apply patches needed for fuzz introspector integration#7122
apply patches needed for fuzz introspector integration#7122oliverchang merged 9 commits intomasterfrom
Conversation
DavidKorczynski
left a comment
DavidKorczynski
left a comment
There was a problem hiding this comment.
Two quick comments
oliverchang
left a comment
oliverchang
left a comment
There was a problem hiding this comment.
nice, this is a great start!
I left some suggestions to remove duplication and make things a bit cleaner.
| mv /usr/bin/ar /usr/bin/old-ar | ||
| mv /usr/bin/ranlib /usr/bin/old-ranlib | ||
|
|
||
| ln -s /usr/local/bin/llvm-ar /usr/bin/ar |
There was a problem hiding this comment.
Let's be more explicit here and store the patched introspector binaries in /usr/local/bin/introspector/llvm-ar etc.
There was a problem hiding this comment.
I misunderstood what this was doing. This is just replacing the system versions of ar/ranlib with the built llvm versions (which happens to be the introspector patched one in this case).
There was a problem hiding this comment.
Hmmm...Also, is this script idempotent. Might be a good idea to make it so to help with debugging.
infra/helper.py
Outdated
| 'FUZZING_ENGINE=' + engine, | ||
| 'SANITIZER=' + sanitizer, | ||
| 'ARCHITECTURE=' + architecture, | ||
| 'GITHUB_REPO=', #TODO: fix this to be loaded through main_repo property in project.yaml |
There was a problem hiding this comment.
nit: space after '#', and use 'TODO(Navidem)'.
i.e.
# TODO(Navidem): Fix this to be ...
| echo "Using LLVM revision: $LLVM_REVISION" | ||
|
|
||
| ### For fuzz introspector | ||
| echo "Applying introspector changes" |
There was a problem hiding this comment.
To avoid lots of code duplication, we can edit this file in base-clang instead.
We can just guard this with:
if [ -n "$INTROSPECTOR_PATCHES ]; then
...
fiThen we can get rid of the base-clang-introspector dir completely ,and modify base-clangs Dockerfile to do something like this using a runtime build arg.
ARG introspector
ENV INTROSPECTOR_PATCHES=$instrospectorSo that we can use the same Dockerfile to build both vanilla clang and patched clang:
docker build -t gcr.io/oss-fuzz-base/base-clang infra/base-images/base-clang # vanilla
docker build --build-arg introspector=1 -t gcr.io/oss-fuzz-base/base-clang:introspector infra/base-images/base-clang # introspector
| $shared_libraries $LLVM_COV_COMMON_ARGS > $FUZZER_STATS_DIR/$target.json | ||
|
|
||
| # For introspector | ||
| llvm-cov show -instr-profile=$profdata_file -object=$target -line-coverage-gt=0 $shared_libraries $LLVM_COV_COMMON_ARGS > ${FUZZER_STATS_DIR}/$target.covreport |
There was a problem hiding this comment.
Does this add a significant amount of extra processing time?
There was a problem hiding this comment.
not significantly in the few cases that I tried.
|
Is it worth considering whether we should simply include this in If using EDIT: these questions have been discussed here and the conclusion is keeping |
| mv /usr/bin/ar /usr/bin/old-ar | ||
| mv /usr/bin/ranlib /usr/bin/old-ranlib | ||
|
|
||
| ln -s /usr/local/bin/llvm-ar /usr/bin/ar |
| fi | ||
|
|
||
| if [ "$SANITIZER" = "introspector" ]; then | ||
| echo "We are in the introspector instrumentor" |
There was a problem hiding this comment.
I think we echo every command, so this isn't necessary to know we are using introspector.
| if [ "$SANITIZER" = "introspector" ]; then | ||
| unset CXXFLAGS | ||
| unset CFLAGS | ||
| apt-get install -y libjpeg-dev zlib1g-dev |
There was a problem hiding this comment.
FYI installing packages like this can mess up compilation of some projects I think
| apt-get install -y libjpeg-dev zlib1g-dev | ||
| pip3 install --upgrade setuptools | ||
| pip3 install cxxfilt pyyaml beautifulsoup4 lxml soupsieve matplotlib | ||
| mkdir $SRC/inspector-tmp |
There was a problem hiding this comment.
nit: Just call it inspector, not inspector-tmp
| llvm-cov export -summary-only -instr-profile=$profdata_file -object=$target \ | ||
| $shared_libraries $LLVM_COV_COMMON_ARGS > $FUZZER_STATS_DIR/$target.json | ||
|
|
||
| # For introspector |
There was a problem hiding this comment.
nit: end this with a period.
|
|
||
| find $SRC/ -name "*.data" -exec cp {} $SRC/inspector-tmp/ \; | ||
| find $SRC/ -name "*.data.yaml" -exec cp {} $SRC/inspector-tmp/ \; | ||
| # Move coverage report |
| @@ -0,0 +1,51 @@ | |||
| # Copyright 2016 Google Inc. | |||
There was a problem hiding this comment.
got rid of the dir.
|
Please fix the presubmit issue here: https://github.com/google/oss-fuzz/runs/4797854485?check_suite_focus=true |
oliverchang
left a comment
oliverchang
left a comment
There was a problem hiding this comment.
LGTM with one last question!
| apt-get update && apt-get install -y $LLVM_DEP_PACKAGES --no-install-recommends | ||
|
|
||
| if [ -n "$INTROSPECTOR_PATCHES" ]; then | ||
| apt-get install -y texinfo bison flex |
There was a problem hiding this comment.
Can we delete these after the install?
There was a problem hiding this comment.
looks removing does not break it.
There was a problem hiding this comment.
Can you set this similarly to LLVM_DEP_PACKAGES, so these are defined in one place.
i.e.
INTROSPECTOR_DEP_PACKAGES="texinfo bison flex"
infra/helper.py
Outdated
| 'FUZZING_ENGINE=' + engine, | ||
| 'SANITIZER=' + sanitizer, | ||
| 'ARCHITECTURE=' + architecture, | ||
| 'GITHUB_REPO=', # TODO(navidem): fix this to be loaded through main_repo property in project.yaml. |
There was a problem hiding this comment.
Should this be called "GITHUB_REPO" instead of "GIT_REPO" ?
Is it really specific to github?
| mv /usr/bin/ar /usr/bin/old-ar | ||
| mv /usr/bin/ranlib /usr/bin/old-ranlib | ||
|
|
||
| ln -s /usr/local/bin/llvm-ar /usr/bin/ar |
There was a problem hiding this comment.
Hmmm...Also, is this script idempotent. Might be a good idea to make it so to help with debugging.
|
@oliverchang This should be ready for merge. |
| COPY precompile_afl /usr/local/bin/ | ||
| RUN precompile_afl | ||
|
|
||
| RUN git clone https://github.com/ossf/fuzz-introspector.git fuzz-introspector && \ |
There was a problem hiding this comment.
Why do we need to clone this again if it's already been cloned in base-clang?
I think putting this in /src is causing breakages.
Although currently we (oss-fuzz's maintainers) use /src, we probably shouldn't.
| export AR=llvm-ar | ||
| export RANLIB=llvm-ranlib | ||
|
|
||
| # Move ar and ranlib |
There was a problem hiding this comment.
nit: this comment should have a period.
More importantly, I think it isn't a useful comment and I would change. It's clear that ar and ranlib are being moved, it's not clear why, a better comment would explain this.
|
|
||
| FROM gcr.io/oss-fuzz-base/base-image | ||
|
|
||
| ARG introspector |
There was a problem hiding this comment.
I wonder if putting this so high up impacts caching. My first guess is that it won't but I think it's worth testing.
| # Install newer cmake. | ||
| ENV CMAKE_VERSION 3.21.1 | ||
| RUN apt-get update && apt-get install -y wget sudo && \ | ||
| RUN apt-get update && apt-get install -y wget sudo git && \ |
There was a problem hiding this comment.
I don't really love the placement of this install. This line is meant to install cmake and deletes the packages used to build it., I think instead, you should install git on line 34 and then uninstall it in the same step.
I think we should uninstall it there because it will just add bloat to the image size since in checkout_build_install_llvm.sh we install git and then uninstall it.
| echo "Using LLVM revision: $LLVM_REVISION" | ||
|
|
||
| if [ -n "$INTROSPECTOR_PATCHES" ]; then | ||
| # For fuzz introspector. |
There was a problem hiding this comment.
Maybe this comment would be improved by explaining what this section does for introspector, since that part is hard to understand.
| if [ -n "$INTROSPECTOR_PATCHES" ]; then | ||
| # For fuzz introspector. | ||
| echo "Applying introspector changes" | ||
| BBBASE=$PWD |
There was a problem hiding this comment.
Maybe call this variable OLD_WORKING_DIR instead of BBBASE
|
Thanks @jonathanmetzman ! @Navidem please address these comments in another PR. |
4 participants
Imitating the changes from introspector diff along with the needed modifications.