Switch to Clang 6.0's fuzzer support.

With Clang 6.0, libFuzzer is now included and there's a new -fsanitize=fuzzer command to enable the needed compiler actions. Change-Id: If8c0d649f494655c5bb1e55ebdbf39450940c75b Reviewed-on: https://boringssl-review.googlesource.com/31324 Reviewed-by: David Benjamin <davidben@google.com>
il y a 6 ans · 9c969bf491
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -206,6 +206,10 @@ if(FUZZ)
    message(FATAL_ERROR "You need to build with Clang for fuzzing to work")
  endif()

  if(CMAKE_C_COMPILER_VERSION VERSION_LESS "6.0.0")
    message(FATAL_ERROR "You need Clang ≥ 6.0.0")
  endif()

  add_definitions(-DBORINGSSL_UNSAFE_DETERMINISTIC_MODE)
  set(RUNNER_ARGS "-deterministic")

@@ -214,10 +218,8 @@ if(FUZZ)
    set(RUNNER_ARGS ${RUNNER_ARGS} "-fuzzer" "-shim-config" "fuzzer_mode.json")
  endif()

  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address -fsanitize-coverage=edge,indirect-calls,trace-pc-guard")
  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -fsanitize-coverage=edge,indirect-calls,trace-pc-guard")
  set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=address")
  link_directories(.)
  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address,fuzzer-no-link -fsanitize-coverage=edge,indirect-calls")
  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address,fuzzer-no-link -fsanitize-coverage=edge,indirect-calls")
 endif()

 add_definitions(-DBORINGSSL_IMPLEMENTATION)
@@ -448,14 +450,6 @@ add_subdirectory(tool)
 add_subdirectory(decrepit)

 if(FUZZ)
  if(LIBFUZZER_FROM_DEPS)
    file(GLOB LIBFUZZER_SOURCES "util/bot/libFuzzer/*.cpp")
    add_library(Fuzzer STATIC ${LIBFUZZER_SOURCES})
    # libFuzzer does not pass our aggressive warnings. It also must be built
    # without -fsanitize-coverage options or clang crashes.
    set_target_properties(Fuzzer PROPERTIES COMPILE_FLAGS "-Wno-shadow -Wno-format-nonliteral -Wno-missing-prototypes -fsanitize-coverage=0")
  endif()

  add_subdirectory(fuzz)
 endif()

--- a/FUZZING.md
+++ b/FUZZING.md
@@ -2,23 +2,17 @@

 Modern fuzz testers are very effective and we wish to use them to ensure that no silly bugs creep into BoringSSL.

 We primarily use Clang's [libFuzzer](http://llvm.org/docs/LibFuzzer.html) for fuzz testing and there are a number of fuzz testing functions in `fuzz/`. They are not built by default because they require libFuzzer at build time.
 We use Clang's [libFuzzer](http://llvm.org/docs/LibFuzzer.html) for fuzz testing and there are a number of fuzz testing functions in `fuzz/`. They are not built by default because they require that the rest of BoringSSL be built with some changes that make fuzzing much more effective, but are completely unsafe for real use.

 In order to build the fuzz tests you will need at least Clang 3.7. Pass `-DFUZZ=1` on the CMake command line to enable building BoringSSL with coverage and AddressSanitizer, and to build the fuzz test binaries. You'll probably need to set the `CC` and `CXX` environment variables too, like this:
 In order to build the fuzz tests you will need at least Clang 6.0. Pass `-DFUZZ=1` on the CMake command line to enable building BoringSSL with coverage and AddressSanitizer, and to build the fuzz test binaries. You'll probably need to set the `CC` and `CXX` environment variables too, like this:

 ```
 mkdir build
 cd build
 CC=clang CXX=clang++ cmake -GNinja -DFUZZ=1 ..
 ninja
 ```

 In order for the fuzz tests to link, the linker needs to find libFuzzer. This is not commonly provided and you may need to download the [Clang source code](http://llvm.org/releases/download.html) and do the following:

 ```
 svn co http://llvm.org/svn/llvm-project/llvm/trunk/lib/Fuzzer
 clang++ -c -g -O2 -std=c++11 Fuzzer/*.cpp -IFuzzer
 ar ruv libFuzzer.a Fuzzer*.o
 ```

 Then copy `libFuzzer.a` to the top-level of your BoringSSL source directory.

 From the `build/` directory, you can then run the fuzzers. For example:

@@ -32,6 +26,7 @@ The recommended values of `max_len` for each test are:

 | Test          | `max_len` value |
 |---------------|-----------------|
 | `bn_mod_exp`  | 4096            |
 | `cert`        | 10000           |
 | `client`      | 20000           |
 | `pkcs8`       | 2048            |
--- a/fuzz/CMakeLists.txt
+++ b/fuzz/CMakeLists.txt
@@ -2,44 +2,22 @@ include_directories(../include)

 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wno-missing-prototypes")

 add_executable(bn_mod_exp bn_mod_exp.cc)
 target_link_libraries(bn_mod_exp Fuzzer crypto)

 add_executable(bn_div bn_div.cc)
 target_link_libraries(bn_div Fuzzer crypto)

 add_executable(privkey privkey.cc)
 target_link_libraries(privkey Fuzzer crypto)

 add_executable(cert cert.cc)
 target_link_libraries(cert Fuzzer crypto)

 add_executable(spki spki.cc)
 target_link_libraries(spki Fuzzer crypto)

 add_executable(pkcs8 pkcs8.cc)
 target_link_libraries(pkcs8 Fuzzer crypto)

 add_executable(pkcs12 pkcs12.cc)
 target_link_libraries(pkcs12 Fuzzer crypto)

 add_executable(server server.cc)
 target_link_libraries(server Fuzzer crypto ssl)

 add_executable(client client.cc)
 target_link_libraries(client Fuzzer crypto ssl)

 add_executable(dtls_server dtls_server.cc)
 target_link_libraries(dtls_server Fuzzer crypto ssl)

 add_executable(dtls_client dtls_client.cc)
 target_link_libraries(dtls_client Fuzzer crypto ssl)

 add_executable(read_pem read_pem.cc)
 target_link_libraries(read_pem Fuzzer crypto)

 add_executable(ssl_ctx_api ssl_ctx_api.cc)
 target_link_libraries(ssl_ctx_api Fuzzer crypto ssl)

 add_executable(session session.cc)
 target_link_libraries(session Fuzzer crypto ssl)
 macro(fuzzer name)
  add_executable(${name} ${name}.cc)
  target_link_libraries(${name} crypto ${ARGN})
  set_target_properties(${name} PROPERTIES LINK_FLAGS "-fsanitize=fuzzer")
 endmacro()

 fuzzer(bn_mod_exp)
 fuzzer(privkey)
 fuzzer(cert)
 fuzzer(spki)
 fuzzer(pkcs8)
 fuzzer(pkcs12)
 fuzzer(read_pem)
 fuzzer(server ssl)
 fuzzer(client ssl)
 fuzzer(dtls_server ssl)
 fuzzer(dtls_client ssl)
 fuzzer(ssl_ctx_api ssl)
 fuzzer(session ssl)