configure: Add sanitizer "fuzzer-no-link"

Adds instrumentation for fuzzing to the binaries but links to the usual main function instead of a fuzzer's. The similar sanitizer "fuzzer" should then be used only for building the test itself. Requires clang 6 or higher. Change-Id: I24ee1f018b0b97f2977dc86fbdc29a164d7c4e01 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2019-11-01 13:21:33 +01:00 · 2019-11-01 13:21:33 +01:00 · 6e42ed217c
commit 6e42ed217c
parent 0ec40c21c1
6 changed files with 34 additions and 3 deletions
--- a/config_help.txt
+++ b/config_help.txt
@ -131,7 +131,7 @@ Build options:
                         Currently supported backends are 'etw' (Windows) and
                         'lttng' (Linux), or 'yes' for auto-detection. [no]

-  -sanitize {address|thread|memory|undefined}
+  -sanitize {address|thread|memory|fuzzer-no-link|undefined}
                         Instrument with the specified compiler sanitizer.
                         Note that some sanitizers cannot be combined;
                         for example, -sanitize address cannot be combined with
--- a/configure.json
+++ b/configure.json
@ -895,6 +895,12 @@
            "autoDetect": false,
            "output": [ "publicConfig" ]
        },
+        "sanitize_fuzzer_no_link": {
+            "label": "Fuzzer (instrumentation only)",
+            "autoDetect": false,
+            "output": [ "publicConfig" ],
+            "purpose": [ "Adds instrumentation for fuzzing to the binaries but links to the usual main function instead of a fuzzer's." ]
+        },
        "sanitize_undefined": {
            "label": "Undefined",
            "autoDetect": false,
@ -902,7 +908,7 @@
        },
        "sanitizer": {
            "label": "Sanitizers",
-            "condition": "features.sanitize_address || features.sanitize_thread || features.sanitize_memory || features.sanitize_undefined",
+            "condition": "features.sanitize_address || features.sanitize_thread || features.sanitize_memory || features.sanitize_fuzzer_no_link || features.sanitize_undefined",
            "output": [ "sanitizer", "publicConfig" ]
        },
        "coverage_trace_pc_guard": {
@ -1444,6 +1450,11 @@ Qt can be built in release mode with separate debug information, so
            "type": "error",
            "condition": "features.coverage && !config.clang",
            "message": "Command line option -coverage is only supported with clang compilers."
+        },
+        {
+            "type": "error",
+            "condition": "features.sanitize_fuzzer_no_link && !config.clang",
+            "message": "Command line option -sanitize fuzzer-no-link is only supported with clang compilers."
        }
    ],

@ -1581,7 +1592,13 @@ Configure with '-qreal float' to create a build that is binary-compatible with 5
                {
                    "section": "Sanitizers",
                    "condition": "features.sanitizer",
-                    "entries": [ "sanitize_address", "sanitize_thread", "sanitize_memory", "sanitize_undefined" ]
+                    "entries": [
+                        "sanitize_address",
+                        "sanitize_thread",
+                        "sanitize_memory",
+                        "sanitize_fuzzer_no_link",
+                        "sanitize_undefined"
+                    ]
                },
                {
                    "message": "Code Coverage Instrumentation",
--- a/configure.pri
+++ b/configure.pri
@ -53,6 +53,8 @@ defineTest(qtConfCommandline_sanitize) {
            qtConfCommandlineSetInput("sanitize_thread", "yes")
        } else: equals(val, "memory") {
            qtConfCommandlineSetInput("sanitize_memory", "yes")
+        } else: equals(val, "fuzzer-no-link") {
+            qtConfCommandlineSetInput("sanitize_fuzzer_no_link", "yes")
        } else: equals(val, "undefined") {
            qtConfCommandlineSetInput("sanitize_undefined", "yes")
        } else {
--- a/mkspecs/common/sanitize.conf
+++ b/mkspecs/common/sanitize.conf
@ -17,6 +17,10 @@ QMAKE_SANITIZE_MEMORY_CFLAGS      = -fsanitize=memory
 QMAKE_SANITIZE_MEMORY_CXXFLAGS    = -fsanitize=memory
 QMAKE_SANITIZE_MEMORY_LFLAGS      = -fsanitize=memory

+QMAKE_SANITIZE_FUZZERNL_CFLAGS    = -fsanitize=fuzzer-no-link
+QMAKE_SANITIZE_FUZZERNL_CXXFLAGS  = -fsanitize=fuzzer-no-link
+QMAKE_SANITIZE_FUZZERNL_LFLAGS    = -fsanitize=fuzzer-no-link
+
 QMAKE_SANITIZE_UNDEFINED_CFLAGS   = -fsanitize=undefined
 QMAKE_SANITIZE_UNDEFINED_CXXFLAGS = -fsanitize=undefined
 QMAKE_SANITIZE_UNDEFINED_LFLAGS   = -fsanitize=undefined
--- a/mkspecs/features/sanitizer.prf
+++ b/mkspecs/features/sanitizer.prf
@ -42,6 +42,12 @@ sanitize_thread {
    QMAKE_LFLAGS   += $$QMAKE_SANITIZE_THREAD_LFLAGS
 }

+sanitize_fuzzer_no_link {
+    QMAKE_CFLAGS   += $$QMAKE_SANITIZE_FUZZERNL_CFLAGS
+    QMAKE_CXXFLAGS += $$QMAKE_SANITIZE_FUZZERNL_CXXFLAGS
+    QMAKE_LFLAGS   += $$QMAKE_SANITIZE_FUZZERNL_LFLAGS
+}
+
 sanitize_undefined {
    QMAKE_CFLAGS   += $$QMAKE_SANITIZE_UNDEFINED_CFLAGS
    QMAKE_CXXFLAGS += $$QMAKE_SANITIZE_UNDEFINED_CXXFLAGS
--- a/tests/libfuzzer/README
+++ b/tests/libfuzzer/README
@ -17,6 +17,8 @@ To run a test with libFuzzer:
   install libFuzzer for this version of clang explicitly.
 2. Make sure clang and clang++ from this version of clang are found in PATH.
 3. Configure Qt with
+    -platform linux-clang -sanitize fuzzer-no-link
+   or, if you are using clang 5
    -platform linux-clang -coverage trace-pc-guard
   to add the needed code coverage instrumentation. Since speed of execution is crucial for fuzz
   testing, it's recommendable to also use the switches