Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / chromite / 5ca176531e62ac9f0a7fe2cb593a03040967d403^! / . / scripts / cros_fuzz.py
commit5ca176531e62ac9f0a7fe2cb593a03040967d403[log] [tgz]
authorManoj Gupta <manojgupta@google.com>Mon May 13 11:15:33 2019 -0700
committerManoj Gupta <manojgupta@chromium.org>Mon May 13 23:14:58 2019 +0000
tree68ce105cdb3e1ee082e34db0b450d1db902e5baf
parentbbc5238c48bbe055dc91473241d631d7485718d8 [diff] [blame]
cros_fuzz: Add checks for msan.

MSan fuzzing requires all packages to be built with msan instrumentation.
So detect if "msan-fuzzer" profile is being used, and if not error out
when using the reproduce command. Also pass "--nousepkg" with msan
build type to avoid pulling in prebuilts.

BUG=chromium:920355
TEST="--nousepkg" is passed.
TEST=Exception is raised when profile is not msan-fuzzer.

Change-Id: I8d6f4c3d2900ace0f11e06129606b799ca920083
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/chromite/+/1609567
Reviewed-by: Jonathan Metzman <metzman@chromium.org>
Reviewed-by: Jason Clinton <jclinton@chromium.org>
Tested-by: Manoj Gupta <manojgupta@chromium.org>

diff --git a/scripts/cros_fuzz.py b/scripts/cros_fuzz.py
index 154cb21..7a3f980 100644
--- a/scripts/cros_fuzz.py
+++ b/scripts/cros_fuzz.py

@@ -413,7 +413,10 @@
   return {x + '_OPTIONS': sanitizer_options for x in sanitizers}
 
 
-def RunFuzzer(fuzzer, corpus_path=None, fuzz_args='', testcase_path=None,
+def RunFuzzer(fuzzer,
+              corpus_path=None,
+              fuzz_args='',
+              testcase_path=None,
               crash_expected=False):
   """Runs the fuzzer while chrooted into the sysroot.
 
@@ -651,6 +654,11 @@
       '--skip_chroot_upgrade',
       package,
   ]
+  # For msan builds, always use "--nousepkg" since all package needs to be
+  # instrumented with msan.
+  if build_type == BuildType.MSAN:
+    command += ['--nousepkg']
+
   # Print the output of the build command. Do this because it is familiar to
   # devs and we don't want to leave them not knowing about the build's progress
   # for a long time.
@@ -1086,6 +1094,20 @@
   if options.build_type and not options.package:
     raise Exception('Cannot specify --build_type without specifying --package.')
 
+  # Verify that "msan-fuzzer" profile is being used with msan.
+  # Check presence of "-fsanitize=memory" in CFLAGS.
+  if options.build_type == BuildType.MSAN:
+    cmd = ['portageq-%s' % options.board, 'envvar', 'CFLAGS']
+    cflags = cros_build_lib.RunCommand(
+        cmd, capture_output=True).output.splitlines()
+    check_string = '-fsanitize=memory'
+    if not any(check_string in s for s in cflags):
+      logging.error(
+          '-fsanitize=memory not found in CFLAGS. '
+          'Use "setup_board --board=amd64-generic --profile=msan-fuzzer" '
+          'for MSan Fuzzing Builds.')
+      raise Exception('Incompatible profile used for msan fuzzing.')
+
   BuildPackage(options.package, options.board, options.build_type)
   SetUpSysrootForFuzzing()
   Reproduce(StripFuzzerPrefixes(options.fuzzer), options.testcase)