1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
#!/bin/bash -eu
# Copyright 2018 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
################################################################################
# Disable UBSan vptr since target built with -fno-rtti.
export CFLAGS="$CFLAGS -fno-sanitize=vptr"
export CXXFLAGS="$CXXFLAGS -fno-sanitize=vptr"
declare -r FUZZER_TARGETS_CC=$(find . -name *_fuzz_test.cc)
declare -r FUZZER_TARGETS="$(for t in ${FUZZER_TARGETS_CC}; do echo "${t:2:-3}"; done)"
FUZZER_DICTIONARIES="\
"
# Skip gperftools, ASAN runs don't use tcmalloc.
export DISABLE_GPERFTOOLS_BUILD=1
sed -i 's#envoy_dependencies()#envoy_dependencies(skip_targets=["tcmalloc_and_profiler"])#' WORKSPACE
# Copy $CFLAGS and $CXXFLAGS into Bazel command-line flags, for both
# compilation and linking.
#
# Some flags, such as `-stdlib=libc++`, generate warnings if used on a C source
# file. Since the build runs with `-Werror` this will cause it to break, so we
# use `--conlyopt` and `--cxxopt` instead of `--copt`.
declare -r EXTRA_BAZEL_FLAGS="$(
for f in ${CFLAGS}; do
echo "--conlyopt=${f}" "--linkopt=${f}"
done
for f in ${CXXFLAGS}; do
echo "--cxxopt=${f}" "--linkopt=${f}"
done
)"
declare BAZEL_BUILD_TARGETS=""
declare FILTERED_FUZZER_TARGETS=""
for t in ${FUZZER_TARGETS}
do
declare BAZEL_PATH="//"$(dirname "$t")":"$(basename "$t")
declare TAGGED=$(bazel query "attr('tags', 'no_fuzz', ${BAZEL_PATH})")
if [ -z "${TAGGED}" ]
then
FILTERED_FUZZER_TARGETS+="$t "
BAZEL_BUILD_TARGETS+="${BAZEL_PATH}_driverless "
fi
done
# Build driverless libraries.
bazel build --verbose_failures --dynamic_mode=off --spawn_strategy=standalone \
--genrule_strategy=standalone --strip=never \
--copt=-fno-sanitize=vptr --linkopt=-fno-sanitize=vptr --linkopt=-lc++fs \
--define tcmalloc=disabled --define signal_trace=disabled \
--define ENVOY_CONFIG_ASAN=1 --copt -D__SANITIZE_ADDRESS__ \
--define force_libcpp=enabled \
--build_tag_filters=-no_asan \
${EXTRA_BAZEL_FLAGS} \
--linkopt="-lFuzzingEngine" \
${BAZEL_BUILD_TARGETS[*]}
# Profiling with coverage requires that we resolve+copy all Bazel symlinks and
# also remap everything under proc/self/cwd to correspond to Bazel build paths.
if [ "$SANITIZER" = "coverage" ]
then
# The build invoker looks for sources in $SRC, but it turns out that we need
# to not be buried under src/, paths are expected at out/proc/self/cwd by
# the profiler.
declare -r REMAP_PATH="${OUT}/proc/self/cwd"
mkdir -p "${REMAP_PATH}"
# For .cc, we only really care about source/ today.
rsync -av "${SRC}"/envoy/source "${REMAP_PATH}"
rsync -av "${SRC}"/envoy/test "${REMAP_PATH}"
rsync -avLk "${SRC}"/envoy/bazel-envoy/external "${REMAP_PATH}"
# For .h, and some generated artifacts, we need bazel-out/. Need to heavily
# filter out the build objects from bazel-out/. Also need to resolve symlinks,
# since they don't make sense outside the build container.
rsync -avLk --include '*.h' --include '*.cc' --include '*.hpp' \
--include '*/' --exclude '*' \
"${SRC}"/envoy/bazel-out "${REMAP_PATH}"
# As above, but for /root/.cache.
# TODO(htuch): disabled for now, this would mostly be useful for .build
# artifact, e.g.
# /builder/home/.cache/bazel/_bazel_root/4e9824db8e7d11820cfa25090ed4ed10/external/envoy_deps_cache_b22e04bff96538ea37e715942da6315c/yaml-cpp.dep.build/yaml-cpp-0f9a586ca1dc29c2ecb8dd715a315b93e3f40f79/src/parse.cpp
# but, we don't know how to recover them today, as they are gone by this
# phase.
#
# rsync -avLk --relative --include '*.h' --include '*.cc' --include '*.c' \
# --include '*/' --exclude '*' \
# /root/.cache "${OUT}"
fi
# Copy out test driverless binaries from bazel-bin/ and zip up related test
# corpuses.
for t in ${FILTERED_FUZZER_TARGETS}
do
TARGET_CORPUS=$(python "${SRC}"/find_corpus.py "$t")
TARGET_BASE="$(expr "$t" : '.*/\(.*\)_fuzz_test')"
TARGET_DRIVERLESS=bazel-bin/"${t}"_driverless
echo "Copying fuzzer $t and corpus"
cp "${TARGET_DRIVERLESS}" "${OUT}"/"${TARGET_BASE}"_fuzz_test
zip "${OUT}/${TARGET_BASE}"_fuzz_test_seed_corpus.zip \
"$(dirname "${t}")"/"${TARGET_CORPUS}"/*
done
# Copy dictionaries and options files to $OUT/
for d in $FUZZER_DICTIONARIES; do
cp "$d" "${OUT}"/
done
# Cleanup bazel- symlinks to avoid oss-fuzz trying to copy out of the build
# cache.
rm -f bazel-*
|
