Index: .gitignore =================================================================== --- .gitignore +++ .gitignore @@ -49,7 +49,6 @@ projects/* !projects/*.* !projects/Makefile -runtimes/* !runtimes/*.* # Clang, which is tracked independently. tools/clang Index: cmake/modules/LLVMExternalProjectUtils.cmake =================================================================== --- cmake/modules/LLVMExternalProjectUtils.cmake +++ cmake/modules/LLVMExternalProjectUtils.cmake @@ -149,6 +149,7 @@ -DPACKAGE_VERSION=${PACKAGE_VERSION} -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE} -DCMAKE_MAKE_PROGRAM=${CMAKE_MAKE_PROGRAM} + -DCMAKE_EXPORT_COMPILE_COMMANDS=1 ${ARG_CMAKE_ARGS} ${PASSTHROUGH_VARIABLES} INSTALL_COMMAND "" Index: lib/CMakeLists.txt =================================================================== --- lib/CMakeLists.txt +++ lib/CMakeLists.txt @@ -20,7 +20,6 @@ add_subdirectory(AsmParser) add_subdirectory(LineEditor) add_subdirectory(ProfileData) -add_subdirectory(Fuzzer) add_subdirectory(Passes) add_subdirectory(ToolDrivers) add_subdirectory(XRay) Index: lib/Fuzzer/test/fuzzer-customcrossoverandmutate.test =================================================================== --- lib/Fuzzer/test/fuzzer-customcrossoverandmutate.test +++ /dev/null @@ -1 +0,0 @@ -RUN: LLVMFuzzer-CustomCrossOverAndMutateTest -seed=1 -runs=100000 Index: runtimes/CMakeLists.txt =================================================================== --- runtimes/CMakeLists.txt +++ runtimes/CMakeLists.txt @@ -305,6 +305,12 @@ obj2yaml sancov sanstats + gtest_main + gtest + # TODO: we can not depend on runtimes, see + # https://reviews.llvm.org/D33048 for the discussion. + asan + ubsan ) foreach(target ${test_targets} ${SUB_COMPONENT_CHECK_TARGETS}) add_dependencies(${target} ${RUNTIMES_TEST_DEPENDS}) Index: runtimes/libfuzzer/CMakeLists.txt =================================================================== --- runtimes/libfuzzer/CMakeLists.txt +++ runtimes/libfuzzer/CMakeLists.txt @@ -1,5 +1,8 @@ include(CheckCXXSourceCompiles) +add_custom_target(fuzzer) +add_dependencies(fuzzer LLVMFuzzer LLVMFuzzerNoMain) + if( APPLE ) CHECK_CXX_SOURCE_COMPILES(" static thread_local int blah; @@ -13,6 +16,8 @@ endif() endif() +set(LIBFUZZER_FLAGS_BASE "${CMAKE_CXX_FLAGS}") + if( LLVM_USE_SANITIZE_COVERAGE ) if(NOT "${LLVM_USE_SANITIZER}" STREQUAL "Address") message(FATAL_ERROR @@ -20,12 +25,34 @@ "LLVM_USE_SANITIZE_COVERAGE=YES to be set." ) endif() - set(LIBFUZZER_FLAGS_BASE "${CMAKE_CXX_FLAGS}") # Disable the coverage and sanitizer instrumentation for the fuzzer itself. set(CMAKE_CXX_FLAGS "${LIBFUZZER_FLAGS_BASE} -fno-sanitize-coverage=trace-pc-guard,edge,trace-cmp,indirect-calls,8bit-counters -Werror") endif() +# TODO: move this function elsewhere. +function(set_target_output_directories target output_dir) + # For RUNTIME_OUTPUT_DIRECTORY variable, Multi-configuration generators + # append a per-configuration subdirectory to the specified directory. + # To avoid the appended folder, the configuration specific variable must be + # set 'RUNTIME_OUTPUT_DIRECTORY_${CONF}': + # RUNTIME_OUTPUT_DIRECTORY_DEBUG, RUNTIME_OUTPUT_DIRECTORY_RELEASE, ... + if(CMAKE_CONFIGURATION_TYPES) + foreach(build_mode ${CMAKE_CONFIGURATION_TYPES}) + string(TOUPPER "${build_mode}" CONFIG_SUFFIX) + set_target_properties("${target}" PROPERTIES + "ARCHIVE_OUTPUT_DIRECTORY_${CONFIG_SUFFIX}" ${output_dir} + "LIBRARY_OUTPUT_DIRECTORY_${CONFIG_SUFFIX}" ${output_dir} + "RUNTIME_OUTPUT_DIRECTORY_${CONFIG_SUFFIX}" ${output_dir}) + endforeach() + else() + set_target_properties("${target}" PROPERTIES + ARCHIVE_OUTPUT_DIRECTORY ${output_dir} + LIBRARY_OUTPUT_DIRECTORY ${output_dir} + RUNTIME_OUTPUT_DIRECTORY ${output_dir}) + endif() +endfunction() + # Compile libFuzzer if the compilation is specifically requested, OR # if the platform is known to be working. if ( LLVM_USE_SANITIZE_COVERAGE OR CMAKE_SYSTEM_NAME MATCHES "Darwin|Linux" ) @@ -62,8 +89,23 @@ $ ) target_link_libraries(LLVMFuzzer ${LLVM_PTHREAD_LIB}) + + + # TODO: Avoid duplication with compiler-rt/cmake/base-config-ix.cmake + if(NOT DEFINED OS_DIR) + string(TOLOWER ${CMAKE_SYSTEM_NAME} OS_DIR) + endif() + string(REGEX MATCH "[0-9]+\\.[0-9]+(\\.[0-9]+)?" CLANG_VERSION + ${PACKAGE_VERSION}) + + # TODO: avoid repetition, extract into a function. + set_target_output_directories(LLVMFuzzer + ${LLVM_LIBRARY_OUTPUT_INTDIR}/clang/${CLANG_VERSION}/lib/${OS_DIR}) + + set_target_output_directories(LLVMFuzzerNoMain + ${LLVM_LIBRARY_OUTPUT_INTDIR}/clang/${CLANG_VERSION}/lib/${OS_DIR}) endif() -if( LLVM_USE_SANITIZE_COVERAGE AND LLVM_INCLUDE_TESTS ) +if( LLVM_INCLUDE_TESTS ) add_subdirectory(test) endif() Index: runtimes/libfuzzer/test/CMakeLists.txt =================================================================== --- runtimes/libfuzzer/test/CMakeLists.txt +++ runtimes/libfuzzer/test/CMakeLists.txt @@ -14,8 +14,18 @@ string(REGEX REPLACE "([-/]O)[123s]" "\\10" ${VARNAME} "${${VARNAME}}") endforeach() +# TODO: try enabling for all of libfuzzer. +if(TARGET clang) + set(CMAKE_CXX_COMPILER "${LLVM_RUNTIME_OUTPUT_INTDIR}/clang++") + set(CMAKE_C_COMPILER "${LLVM_RUNTIME_OUTPUT_INTDIR}/clang") +endif() + +# Relax this restriction from HandleLLVMOptions. +string(REPLACE "-Wl,-z,defs" "" CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS}") + + # Enable the coverage instrumentation (it is disabled for the Fuzzer lib). -set(CMAKE_CXX_FLAGS "${LIBFUZZER_FLAGS_BASE} -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp,trace-div,trace-gep -gline-tables-only") +set(CMAKE_CXX_FLAGS "${LIBFUZZER_FLAGS_BASE} -fsanitize=address -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp,trace-div,trace-gep -gline-tables-only -std=c++11") if(MSVC) # For tests use the CRT specified for release build @@ -63,7 +73,7 @@ # Place binary where llvm-lit expects to find it set_target_properties(LLVMFuzzer-${name} PROPERTIES RUNTIME_OUTPUT_DIRECTORY - "${CMAKE_BINARY_DIR}/lib/Fuzzer/test" + "${CMAKE_BINARY_DIR}/libfuzzer/test" ) add_dependencies(TestBinaries LLVMFuzzer-${name}) endfunction() @@ -224,20 +234,20 @@ ) set_target_properties(LLVMFuzzer-DSOTest PROPERTIES RUNTIME_OUTPUT_DIRECTORY - "${CMAKE_BINARY_DIR}/lib/Fuzzer/test") + "${CMAKE_BINARY_DIR}/libfuzzer/test") if(MSVC) set_output_directory(LLVMFuzzer-DSO1 - BINARY_DIR "${CMAKE_BINARY_DIR}/lib/Fuzzer/test" - LIBRARY_DIR "${CMAKE_BINARY_DIR}/lib/Fuzzer/test") + BINARY_DIR "${CMAKE_BINARY_DIR}/libfuzzer/test" + LIBRARY_DIR "${CMAKE_BINARY_DIR}/libfuzzer/test") set_output_directory(LLVMFuzzer-DSO2 - BINARY_DIR "${CMAKE_BINARY_DIR}/lib/Fuzzer/test" - LIBRARY_DIR "${CMAKE_BINARY_DIR}/lib/Fuzzer/test") + BINARY_DIR "${CMAKE_BINARY_DIR}/libfuzzer/test" + LIBRARY_DIR "${CMAKE_BINARY_DIR}/libfuzzer/test") else(MSVC) set_output_directory(LLVMFuzzer-DSO1 - LIBRARY_DIR "${CMAKE_BINARY_DIR}/lib/Fuzzer/lib") + LIBRARY_DIR "${CMAKE_BINARY_DIR}/libfuzzer/lib") set_output_directory(LLVMFuzzer-DSO2 - LIBRARY_DIR "${CMAKE_BINARY_DIR}/lib/Fuzzer/lib") + LIBRARY_DIR "${CMAKE_BINARY_DIR}/libfuzzer/lib") endif() add_dependencies(TestBinaries LLVMFuzzer-DSOTest) @@ -267,9 +277,3 @@ ${CMAKE_CURRENT_BINARY_DIR} DEPENDS TestBinaries ) - -# Don't add dependencies on Windows. The linker step would fail on Windows, -# since cmake will use link.exe for linking and won't include compiler-rt libs. -if(NOT MSVC) - add_dependencies(check-fuzzer FileCheck sancov not) -endif() Index: runtimes/libfuzzer/test/FuzzerUnittest.cpp =================================================================== --- runtimes/libfuzzer/test/FuzzerUnittest.cpp +++ runtimes/libfuzzer/test/FuzzerUnittest.cpp @@ -5,6 +5,9 @@ // with ASan) involving C++ standard library types when using libcxx. #define _LIBCPP_HAS_NO_ASAN +// Do not attempt to use LLVM ostream from gtest. +#define GTEST_NO_LLVM_RAW_OSTREAM 1 + #include "FuzzerCorpus.h" #include "FuzzerDictionary.h" #include "FuzzerInternal.h" Index: runtimes/libfuzzer/test/dump_coverage.test =================================================================== --- runtimes/libfuzzer/test/dump_coverage.test +++ runtimes/libfuzzer/test/dump_coverage.test @@ -1,3 +1,5 @@ +XFAIL: darwin + RUN: rm -rf %t_workdir && mkdir -p %t_workdir RUN: env ASAN_OPTIONS=coverage_dir='"%t_workdir"' not LLVMFuzzer-NullDerefTest -dump_coverage=1 2>&1 | FileCheck %s RUN: sancov -covered-functions LLVMFuzzer-NullDerefTest* %t_workdir/*.sancov | FileCheck %s --check-prefix=SANCOV Index: runtimes/libfuzzer/test/fuzzer-customcrossoverandmutate.test =================================================================== --- /dev/null +++ runtimes/libfuzzer/test/fuzzer-customcrossoverandmutate.test @@ -0,0 +1 @@ +RUN: env ASAN_OPTIONS=detect_container_overflow=0 LLVMFuzzer-CustomCrossOverAndMutateTest -seed=1 -runs=100000 Index: runtimes/libfuzzer/test/no-coverage/CMakeLists.txt =================================================================== --- runtimes/libfuzzer/test/no-coverage/CMakeLists.txt +++ runtimes/libfuzzer/test/no-coverage/CMakeLists.txt @@ -22,7 +22,7 @@ set_target_properties(AFLDriverTest PROPERTIES RUNTIME_OUTPUT_DIRECTORY - "${CMAKE_BINARY_DIR}/lib/Fuzzer/test" + "${CMAKE_BINARY_DIR}/libfuzzer/test" ) add_dependencies(TestBinaries AFLDriverTest) Index: runtimes/libfuzzer/test/ubsan/CMakeLists.txt =================================================================== --- runtimes/libfuzzer/test/ubsan/CMakeLists.txt +++ runtimes/libfuzzer/test/ubsan/CMakeLists.txt @@ -1,7 +1,7 @@ # These tests are instrumented with ubsan in non-recovery mode. set(CMAKE_CXX_FLAGS - "${LIBFUZZER_FLAGS_BASE} -fsanitize=undefined -fno-sanitize-recover=all") + "${LIBFUZZER_FLAGS_BASE} -fsanitize=undefined -fsanitize=address -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp,trace-div,trace-gep -fno-sanitize-recover=all") set(UbsanTests SignedIntOverflowTest