Revert^2 "Update the way we build AFL++ fuzz binaries"

Test: Built AFL fuzzers individually and built all using haiku command
and built libfuzzers individually and also by using haiku command. Ran
selected fuzzers manually to ensure fuzzing still worked.

Description: Previously we needed to add cc_afl_fuzz to build an afl fuzz binary,
however, to turn current libFuzzers into AFL fuzzers this would required
an update to each Android.bp file which is a lot of work, and would also
require an approval from each Android.bp file owner, which is even more
work.

To get around this (and also to match how AFL fuzzers are built in G3)
we will build AFL++ fuzz binaries by command line option FUZZ_FRAMEWORK.
When FUZZ_FRAMEWORK=AFL is set, all cc_fuzz modules will be built
for AFL rather than libFuzzer. Devs can also specify if a cc_fuzz module
is only for libFuzzer or AFL by using fuzzing_frameworks. If
fuzzing_frameworks is left blank then it will be assumed that the
cc_fuzz module can be built for all available fuzzing frameworks.

Change-Id: If57d3038f05e52775177eaeb26f8ed2bdc73443a

cc/fuzz.go

@@ -27,15 +27,12 @@ import (
 )
 
 func init() {
-	android.RegisterModuleType("cc_afl_fuzz", AFLFuzzFactory)
 	android.RegisterModuleType("cc_fuzz", LibFuzzFactory)
 	android.RegisterSingletonType("cc_fuzz_packaging", fuzzPackagingFactory)
-	android.RegisterSingletonType("cc_afl_fuzz_packaging", fuzzAFLPackagingFactory)
 }
 
 type FuzzProperties struct {
-	AFLEnabled  bool `blueprint:"mutated"`
-	AFLAddFlags bool `blueprint:"mutated"`
+	FuzzFramework fuzz.Framework `blueprint:"mutated"`
 }
 
 type fuzzer struct {
@@ -43,8 +40,13 @@ type fuzzer struct {
 }
 
 func (fuzzer *fuzzer) flags(ctx ModuleContext, flags Flags) Flags {
-	if fuzzer.Properties.AFLAddFlags {
-		flags.Local.CFlags = append(flags.Local.CFlags, "-fsanitize-coverage=trace-pc-guard")
+	if fuzzer.Properties.FuzzFramework == fuzz.AFL {
+		flags.Local.CFlags = append(flags.Local.CFlags, []string{
+			"-fsanitize-coverage=trace-pc-guard",
+			"-Wno-unused-result",
+			"-Wno-unused-parameter",
+			"-Wno-unused-function",
+		}...)
 	}
 
 	return flags
@@ -60,7 +62,7 @@ func fuzzMutatorDeps(mctx android.TopDownMutatorContext) {
 		return
 	}
 
-	if currentModule.fuzzer == nil || !currentModule.fuzzer.Properties.AFLEnabled {
+	if currentModule.fuzzer == nil {
 		return
 	}
 
@@ -83,48 +85,16 @@ func fuzzMutatorDeps(mctx android.TopDownMutatorContext) {
 			return false
 		}
 
-		c.fuzzer.Properties.AFLEnabled = true
-		c.fuzzer.Properties.AFLAddFlags = true
+		c.fuzzer.Properties.FuzzFramework = currentModule.fuzzer.Properties.FuzzFramework
 		return true
 	})
 }
 
-func fuzzMutator(mctx android.BottomUpMutatorContext) {
-	if c, ok := mctx.Module().(*Module); ok && c.fuzzer != nil {
-		if !c.fuzzer.Properties.AFLEnabled {
-			return
-		}
-
-		if c.Binary() {
-			m := mctx.CreateVariations("afl")
-			m[0].(*Module).fuzzer.Properties.AFLEnabled = true
-			m[0].(*Module).fuzzer.Properties.AFLAddFlags = true
-		} else {
-			m := mctx.CreateVariations("", "afl")
-			m[0].(*Module).fuzzer.Properties.AFLEnabled = false
-			m[0].(*Module).fuzzer.Properties.AFLAddFlags = false
-
-			m[1].(*Module).fuzzer.Properties.AFLEnabled = true
-			m[1].(*Module).fuzzer.Properties.AFLAddFlags = true
-		}
-	}
-}
-
 // cc_fuzz creates a host/device fuzzer binary. Host binaries can be found at
 // $ANDROID_HOST_OUT/fuzz/, and device binaries can be found at /data/fuzz on
 // your device, or $ANDROID_PRODUCT_OUT/data/fuzz in your build tree.
 func LibFuzzFactory() android.Module {
-	module := NewFuzzer(android.HostAndDeviceSupported, fuzz.Cc)
-	return module.Init()
-}
-
-// cc_afl_fuzz creates a host/device AFL++ fuzzer binary.
-// AFL++ is an open source framework used to fuzz libraries
-// Host binaries can be found at $ANDROID_HOST_OUT/afl_fuzz/ and device
-// binaries can be found at $ANDROID_PRODUCT_OUT/data/afl_fuzz in your
-// build tree
-func AFLFuzzFactory() android.Module {
-	module := NewFuzzer(android.HostAndDeviceSupported, fuzz.AFL)
+	module := NewFuzzer(android.HostAndDeviceSupported)
 	return module.Init()
 }
 
@@ -133,7 +103,6 @@ type fuzzBinary struct {
 	*baseCompiler
 	fuzzPackagedModule  fuzz.FuzzPackagedModule
 	installedSharedDeps []string
-	fuzzType            fuzz.FuzzType
 }
 
 func (fuzz *fuzzBinary) fuzzBinary() bool {
@@ -143,6 +112,7 @@ func (fuzz *fuzzBinary) fuzzBinary() bool {
 func (fuzz *fuzzBinary) linkerProps() []interface{} {
 	props := fuzz.binaryDecorator.linkerProps()
 	props = append(props, &fuzz.fuzzPackagedModule.FuzzProperties)
+
 	return props
 }
 
@@ -151,16 +121,14 @@ func (fuzz *fuzzBinary) linkerInit(ctx BaseModuleContext) {
 }
 
 func (fuzzBin *fuzzBinary) linkerDeps(ctx DepsContext, deps Deps) Deps {
-	if fuzzBin.fuzzType == fuzz.AFL {
+	if ctx.Config().Getenv("FUZZ_FRAMEWORK") == "AFL" {
 		deps.HeaderLibs = append(deps.HeaderLibs, "libafl_headers")
-		deps = fuzzBin.binaryDecorator.linkerDeps(ctx, deps)
-		return deps
-
 	} else {
 		deps.StaticLibs = append(deps.StaticLibs, config.LibFuzzerRuntimeLibrary(ctx.toolchain()))
-		deps = fuzzBin.binaryDecorator.linkerDeps(ctx, deps)
-		return deps
 	}
+
+	deps = fuzzBin.binaryDecorator.linkerDeps(ctx, deps)
+	return deps
 }
 
 func (fuzz *fuzzBinary) linkerFlags(ctx ModuleContext, flags Flags) Flags {
@@ -257,9 +225,6 @@ func sharedLibrarySymbolsInstallLocation(libraryPath android.Path, fuzzDir strin
 
 func (fuzzBin *fuzzBinary) install(ctx ModuleContext, file android.Path) {
 	installBase := "fuzz"
-	if fuzzBin.fuzzType == fuzz.AFL {
-		installBase = "afl_fuzz"
-	}
 
 	fuzzBin.binaryDecorator.baseInstaller.dir = filepath.Join(
 		installBase, ctx.Target().Arch.ArchType.String(), ctx.ModuleName())
@@ -333,12 +298,9 @@ func (fuzzBin *fuzzBinary) install(ctx ModuleContext, file android.Path) {
 	}
 }
 
-func NewFuzzer(hod android.HostOrDeviceSupported, fuzzType fuzz.FuzzType) *Module {
+func NewFuzzer(hod android.HostOrDeviceSupported) *Module {
 	module, binary := newBinary(hod, false)
 	baseInstallerPath := "fuzz"
-	if fuzzType == fuzz.AFL {
-		baseInstallerPath = "afl_fuzz"
-	}
 
 	binary.baseInstaller = NewBaseInstaller(baseInstallerPath, baseInstallerPath, InstallInData)
 	module.sanitize.SetSanitizer(Fuzzer, true)
@@ -346,12 +308,13 @@ func NewFuzzer(hod android.HostOrDeviceSupported, fuzzType fuzz.FuzzType) *Modul
 	fuzzBin := &fuzzBinary{
 		binaryDecorator: binary,
 		baseCompiler:    NewBaseCompiler(),
-		fuzzType:        fuzzType,
 	}
 	module.compiler = fuzzBin
 	module.linker = fuzzBin
 	module.installer = fuzzBin
 
+	module.fuzzer.Properties.FuzzFramework = fuzz.LibFuzzer
+
 	// The fuzzer runtime is not present for darwin host modules, disable cc_fuzz modules when targeting darwin.
 	android.AddLoadHook(module, func(ctx android.LoadHookContext) {
 		disableDarwinAndLinuxBionic := struct {
@@ -367,18 +330,18 @@ func NewFuzzer(hod android.HostOrDeviceSupported, fuzzType fuzz.FuzzType) *Modul
 		disableDarwinAndLinuxBionic.Target.Darwin.Enabled = BoolPtr(false)
 		disableDarwinAndLinuxBionic.Target.Linux_bionic.Enabled = BoolPtr(false)
 		ctx.AppendProperties(&disableDarwinAndLinuxBionic)
-	})
 
-	if fuzzType == fuzz.AFL {
-		// Add cc_objects to Srcs
-		fuzzBin.baseCompiler.Properties.Srcs = append(fuzzBin.baseCompiler.Properties.Srcs, ":aflpp_driver", ":afl-compiler-rt")
-		module.fuzzer.Properties.AFLEnabled = true
-		module.compiler.appendCflags([]string{
-			"-Wno-unused-result",
-			"-Wno-unused-parameter",
-			"-Wno-unused-function",
-		})
-	}
+		targetFramework := fuzz.GetFramework(ctx, fuzz.Cc)
+		if !fuzz.IsValidFrameworkForModule(targetFramework, fuzz.Cc, fuzzBin.fuzzPackagedModule.FuzzProperties.Fuzzing_frameworks) {
+			ctx.Module().Disable()
+			return
+		}
+
+		if targetFramework == fuzz.AFL {
+			fuzzBin.baseCompiler.Properties.Srcs = append(fuzzBin.baseCompiler.Properties.Srcs, ":aflpp_driver", ":afl-compiler-rt")
+			module.fuzzer.Properties.FuzzFramework = fuzz.AFL
+		}
+	})
 
 	return module
 }
@@ -399,17 +362,6 @@ func fuzzPackagingFactory() android.Singleton {
 		fuzzTargetSharedDepsInstallPairs: "FUZZ_TARGET_SHARED_DEPS_INSTALL_PAIRS",
 		allFuzzTargetsName:               "ALL_FUZZ_TARGETS",
 	}
-	fuzzPackager.FuzzType = fuzz.Cc
-	return fuzzPackager
-}
-
-func fuzzAFLPackagingFactory() android.Singleton {
-	fuzzPackager := &ccFuzzPackager{
-		fuzzPackagingArchModules:         "SOONG_AFL_FUZZ_PACKAGING_ARCH_MODULES",
-		fuzzTargetSharedDepsInstallPairs: "AFL_FUZZ_TARGET_SHARED_DEPS_INSTALL_PAIRS",
-		allFuzzTargetsName:               "ALL_AFL_FUZZ_TARGETS",
-	}
-	fuzzPackager.FuzzType = fuzz.AFL
 	return fuzzPackager
 }
 
@@ -440,7 +392,7 @@ func (s *ccFuzzPackager) GenerateBuildActions(ctx android.SingletonContext) {
 
 		sharedLibsInstallDirPrefix := "lib"
 		fuzzModule, ok := ccModule.compiler.(*fuzzBinary)
-		if !ok || fuzzModule.fuzzType != s.FuzzType {
+		if !ok {
 			return
 		}
 
@@ -455,9 +407,6 @@ func (s *ccFuzzPackager) GenerateBuildActions(ctx android.SingletonContext) {
 		}
 
 		intermediatePath := "fuzz"
-		if s.FuzzType == fuzz.AFL {
-			intermediatePath = "afl_fuzz"
-		}
 
 		archString := ccModule.Arch().ArchType.String()
 		archDir := android.PathForIntermediates(ctx, intermediatePath, hostOrTargetString, archString)
@@ -484,7 +433,7 @@ func (s *ccFuzzPackager) GenerateBuildActions(ctx android.SingletonContext) {
 		}
 	})
 
-	s.CreateFuzzPackage(ctx, archDirs, s.FuzzType, pctx)
+	s.CreateFuzzPackage(ctx, archDirs, fuzz.Cc, pctx)
 }
 
 func (s *ccFuzzPackager) MakeVars(ctx android.MakeVarsContext) {
@@ -511,9 +460,6 @@ func GetSharedLibsToZip(sharedLibraries android.Paths, module LinkableInterface,
 	var files []fuzz.FileToZip
 
 	fuzzDir := "fuzz"
-	if s.FuzzType == fuzz.AFL {
-		fuzzDir = "afl_fuzz"
-	}
 
 	for _, library := range sharedLibraries {
 		files = append(files, fuzz.FileToZip{library, destinationPathPrefix})