Skip to content

[freetype2] Add MemorySanitizer #7033

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 20, 2021
Merged

[freetype2] Add MemorySanitizer #7033

merged 1 commit into from
Dec 20, 2021

Conversation

bungeman
Copy link
Contributor

The upstream freetype-testing project now pulls llvm-project and builds
libcxx and libcxx-abi and statically links against them to support the
use of C++ in the fuzzer driver.

@bungeman
Copy link
Contributor Author

It looks like the one failure has something to do with Performing Test LIBCXXABI_HAS_NOSTDINCXX_FLAG - Failed which should have Succeeded and appears to have done so in the other builds. It isn't immediately clear why though. Will need to investigate.

@bungeman
Copy link
Contributor Author

After much digging (getting the docker image to stick around by removing the --rm, being able to explore the docker image without it running the build by replacing compile with /bin/bash, convincing CMake to output the actual command to build and link for the LIBCXXABI_HAS_NOSTDINCXX_FLAG test, then testing various parts of the command) it looks like the issue is the -fsanitize-coverage addition this bot makes. The -fsanitize-coverage comes from compile_honggfuzzwhere it is added to the COVERAGE_FLAGS which are then added to CFLAGS and then CXXFLAGS.

In the LIBCXXABI_HAS_NOSTDINCXX_FLAG test the CXX fuzzer flags are present but must be disabled for the test (the test really just wants to know if a flag can be passed to the compiler and does not want to link against a sanitizer runtime), so the LLVM CMake configuration uses -fno-sanitize=all and -fno-sanitize-coverage= to disable any sanitizers (see libcxx/cmake/config-ix.cmake). Interestingly, use-fsanitize-coverage seems to require the ubsan runtime but does not provide it, which is the proximate cause of the link failure in this test. Note that -fno-sanitize-coverage= does not have an all option like -fno-sanitize does, so libcxx/cmake/config-ix.cmake needs to list out all of them. However, it appears to be missing -fno-sanitize-coverage=trace-pc-guard. Adding trace-pc-guard to libcxx/cmake/config-ix.cmake (and the one in libcxxabi) allows everything to work as expected.

This is all surprising because it appears that the llvm_libcxx has a honggfuzz_asan_llvm_libcxx fuzzer. However the llvm_libcxx project doesn't seem to be compiling at the moment for other reasons. The llvm_libcxxabi project seems to be green, but is doing something strange and does not itself appear to be building anything. The general llvm project also doesn't seem to be compiling for other reasons at the moment, so it isn't much help as an example either.

@bungeman bungeman mentioned this pull request Dec 18, 2021
Merged
bungeman added a commit to bungeman/freetype2-testing that referenced this pull request Dec 18, 2021
@bungeman
Add trace-pc-guard to no-sanitize-coverage.
b0e8b8f 
This allows building libcxx and libcxxabi with the HonggFuzz fuzzer
which requires sanitize-coverage.

[0] google/oss-fuzz#7033
bungeman added a commit to bungeman/freetype2-testing that referenced this pull request Dec 18, 2021
@bungeman
Add trace-pc-guard to no-sanitize-coverage.
f104313 
This allows building libcxx and libcxxabi with the HonggFuzz fuzzer
which requires sanitize-coverage.

[0] google/oss-fuzz#7033
@bungeman bungeman mentioned this pull request Dec 18, 2021
Merged
bungeman added a commit to freetype/freetype2-testing that referenced this pull request Dec 18, 2021
@bungeman
Add trace-pc-guard to no-sanitize-coverage. (#114)
e401ce2 
This allows building libcxx and libcxxabi with the HonggFuzz fuzzer
which requires sanitize-coverage.

[0] google/oss-fuzz#7033
@bungeman
[freetype2] Add MemorySanitizer
f77204b 
The upstream freetype-testing project now pulls llvm-project and builds
libcxx and libcxx-abi and statically links against them to support the
use of C++ in the fuzzer driver.
@bungeman bungeman changed the title Add MemorySanitizer to FreeType. [freetype2] Add MemorySanitizer Dec 18, 2021
@DavidKorczynski DavidKorczynski merged commit aef7c2c into google:master Dec 20, 2021
@DavidKorczynski
Copy link
Collaborator

DavidKorczynski commented Dec 20, 2021
edited
Loading

After much digging (getting the docker image to stick around by removing the --rm, being able to explore the docker image without it running the build by replacing compile with /bin/bash, convincing CMake to output the actual command to build and link for the LIBCXXABI_HAS_NOSTDINCXX_FLAG test, then testing various parts of the command) it looks like the issue is the -fsanitize-coverage addition this bot makes. The -fsanitize-coverage comes from compile_honggfuzzwhere it is added to the COVERAGE_FLAGS which are then added to CFLAGS and then CXXFLAGS.

In the LIBCXXABI_HAS_NOSTDINCXX_FLAG test the CXX fuzzer flags are present but must be disabled for the test (the test really just wants to know if a flag can be passed to the compiler and does not want to link against a sanitizer runtime), so the LLVM CMake configuration uses -fno-sanitize=all and -fno-sanitize-coverage= to disable any sanitizers (see libcxx/cmake/config-ix.cmake). Interestingly, use-fsanitize-coverage seems to require the ubsan runtime but does not provide it, which is the proximate cause of the link failure in this test. Note that -fno-sanitize-coverage= does not have an all option like -fno-sanitize does, so libcxx/cmake/config-ix.cmake needs to list out all of them. However, it appears to be missing -fno-sanitize-coverage=trace-pc-guard. Adding trace-pc-guard to libcxx/cmake/config-ix.cmake (and the one in libcxxabi) allows everything to work as expected.

This is all surprising because it appears that the llvm_libcxx has a honggfuzz_asan_llvm_libcxx fuzzer. However the llvm_libcxx project doesn't seem to be compiling at the moment for other reasons. The llvm_libcxxabi project seems to be green, but is doing something strange and does not itself appear to be building anything. The general llvm project also doesn't seem to be compiling for other reasons at the moment, so it isn't much help as an example either.

Thanks for the thorough investigation here, I will take a look at the details regarding llvm_libcxx in the near future!

MartinPetkov pushed a commit to MartinPetkov/oss-fuzz that referenced this pull request Aug 15, 2022
@bungeman @MartinPetkov
[freetype2] Add MemorySanitizer (google#7033)
5b5e706 
The upstream freetype-testing project now pulls llvm-project and builds
libcxx and libcxx-abi and statically links against them to support the
use of C++ in the fuzzer driver.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DavidKorczynski DavidKorczynski DavidKorczynski approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bungeman @DavidKorczynski