diff --git a/Android.bp b/Android.bp index 4893de6d2..62b0fd4c3 100644 --- a/Android.bp +++ b/Android.bp @@ -178,6 +178,7 @@ bootstrap_go_package { "cc/linker.go", "cc/binary.go", + "cc/fuzz.go", "cc/library.go", "cc/object.go", "cc/test.go", diff --git a/cc/cc_test.go b/cc/cc_test.go index ca34185dc..a1b753cc9 100644 --- a/cc/cc_test.go +++ b/cc/cc_test.go @@ -2264,6 +2264,19 @@ func TestStaticDepsOrderWithStubs(t *testing.T) { } } +// Simple smoke test for the cc_fuzz target that ensures the rule compiles +// correctly. +func TestFuzzTarget(t *testing.T) { + ctx := testCc(t, ` + cc_fuzz { + name: "fuzz_smoke_test", + srcs: ["foo.c"], + }`) + + variant := "android_arm64_armv8-a_core" + ctx.ModuleForTests("fuzz_smoke_test", variant).Rule("cc") +} + func assertString(t *testing.T, got, expected string) { t.Helper() if got != expected { diff --git a/cc/config/toolchain.go b/cc/config/toolchain.go index d5e9d0169..db9092db0 100644 --- a/cc/config/toolchain.go +++ b/cc/config/toolchain.go @@ -181,6 +181,9 @@ func LibclangRuntimeLibrary(t Toolchain, library string) string { if arch == "" { return "" } + if !t.Bionic() { + return "libclang_rt." + library + "-" + arch + } return "libclang_rt." + library + "-" + arch + "-android" } @@ -224,6 +227,10 @@ func ScudoMinimalRuntimeLibrary(t Toolchain) string { return LibclangRuntimeLibrary(t, "scudo_minimal") } +func LibFuzzerRuntimeLibrary(t Toolchain) string { + return LibclangRuntimeLibrary(t, "fuzzer") +} + func ToolPath(t Toolchain) string { if p := t.ToolPath(); p != "" { return p diff --git a/cc/config/x86_linux_host.go b/cc/config/x86_linux_host.go index f072f348a..f08a37987 100644 --- a/cc/config/x86_linux_host.go +++ b/cc/config/x86_linux_host.go @@ -233,6 +233,14 @@ func (t *toolchainLinuxX8664) YasmFlags() string { return "${config.LinuxX8664YasmFlags}" } +func (toolchainLinuxX86) LibclangRuntimeLibraryArch() string { + return "i686" +} + +func (toolchainLinuxX8664) LibclangRuntimeLibraryArch() string { + return "x86_64" +} + func (t *toolchainLinux) AvailableLibraries() []string { return linuxAvailableLibraries } diff --git a/cc/fuzz.go b/cc/fuzz.go new file mode 100644 index 000000000..d13e04a5c --- /dev/null +++ b/cc/fuzz.go @@ -0,0 +1,106 @@ +// Copyright 2016 Google Inc. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cc + +import ( + "android/soong/android" + "android/soong/cc/config" +) + +func init() { + android.RegisterModuleType("cc_fuzz", FuzzFactory) +} + +// cc_fuzz creates a host/device fuzzer binary. Host binaries can be found at +// $ANDROID_HOST_OUT/fuzz/, and device binaries can be found at /data/fuzz on +// your device, or $ANDROID_PRODUCT_OUT/data/fuzz in your build tree. +func FuzzFactory() android.Module { + module := NewFuzz(android.HostAndDeviceSupported) + return module.Init() +} + +func NewFuzzInstaller() *baseInstaller { + return NewBaseInstaller("fuzz", "fuzz", InstallInData) +} + +type fuzzBinary struct { + *binaryDecorator + *baseCompiler +} + +func (fuzz *fuzzBinary) linkerProps() []interface{} { + props := fuzz.binaryDecorator.linkerProps() + return props +} + +func (fuzz *fuzzBinary) linkerInit(ctx BaseModuleContext) { + // Add ../lib[64] to rpath so that out/host/linux-x86/fuzz/ can + // find out/host/linux-x86/lib[64]/library.so + runpaths := []string{"../lib"} + for _, runpath := range runpaths { + if ctx.toolchain().Is64Bit() { + runpath += "64" + } + fuzz.binaryDecorator.baseLinker.dynamicProperties.RunPaths = append( + fuzz.binaryDecorator.baseLinker.dynamicProperties.RunPaths, runpath) + } + + // add "" to rpath so that fuzzer binaries can find libraries in their own fuzz directory + fuzz.binaryDecorator.baseLinker.dynamicProperties.RunPaths = append( + fuzz.binaryDecorator.baseLinker.dynamicProperties.RunPaths, "") + + fuzz.binaryDecorator.linkerInit(ctx) +} + +func (fuzz *fuzzBinary) linkerDeps(ctx DepsContext, deps Deps) Deps { + deps.StaticLibs = append(deps.StaticLibs, + config.LibFuzzerRuntimeLibrary(ctx.toolchain())) + deps = fuzz.binaryDecorator.linkerDeps(ctx, deps) + return deps +} + +func (fuzz *fuzzBinary) linkerFlags(ctx ModuleContext, flags Flags) Flags { + flags = fuzz.binaryDecorator.linkerFlags(ctx, flags) + return flags +} + +func (fuzz *fuzzBinary) install(ctx ModuleContext, file android.Path) { + fuzz.binaryDecorator.baseInstaller.dir = "fuzz" + fuzz.binaryDecorator.baseInstaller.dir64 = "fuzz" + fuzz.binaryDecorator.baseInstaller.install(ctx, file) +} + +func NewFuzz(hod android.HostOrDeviceSupported) *Module { + module, binary := NewBinary(hod) + + // TODO(mitchp): The toolchain does not currently export the x86 (32-bit) + // variant of libFuzzer for host. There is no way to only disable the host + // 32-bit variant, so we specify cc_fuzz targets as 64-bit only. This doesn't + // hurt anyone, as cc_fuzz is mostly for experimental targets as of this + // moment. + module.multilib = "64" + + binary.baseInstaller = NewFuzzInstaller() + module.sanitize.SetSanitizer(fuzzer, true) + + fuzz := &fuzzBinary{ + binaryDecorator: binary, + baseCompiler: NewBaseCompiler(), + } + module.compiler = fuzz + module.linker = fuzz + module.installer = fuzz + return module +} diff --git a/cc/testing.go b/cc/testing.go index df7cb78f2..bf806bc5a 100644 --- a/cc/testing.go +++ b/cc/testing.go @@ -62,6 +62,41 @@ func GatherRequiredDepsForTest(os android.OsType) string { src: "", } + toolchain_library { + name: "libclang_rt.fuzzer-arm-android", + vendor_available: true, + recovery_available: true, + src: "", + } + + toolchain_library { + name: "libclang_rt.fuzzer-aarch64-android", + vendor_available: true, + recovery_available: true, + src: "", + } + + toolchain_library { + name: "libclang_rt.fuzzer-i686-android", + vendor_available: true, + recovery_available: true, + src: "", + } + + toolchain_library { + name: "libclang_rt.fuzzer-x86_64-android", + vendor_available: true, + recovery_available: true, + src: "", + } + + toolchain_library { + name: "libclang_rt.fuzzer-x86_64", + vendor_available: true, + recovery_available: true, + src: "", + } + toolchain_library { name: "libgcc", vendor_available: true, @@ -196,6 +231,7 @@ func CreateTestContext(bp string, fs map[string][]byte, ctx := android.NewTestArchContext() ctx.RegisterModuleType("cc_binary", android.ModuleFactoryAdaptor(BinaryFactory)) ctx.RegisterModuleType("cc_binary_host", android.ModuleFactoryAdaptor(binaryHostFactory)) + ctx.RegisterModuleType("cc_fuzz", android.ModuleFactoryAdaptor(FuzzFactory)) ctx.RegisterModuleType("cc_library", android.ModuleFactoryAdaptor(LibraryFactory)) ctx.RegisterModuleType("cc_library_shared", android.ModuleFactoryAdaptor(LibrarySharedFactory)) ctx.RegisterModuleType("cc_library_static", android.ModuleFactoryAdaptor(LibraryStaticFactory))