Skip to content

projects/sound-open-firmware: New fuzzing framework #10342

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
DonggeLiu merged 1 commit into from
May 23, 2023
Merged

projects/sound-open-firmware: New fuzzing framework #10342

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
81 changes: 46 additions & 35 deletions projects/sound-open-firmware/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,39 +20,50 @@

FROM gcr.io/oss-fuzz-base/base-builder

RUN apt-get -y update && \
apt-get install -y \
autoconf \
bison \
build-essential \
flex \
gawk \
gettext \
git \
gperf \
help2man \
libncurses5-dev \
libssl-dev \
libtool \
libtool-bin \
pkg-config \
software-properties-common \
texinfo \
udev \
cmake \
libglib2.0-dev

ARG CLONE_DEFAULTS="--depth 5"

# Use ToT alsa utils for the latest topology patches.
RUN cd /tmp && \
git clone $CLONE_DEFAULTS https://github.com/thesofproject/alsa-lib.git && \
git clone $CLONE_DEFAULTS https://github.com/thesofproject/alsa-utils.git && \
cd /tmp/alsa-lib && ./gitcompile && make install && \
cd /tmp/alsa-utils && ./gitcompile && make install

ARG GITHUB_SOF=https://github.com/thesofproject

RUN cd $SRC && git clone $CLONE_DEFAULTS $GITHUB_SOF/sof
WORKDIR sof
# Base packages
RUN apt-get -y update
RUN apt-get install -y \
gettext git libc6-dev-i386 libglib2.0-dev libncurses5-dev \
libtool ninja-build python3-pip
RUN pip3 install west

# Zephyr SDK:
#
# Zephyr doesn't provide a clean "get the latest version" URL, but
# note that the use of the /latest/ path component at least ensures
# this will fail on a new release.
ARG SDK_VER=0.16.1
Copy link

@marc-hb marc-hb May 17, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can this be overriden on some --arg command line? If yes maybe say it for the Docker noobs among us.

Copy link
Contributor Author

@andyross andyross May 17, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At the docker level, yes. docker build --build-arg SDK_VER=0.16.2 would have the expected effect. I have no idea if that's wired meaingfully to the oss-fuzz infrastructure or not.

Really this is just here to define a local variable for clarity. Docker has two variable tyes: ARG works like this and can be set externally, but only works within the dockerfile itself. ENV cannot be set externally, but also persists into the default environment variables of processes spawned in the container, which is undesirable here.

Copy link
Contributor

@cujomalainey cujomalainey May 17, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bleh if the versions weren't part of the release file name this would be much easier. Seems like a common problem.

Copy link
Contributor

@cujomalainey cujomalainey May 18, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we will have to leave this as it, not much hope for fixing it without some additional logic

WORKDIR /root
RUN curl -L -o sdktmp.tar.xz https://github.com/zephyrproject-rtos/sdk-ng/releases/latest/download/zephyr-sdk-${SDK_VER}_linux-x86_64_minimal.tar.xz
RUN tar xf sdktmp.tar.xz; rm sdktmp.tar.xz
RUN zephyr-sdk-*/setup.sh -h

WORKDIR $SRC

# SOF itself (also pulls in Zephyr + modules via west)
RUN west init -m https://github.com/thesofproject/sof sof
Copy link
Contributor

@jonathanmetzman jonathanmetzman May 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you use git instead? This is breaking some of our tooling that finds revisions (it assumes git or svn usage like all other users).

Copy link
Contributor Author

@andyross andyross May 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

West is a git wrapper, analogous to repo. It's possible, but error prone, to manually clone all the relevant repositories. The structure isn't complicated, $SRC/sof is the top level directory which contains $SRC/sof/sof, which is the git repo corresponding to the project itself, and $SRC/sof/zephyr, and a few other bits under $SRC/sof/modules/*.

What are the requirements here? Can I symlink you something to the top level that matches what you want to see?

Copy link
Contributor Author

@andyross andyross May 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, I see it. srcmap assumes that the git archive was pulled from a remote with the name "origin". This is true by default with an unadorned git clone. It's not required, and in fact west allows multiple remotes with names like "thesofproject" or "upstream".

FWIW: a straightforward fix to srcmap, which replaces the assumption that "there is always a remote named origin" with "we only care about the first remote listed" is something like (untested):

--- a/infra/base-images/base-builder/srcmap
+++ b/infra/base-images/base-builder/srcmap
@@ -35,7 +35,7 @@ fi
 for DOT_GIT_DIR in $(find $PATHS_TO_SCAN -name ".git" -type d); do
   GIT_DIR=$(dirname $DOT_GIT_DIR)
   cd $GIT_DIR
-  GIT_URL=$(git config --get remote.origin.url)
+  GIT_URL=$(git config --get remote.$(git remote | head -1).url)
   GIT_REV=$(git rev-parse HEAD)
   jq_inplace $SRCMAP ".\"$GIT_DIR\" = { type: \"git\", url: \"$GIT_URL\", rev: \"$GIT_REV\" }"
 done

It's worth pointing out that these are still just assumptions. In the general case it's not possible to look at a .git directory and ask the question "from where was this pulled?". Maybe it would be better to allow projects to specify the srcmap themselves for edge cases like this?

Is there a way for me to run srcmap locally in a way that corresponds to your build failures to test this? I'm digging around and getting a little lost.

Copy link
Contributor Author

@andyross andyross May 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alternatively, I could update the project code to go in and deliberately add a "origin" remote that copies the one already there. That's more code and won't help anyone else, but might be more palatable?

Copy link
Contributor

@jonathanmetzman jonathanmetzman May 24, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the origin trick would work. If you're using the infra/helper.py shell command to build/debug, you can run the srcmap command (inside our docker container) to figure out if this will work or not.

Copy link

@marc-hb marc-hb May 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW west list has format options, for instance:

west list -f '{url}'
https://github.com/thesofproject/rimage
https://github.com/thesofproject/tomlc99
https://github.com/zephyrproject-rtos/zephyr
https://github.com/zephyrproject-rtos/hal_xtensa
https://github.com/zephyrproject-rtos/lz4
https://github.com/zephyrproject-rtos/mbedtls
https://github.com/zephyrproject-rtos/mipi-sys-t
...

Copy link
Contributor Author

@andyross andyross May 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Global fix up at #10383

Will look at the project-side workaround now. Honestly didn't even know about west list, but that's cleaner than find $SRC -name .git for sure.

Copy link
Contributor Author

@andyross andyross May 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Project-local fix in #10385

Copy link

@marc-hb marc-hb May 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Continued in:

RUN cd sof && west update
Copy link

@marc-hb marc-hb May 17, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You will get a 2x speed up with this recent and wonderful git option. I started carpet bombing SOF CI with it and it's been fantastic

Suggested change
RUN cd sof && west update
RUN cd sof && west update --fetch-opt=--filter=tree:0

It's better than --depth because it breaks neither git describe nor git merge-base thesofproject/linux#2556

More info in zephyrproject-rtos/west#638 and others

Copy link
Contributor Author

@andyross andyross May 17, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm... getting fatal: --filter can only be used when extensions.partialClone is set when I try this? Maybe this is too bleeding edge for the git in the 20.04 image? Or maybe I just need to read some more docs. CI optimization is pretty far from my happy zone.

Copy link

@marc-hb marc-hb May 18, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe this is too bleeding edge for the git in the 20.04 image?

Yes: I can reproduce with git 2.25.1 in Ubuntu 20.04 but not with git 2.34.1 in Ubuntu 22.04.

This happens only when trying to fetch with the --filter optimization on an existing, not already "filtered" clone (and only on 20.04).

This happens because west clones missing modules in two steps: 1. git initialization of a "non-filtered". 2. git fetch --filter=... (boom)

A tested workaround is git config remote.upstream.partialclonefilter tree:0 between 1. and 2. but of course you can't inject any command between west steps 1. and 2.

https://git-scm.com/docs/repository-version

Ubuntu 22.04 is not affected because git fetch with version 2.34.1 automagically adds the git config above.

Do you really need to use Ubuntu 20.04? We recently upgraded everything to 22.04 and we experienced a few bugs but absolutely nothing related to toolchains or building anything.

Copy link

@marc-hb marc-hb May 18, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You will get a 2x speed up with this recent and wonderful git option.

Finally woke up and realized this is run at image creation time; to sort-of "warm up a git cache". So while this git optimization trick is very good to know it's totally off-topic here, sorry the distraction. Resolving this comment.

EDIT: I can't resolve comments here for some reason. My shame will stay on display.

Copy link
Contributor

@cujomalainey cujomalainey May 19, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@marc-hb its because we are not part of the repo


# Zephyr has its own python requirements
RUN pip3 install -r sof/zephyr/scripts/requirements-base.txt

# Hacks: the oss-fuzz-base/base-clang image (and its derivatives) lack
# some of the binutils-compatible LLVM tools that a SOF/Zephyr build
# relies on (when set to build with clang instead of gcc, obviously).
# Rather than figure out how to install them or why they're missing,
# just symlink to the GNU tools already installed.
RUN ln -s /usr/bin/objdump /usr/local/bin/llvm-objdump
RUN ln -s /usr/bin/strip /usr/local/bin/llvm-strip

# This is the worst. SOF builds with C++ support even though it won't
# call it (there are eternal components that use C++, but nothing
# in-tree that can be fuzzed here). For obscure compatibility
# reasons, when using clang Zephyr will still do the final link using
# binutils, which will pull in libstdc++ and not libc++. Also, SOF is
# a 32 bit fuzz binary (it's firmware for a 32 bit DSP, and no one has
# done the work to make the source base 64 bit clean). The oss-fuzz
# runner image does not have a i386 libstdc++.so.6! But, well, we
# don't actually need any symbols from it, so...
RUN touch empty.c; gcc -m32 -c empty.c; ar rs /usr/lib32/libstdc++.a empty.o

COPY build.sh $SRC/
34 changes: 26 additions & 8 deletions projects/sound-open-firmware/build.sh
100644 → 100755
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,30 @@
#
################################################################################

cd $SRC/sof/tools/oss-fuzz
cp corpus/* $OUT/
rm -rf build_oss_fuzz
mkdir -p build_oss_fuzz
cd build_oss_fuzz
# Environment: Zephyr has its own toolchain selection mechanism, and
# the oss-fuzz environment generates warnings and confuses things when
# building some of the (un-fuzzed) build-time tools that aren't quite
# clang-compatible.
export ZEPHYR_TOOLCHAIN_VARIANT=llvm
unset CC
unset CCC
unset CXX
unset CFLAGS
unset CXXFLAGS
Comment on lines +22 to +31
Copy link
Contributor

@jonathanmetzman jonathanmetzman May 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not really a fan of this. LibFuzzer is bundled with clang and using your own clang can cause many other problems. I guess if you do this, we can't help you with build issues.

Copy link
Contributor

@jonathanmetzman jonathanmetzman May 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I may even revert this

Copy link
Contributor Author

@andyross andyross May 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't being used to build the fuzzed binary, which is grabbing clang off of PATH. It's there because there's a build-time tool in SOF (that actually isn't used except on real firmware) that doesn't build with clang due to routine warning collisions. AFAICT @marc-hb fixed this upstream, not sure if that patch merged or not.

Copy link
Contributor

@jonathanmetzman jonathanmetzman May 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, false alarm, this seems fine.

Copy link

@marc-hb marc-hb May 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AFAICT @marc-hb fixed this upstream, not sure if that patch merged or not.

Yes it's merged:


export VERBOSE=1
cmake -DCMAKE_INSTALL_PREFIX=install -DCMAKE_LINKER=$CXX -DCMAKE_C_LINK_EXECUTABLE="<CMAKE_LINKER> <FLAGS> <CMAKE_C_LINK_FLAGS> <LINK_FLAGS> <OBJECTS> -o <TARGET> <LINK_LIBRARIES>" ..
make install -j $(nproc)
BASE_CFG=(
-DCONFIG_ASSERT=y
-DCONFIG_SYS_HEAP_BIG_ONLY=y
-DCONFIG_ZEPHYR_NATIVE_DRIVERS=y
-DCONFIG_ARCH_POSIX_LIBFUZZER=y
-DCONFIG_ARCH_POSIX_FUZZ_TICKS=100
-DCONFIG_ASAN=y
)

cd $SRC/sof/sof

west build -p -b native_posix ./app -- "${BASE_CFG[@]}"
cp build/zephyr/zephyr.exe $OUT/sof-ipc3

west build -p -b native_posix ./app -- "${BASE_CFG[@]}" -DCONFIG_IPC_MAJOR_4=y
cp build/zephyr/zephyr.exe $OUT/sof-ipc4
9 changes: 6 additions & 3 deletions projects/sound-open-firmware/project.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,18 @@
homepage: "https://thesofproject.github.io"
primary_contact: "cujomalainey@chromium.org"
primary_contact: "andyross@google.com"
language: c
auto_ccs:
- "cujomalainey@chromium.org"
- "ranjani.sridharan@intel.corp-partner.google.com"
- "lgirdwood@gmail.com"
- "harsha.p.n@intel.corp-partner.google.com"
- "sathyanarayana.nujella@intel.corp-partner.google.com"
- "adrian.bonislawski@intel.com"
- "michal.wasko@intel.com"
fuzzing_engines:
- afl
- honggfuzz
- libfuzzer
sanitizers:
- address
architectures:
- i386
main_repo: "https://github.com/thesofproject/sof"