type fuzzBinary struct {
+ *binaryDecorator
+ *baseCompiler
+}
+
+func (fuzz *fuzzBinary) linkerProps() []interface{} {
+ props := fuzz.binaryDecorator.linkerProps()
+ return props
+}
+
+func (fuzz *fuzzBinary) linkerInit(ctx BaseModuleContext) {
+ // Add ../lib[64] to rpath so that out/host/linux-x86/fuzz/<fuzzer> can
+ // find out/host/linux-x86/lib[64]/library.so
+ runpaths := []string{"../lib"}
+ for _, runpath := range runpaths {
+ if ctx.toolchain().Is64Bit() {
+ runpath += "64"
+ }
+ fuzz.binaryDecorator.baseLinker.dynamicProperties.RunPaths = append(
+ fuzz.binaryDecorator.baseLinker.dynamicProperties.RunPaths, runpath)
+ }
+
+ // add "" to rpath so that fuzzer binaries can find libraries in their own fuzz directory
+ fuzz.binaryDecorator.baseLinker.dynamicProperties.RunPaths = append(
+ fuzz.binaryDecorator.baseLinker.dynamicProperties.RunPaths, "")
+
+ fuzz.binaryDecorator.linkerInit(ctx)
+}
+
+func (fuzz *fuzzBinary) linkerDeps(ctx DepsContext, deps Deps) Deps {
+ deps.StaticLibs = append(deps.StaticLibs,
+ config.LibFuzzerRuntimeLibrary(ctx.toolchain()))
+ deps = fuzz.binaryDecorator.linkerDeps(ctx, deps)
+ return deps
+}
+
+func (fuzz *fuzzBinary) linkerFlags(ctx ModuleContext, flags Flags) Flags {
+ flags = fuzz.binaryDecorator.linkerFlags(ctx, flags)
+ return flags
+}
+
+func (fuzz *fuzzBinary) install(ctx ModuleContext, file android.Path) {
+ fuzz.binaryDecorator.baseInstaller.dir = "fuzz"
+ fuzz.binaryDecorator.baseInstaller.dir64 = "fuzz"
+ fuzz.binaryDecorator.baseInstaller.install(ctx, file)
+}
+
+func NewFuzz(hod android.HostOrDeviceSupported) *Module {
+ module, binary := NewBinary(hod)
+
+ // TODO(mitchp): The toolchain does not currently export the x86 (32-bit)
+ // variant of libFuzzer for host. There is no way to only disable the host
+ // 32-bit variant, so we specify cc_fuzz targets as 64-bit only. This doesn't
+ // hurt anyone, as cc_fuzz is mostly for experimental targets as of this
+ // moment.
+ module.multilib = "64"
+
+ binary.baseInstaller = NewFuzzInstaller()
+ module.sanitize.SetSanitizer(fuzzer, true)
+
+ fuzz := &fuzzBinary{
+ binaryDecorator: binary,
+ baseCompiler: NewBaseCompiler(),
+ }
+ module.compiler = fuzz
+ module.linker = fuzz
+ module.installer = fuzz
+ return module
+}
diff --git a/cc/testing.go b/cc/testing.go
index df7cb78..bf806bc 100644
--- a/cc/testing.go
+++ b/cc/testing.go
@@ -63,6 +63,41 @@
}
toolchain_library {
+ name: "libclang_rt.fuzzer-arm-android",
+ vendor_available: true,
+ recovery_available: true,
+ src: "",
+ }
+
+ toolchain_library {
+ name: "libclang_rt.fuzzer-aarch64-android",
+ vendor_available: true,
+ recovery_available: true,
+ src: "",
+ }
+
+ toolchain_library {
+ name: "libclang_rt.fuzzer-i686-android",
+ vendor_available: true,
+ recovery_available: true,
+ src: "",
+ }
+
+ toolchain_library {
+ name: "libclang_rt.fuzzer-x86_64-android",
+ vendor_available: true,
+ recovery_available: true,
+ src: "",
+ }
+
+ toolchain_library {
+ name: "libclang_rt.fuzzer-x86_64",
+ vendor_available: true,
+ recovery_available: true,
+ src: "",
+ }
+
+ toolchain_library {
name: "libgcc",
vendor_available: true,
recovery_available: true,
@@ -196,6 +231,7 @@
ctx := android.NewTestArchContext()
ctx.RegisterModuleType("cc_binary", android.ModuleFactoryAdaptor(BinaryFactory))
ctx.RegisterModuleType("cc_binary_host", android.ModuleFactoryAdaptor(binaryHostFactory))
+ ctx.RegisterModuleType("cc_fuzz", android.ModuleFactoryAdaptor(FuzzFactory))
ctx.RegisterModuleType("cc_library", android.ModuleFactoryAdaptor(LibraryFactory))
ctx.RegisterModuleType("cc_library_shared", android.ModuleFactoryAdaptor(LibrarySharedFactory))
ctx.RegisterModuleType("cc_library_static", android.ModuleFactoryAdaptor(LibraryStaticFactory))
