From 6e42ed217c58341966f41df31f47ed05a1f61a42 Mon Sep 17 00:00:00 2001 From: Robert Loehning Date: Fri, 1 Nov 2019 13:21:33 +0100 Subject: configure: Add sanitizer "fuzzer-no-link" Adds instrumentation for fuzzing to the binaries but links to the usual main function instead of a fuzzer's. The similar sanitizer "fuzzer" should then be used only for building the test itself. Requires clang 6 or higher. Change-Id: I24ee1f018b0b97f2977dc86fbdc29a164d7c4e01 Reviewed-by: Edward Welbourne --- config_help.txt | 2 +- configure.json | 21 +++++++++++++++++++-- configure.pri | 2 ++ mkspecs/common/sanitize.conf | 4 ++++ mkspecs/features/sanitizer.prf | 6 ++++++ tests/libfuzzer/README | 2 ++ 6 files changed, 34 insertions(+), 3 deletions(-) diff --git a/config_help.txt b/config_help.txt index 2c46592c31..d8b027f0e8 100644 --- a/config_help.txt +++ b/config_help.txt @@ -131,7 +131,7 @@ Build options: Currently supported backends are 'etw' (Windows) and 'lttng' (Linux), or 'yes' for auto-detection. [no] - -sanitize {address|thread|memory|undefined} + -sanitize {address|thread|memory|fuzzer-no-link|undefined} Instrument with the specified compiler sanitizer. Note that some sanitizers cannot be combined; for example, -sanitize address cannot be combined with diff --git a/configure.json b/configure.json index ce71e67993..105b51a81c 100644 --- a/configure.json +++ b/configure.json @@ -895,6 +895,12 @@ "autoDetect": false, "output": [ "publicConfig" ] }, + "sanitize_fuzzer_no_link": { + "label": "Fuzzer (instrumentation only)", + "autoDetect": false, + "output": [ "publicConfig" ], + "purpose": [ "Adds instrumentation for fuzzing to the binaries but links to the usual main function instead of a fuzzer's." ] + }, "sanitize_undefined": { "label": "Undefined", "autoDetect": false, @@ -902,7 +908,7 @@ }, "sanitizer": { "label": "Sanitizers", - "condition": "features.sanitize_address || features.sanitize_thread || features.sanitize_memory || features.sanitize_undefined", + "condition": "features.sanitize_address || features.sanitize_thread || features.sanitize_memory || features.sanitize_fuzzer_no_link || features.sanitize_undefined", "output": [ "sanitizer", "publicConfig" ] }, "coverage_trace_pc_guard": { @@ -1444,6 +1450,11 @@ Qt can be built in release mode with separate debug information, so "type": "error", "condition": "features.coverage && !config.clang", "message": "Command line option -coverage is only supported with clang compilers." + }, + { + "type": "error", + "condition": "features.sanitize_fuzzer_no_link && !config.clang", + "message": "Command line option -sanitize fuzzer-no-link is only supported with clang compilers." } ], @@ -1581,7 +1592,13 @@ Configure with '-qreal float' to create a build that is binary-compatible with 5 { "section": "Sanitizers", "condition": "features.sanitizer", - "entries": [ "sanitize_address", "sanitize_thread", "sanitize_memory", "sanitize_undefined" ] + "entries": [ + "sanitize_address", + "sanitize_thread", + "sanitize_memory", + "sanitize_fuzzer_no_link", + "sanitize_undefined" + ] }, { "message": "Code Coverage Instrumentation", diff --git a/configure.pri b/configure.pri index 97b9f3bf63..e717a5d305 100644 --- a/configure.pri +++ b/configure.pri @@ -53,6 +53,8 @@ defineTest(qtConfCommandline_sanitize) { qtConfCommandlineSetInput("sanitize_thread", "yes") } else: equals(val, "memory") { qtConfCommandlineSetInput("sanitize_memory", "yes") + } else: equals(val, "fuzzer-no-link") { + qtConfCommandlineSetInput("sanitize_fuzzer_no_link", "yes") } else: equals(val, "undefined") { qtConfCommandlineSetInput("sanitize_undefined", "yes") } else { diff --git a/mkspecs/common/sanitize.conf b/mkspecs/common/sanitize.conf index 5e09406cfb..8417fa4c2f 100644 --- a/mkspecs/common/sanitize.conf +++ b/mkspecs/common/sanitize.conf @@ -17,6 +17,10 @@ QMAKE_SANITIZE_MEMORY_CFLAGS = -fsanitize=memory QMAKE_SANITIZE_MEMORY_CXXFLAGS = -fsanitize=memory QMAKE_SANITIZE_MEMORY_LFLAGS = -fsanitize=memory +QMAKE_SANITIZE_FUZZERNL_CFLAGS = -fsanitize=fuzzer-no-link +QMAKE_SANITIZE_FUZZERNL_CXXFLAGS = -fsanitize=fuzzer-no-link +QMAKE_SANITIZE_FUZZERNL_LFLAGS = -fsanitize=fuzzer-no-link + QMAKE_SANITIZE_UNDEFINED_CFLAGS = -fsanitize=undefined QMAKE_SANITIZE_UNDEFINED_CXXFLAGS = -fsanitize=undefined QMAKE_SANITIZE_UNDEFINED_LFLAGS = -fsanitize=undefined diff --git a/mkspecs/features/sanitizer.prf b/mkspecs/features/sanitizer.prf index c7d72aec80..12ca1a17bd 100644 --- a/mkspecs/features/sanitizer.prf +++ b/mkspecs/features/sanitizer.prf @@ -42,6 +42,12 @@ sanitize_thread { QMAKE_LFLAGS += $$QMAKE_SANITIZE_THREAD_LFLAGS } +sanitize_fuzzer_no_link { + QMAKE_CFLAGS += $$QMAKE_SANITIZE_FUZZERNL_CFLAGS + QMAKE_CXXFLAGS += $$QMAKE_SANITIZE_FUZZERNL_CXXFLAGS + QMAKE_LFLAGS += $$QMAKE_SANITIZE_FUZZERNL_LFLAGS +} + sanitize_undefined { QMAKE_CFLAGS += $$QMAKE_SANITIZE_UNDEFINED_CFLAGS QMAKE_CXXFLAGS += $$QMAKE_SANITIZE_UNDEFINED_CXXFLAGS diff --git a/tests/libfuzzer/README b/tests/libfuzzer/README index 57140cebfb..ded04a5798 100644 --- a/tests/libfuzzer/README +++ b/tests/libfuzzer/README @@ -17,6 +17,8 @@ To run a test with libFuzzer: install libFuzzer for this version of clang explicitly. 2. Make sure clang and clang++ from this version of clang are found in PATH. 3. Configure Qt with + -platform linux-clang -sanitize fuzzer-no-link + or, if you are using clang 5 -platform linux-clang -coverage trace-pc-guard to add the needed code coverage instrumentation. Since speed of execution is crucial for fuzz testing, it's recommendable to also use the switches -- cgit v1.2.3