CDRIVER-5648 fix libfuzzer integration #1686
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kevinAlbs
requested review from
vector-of-bool,
kevinAlbs and
eramongodb
and removed request for
vector-of-bool
eramongodb
requested changes
Aug 7, 2024
build/cmake/Fuzzer.cmake
Outdated
There was a problem hiding this comment.
Remove this file in favor of:
- reusing
MONGO_SANITIZEto set sanitizer options, and - scoping fuzz-testing-related properties and targets to
src/libbson/fuzz/CMakeLists.txt.
Described in further detail in other comments.
src/libbson/CMakeLists.txt
Outdated
| @@ -399,6 +399,8 @@ install (EXPORT bson-targets | |||
| include (LegacyPackage) | |||
| include (CPack) | |||
|
|
|||
| add_subdirectory(fuzz) | |||
There was a problem hiding this comment.
Suggested change
| add_subdirectory(fuzz) | |
| if (MONGO_FUZZ) | |
| add_subdirectory(fuzz) | |
| endif () |
Condition the definition of fuzz targets on MONGO_FUZZ.
src/libbson/fuzz/CMakeLists.txt
Outdated
| @@ -0,0 +1,9 @@ | |||
| if (MONGO_FUZZ) | |||
There was a problem hiding this comment.
Suggested change
| if (MONGO_FUZZ) |
Condition the add_subdirectory() rather than this file's contents.
src/libbson/fuzz/CMakeLists.txt
Outdated
Comment on lines
5
to
6
| target_include_directories(fuzz_test_init_from_json PRIVATE "src" "${PROJECT_BINARY_DIR}/src/") | ||
| target_link_libraries(fuzz_test_init_from_json ${bson_libs}) |
There was a problem hiding this comment.
Suggested change
| target_include_directories(fuzz_test_init_from_json PRIVATE "src" "${PROJECT_BINARY_DIR}/src/") | |
| target_link_libraries(fuzz_test_init_from_json ${bson_libs}) | |
| target_link_libraries(fuzz_test_init_from_json PRIVATE bson_static) |
Use same library linkage pattern as existing test executables.
build/cmake/Fuzzer.cmake
Outdated
Comment on lines
5
to
9
| mongo_setting( | ||
| MONGO_FUZZ "Whether fuzz testing is enabled" | ||
| TYPE BOOL | ||
| DEFAULT FALSE | ||
| ) |
There was a problem hiding this comment.
Suggested change
| mongo_setting( | |
| MONGO_FUZZ "Whether fuzz testing is enabled" | |
| TYPE BOOL | |
| DEFAULT FALSE | |
| ) |
Move the MONGO_FUZZ option definition into build/cmake/Sanitizers.cmake prior to the MONGO_SANITIZE option definition and redefine as follows:
mongo_bool_setting(
MONGO_FUZZ "Enable LibFuzzer integration"
DEFAULT VALUE OFF
VALIDATE CODE [[
if (NOT ENABLE_STATIC)
message (FATAL_ERROR "MONGO_FUZZ requires ENABLE_STATIC=ON or ENABLE_STATIC=BUILD_ONLY")
endif ()
]]
)
build/cmake/Fuzzer.cmake
Outdated
Comment on lines
11
to
14
| if (MONGO_FUZZ) | ||
| set(CMAKE_C_FLAGS "-fsanitize=undefined -fsanitize=address -fsanitize=fuzzer-no-link" CACHE STRING "Custom comp" FORCE) | ||
| set(MONGO_FUZZ_ENGINE -fsanitize=fuzzer) | ||
| endif () |
There was a problem hiding this comment.
Suggested change
| if (MONGO_FUZZ) | |
| set(CMAKE_C_FLAGS "-fsanitize=undefined -fsanitize=address -fsanitize=fuzzer-no-link" CACHE STRING "Custom comp" FORCE) | |
| set(MONGO_FUZZ_ENGINE -fsanitize=fuzzer) | |
| endif () |
Remove in favor of reusing the existing MONGO_SANITIZE option by adding the following after the MONGO_SANITIZE option definition in build/cmake/Sanitizers.cmake:
if (MONGO_FUZZ)
set(mongo_fuzz_options "address,undefined,fuzzer-no-link")
if (NOT "${MONGO_SANITIZE}" STREQUAL "${mongo_fuzz_options}")
message(WARNING "Overriding user-provided MONGO_SANITIZE options in favor of MONGO_SANITIZE=ON")
endif()
set_property (CACHE MONGO_SANITIZE PROPERTY VALUE "${mongo_fuzz_options}")
endif ()
src/libbson/fuzz/CMakeLists.txt
Outdated
Comment on lines
3
to
4
| add_executable(fuzz_test_init_from_json | ||
| fuzz_test_init_from_json.c) |
There was a problem hiding this comment.
Suggested change
| add_executable(fuzz_test_init_from_json | |
| fuzz_test_init_from_json.c) | |
| add_executable(fuzz_test_init_from_json EXCLUDE_FROM_ALL fuzz_test_init_from_json.c) |
Do not build fuzz executable as part of build-and-install routines.
src/libbson/fuzz/CMakeLists.txt
Outdated
| fuzz_test_init_from_json.c) | ||
| target_include_directories(fuzz_test_init_from_json PRIVATE "src" "${PROJECT_BINARY_DIR}/src/") | ||
| target_link_libraries(fuzz_test_init_from_json ${bson_libs}) | ||
| set_target_properties(fuzz_test_init_from_json PROPERTIES LINK_FLAGS ${MONGO_FUZZ_ENGINE}) |
There was a problem hiding this comment.
Suggested change
| set_target_properties(fuzz_test_init_from_json PROPERTIES LINK_FLAGS ${MONGO_FUZZ_ENGINE}) | |
| set_property(TARGET fuzz_test_init_from_json APPEND PROPERTY LINK_OPTIONS -fsanitize=fuzzer) |
Pass fuzzer "with link" option directly and avoid potentially overwriting existing LINK_OPTIONS values.
eramongodb
approved these changes
Aug 9, 2024
build/cmake/Sanitizers.cmake
Outdated
Comment on lines
44
to
60
| mongo_bool_setting( | ||
| MONGO_FUZZ "Enable LibFuzzer integration" | ||
| DEFAULT VALUE OFF | ||
| VALIDATE CODE [[ | ||
| if (NOT ENABLE_STATIC) | ||
| message (FATAL_ERROR "MONGO_FUZZ requires ENABLE_STATIC=ON or ENABLE_STATIC=BUILD_ONLY") | ||
| endif () | ||
| ]] | ||
| ) | ||
|
|
||
| if (MONGO_FUZZ) | ||
| set(mongo_fuzz_options "address,undefined,fuzzer-no-link") | ||
| if (NOT "${MONGO_SANITIZE}" STREQUAL "${mongo_fuzz_options}") | ||
| message(WARNING "Overriding user-provided MONGO_SANITIZE options in favor of MONGO_SANITIZE=ON") | ||
| endif () | ||
| set_property (CACHE MONGO_SANITIZE PROPERTY VALUE "${mongo_fuzz_options}") | ||
| endif () |
There was a problem hiding this comment.
These commands must come before MONGO_SANITIZE is parsed. Move up to come immediately after the MONGO_SANITIZE option definition:
mongo_setting (MONGO_SANITIZE ...)
mongo_bool_setting (MONGO_FUZZ ...)
if (MONGO_FUZZ)
set(mongo_fuzz_options "address,undefined,fuzzer-no-link")
...
endif ()
# Replace commas with semicolons for the genex
string(REPLACE ";" "," _sanitize "${MONGO_SANITIZE}")
if (_sanitize)
...
endif ()
|
Comments addressed, I also tweaked the logic in the MONGO_FUZZ VALIDATE block, so that it errors only |
kevinAlbs
approved these changes
Aug 12, 2024
build/cmake/Sanitizers.cmake
Outdated
| if (MONGO_FUZZ) | ||
| set(mongo_fuzz_options "address,undefined,fuzzer-no-link") | ||
| if (NOT "${MONGO_SANITIZE}" STREQUAL "${mongo_fuzz_options}") | ||
| message(WARNING "Overriding user-provided MONGO_SANITIZE options in favor of MONGO_SANITIZE=ON") |
There was a problem hiding this comment.
Suggested change
| message(WARNING "Overriding user-provided MONGO_SANITIZE options in favor of MONGO_SANITIZE=ON") | |
| message(WARNING "Overriding user-provided MONGO_SANITIZE options due to MONGO_FUZZ=ON") |
build/cmake/Sanitizers.cmake
Outdated
|
|
||
| if (MONGO_FUZZ) | ||
| set(mongo_fuzz_options "address,undefined,fuzzer-no-link") | ||
| if (NOT "${MONGO_SANITIZE}" STREQUAL "${mongo_fuzz_options}") |
There was a problem hiding this comment.
Suggested change
| if (NOT "${MONGO_SANITIZE}" STREQUAL "${mongo_fuzz_options}") | |
| if (MONGO_SANITIZE AND NOT "${MONGO_SANITIZE}" STREQUAL "${mongo_fuzz_options}") |
To skip warning when MONGO_SANITIZE is not set.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This patch modifies the CMake rules in order to allow compilation of the already existing libfuzzer entrypoint.
What Changed?
We could have multiple entrypoints, so it makes sense to name the file after the function we're fuzzing.
The faster we can run the entrypoint, the more iterations per second we'll be able to manage.
MONGO_FUZZaddedWhen building a fuzzer, all code in all TUs must be compiled with coverage instrumentation. The final link step must statically link libfuzzer's
mainsymbol. Adding sanitizers to all TUs is also beneficial.This new option enables AUBSan and a sanitizer called "fuzzer-no-link", which enables CovSAN and all the other flags libfuzzer needs to operate. Finally, this option sets
MONGO_FUZZ_ENGINEto the linker flags needed to statically link in libfuzzer'smain. Any binaries which provide fuzzer entrypoints need to useMONGO_FUZZ_ENGINEin theirLINK_FLAGS.src/libbson/fuzz/CMakeLists.txtThis file compiles the fuzzer entrypoint, iff
MONGO_FUZZis enabled.I haven't used CMake in a while, so feedback is appreciated!