| Message ID | 20190805071038.32146-3-alxndr@bu.edu |
|---|---|
| State | New |
| Headers | show |
| Series | Add virtual device fuzzing support | expand |
On 05/08/19 09:11, Oleinik, Alexander wrote: > This adds sanitizer/fuzzer related cflags and adds tests/ to the include > path. This include change is needed for qos to build, and is normally > located in tests/Makefile.include, but currently the fuzzer builds from > the i386-softmmu target, not anything in tests. Another possibility is to move the libqos and libqtest includes from tests/ to include/. Paolo
"Oleinik, Alexander" <alxndr@bu.edu> writes: ... > if test "$supported_cpu" = "no"; then > echo > @@ -7306,6 +7310,17 @@ fi > if test "$sheepdog" = "yes" ; then > echo "CONFIG_SHEEPDOG=y" >> $config_host_mak > fi > +if test "$fuzzing" = "yes" ; then > + QEMU_CFLAGS="$QEMU_CFLAGS -fsanitize=fuzzer,address -fprofile-instr-generate" > + QEMU_CFLAGS="$QEMU_CFLAGS -fprofile-instr-generate -fcoverage-mapping" What is the purpose of -fprofile-instr-generate ? Coverage info ? (Listed twice above) Bandan > + QEMU_LDFLAGS="$LDFLAGS -fsanitize=fuzzer,address" > + > + # Add tests/ to include path, since this is done in tests/Makefile.include, > + # and required for QOS objects to build. This can be removed if/when the > + # fuzzer is compiled using rules in tests/Makefile.include > + QEMU_INCLUDES="-iquote \$(SRC_PATH)/tests $QEMU_INCLUDES" > + echo "CONFIG_FUZZ=y" >> $config_host_mak > +fi > > if test "$tcg_interpreter" = "yes"; then > QEMU_INCLUDES="-iquote \$(SRC_PATH)/tcg/tci $QEMU_INCLUDES"
On Mon, 2019-08-12 at 18:39 -0400, Bandan Das wrote: > "Oleinik, Alexander" <alxndr@bu.edu> writes: > ... > > if test "$supported_cpu" = "no"; then > > echo > > @@ -7306,6 +7310,17 @@ fi > > if test "$sheepdog" = "yes" ; then > > echo "CONFIG_SHEEPDOG=y" >> $config_host_mak > > fi > > +if test "$fuzzing" = "yes" ; then > > + QEMU_CFLAGS="$QEMU_CFLAGS -fsanitize=fuzzer,address -fprofile- > > instr-generate" > > + QEMU_CFLAGS="$QEMU_CFLAGS -fprofile-instr-generate -fcoverage- > > mapping" > > What is the purpose of -fprofile-instr-generate ? Coverage info ? > (Listed twice above) Yes, it's for coverage info. I'll fix it so it is only listed once. > Bandan > > > + QEMU_LDFLAGS="$LDFLAGS -fsanitize=fuzzer,address" > > + > > + # Add tests/ to include path, since this is done in > > tests/Makefile.include, > > + # and required for QOS objects to build. This can be removed > > if/when the > > + # fuzzer is compiled using rules in tests/Makefile.include > > + QEMU_INCLUDES="-iquote \$(SRC_PATH)/tests $QEMU_INCLUDES" > > + echo "CONFIG_FUZZ=y" >> $config_host_mak > > +fi > > > > if test "$tcg_interpreter" = "yes"; then > > QEMU_INCLUDES="-iquote \$(SRC_PATH)/tcg/tci $QEMU_INCLUDES"
diff --git a/configure b/configure index 714e7fb6a1..69ef1e7c7d 100755 --- a/configure +++ b/configure @@ -499,6 +499,7 @@ docker="no" debug_mutex="no" libpmem="" default_devices="yes" +fuzzing="no" # cross compilers defaults, can be overridden with --cross-cc-ARCH cross_cc_aarch64="aarch64-linux-gnu-gcc" @@ -1543,6 +1544,8 @@ for opt do ;; --disable-libpmem) libpmem=no ;; + --enable-fuzzing) fuzzing=yes + ;; *) echo "ERROR: unknown option $opt" echo "Try '$0 --help' for more information" @@ -6481,6 +6484,7 @@ echo "docker $docker" echo "libpmem support $libpmem" echo "libudev $libudev" echo "default devices $default_devices" +echo "fuzzing support $fuzzing" if test "$supported_cpu" = "no"; then echo @@ -7306,6 +7310,17 @@ fi if test "$sheepdog" = "yes" ; then echo "CONFIG_SHEEPDOG=y" >> $config_host_mak fi +if test "$fuzzing" = "yes" ; then + QEMU_CFLAGS="$QEMU_CFLAGS -fsanitize=fuzzer,address -fprofile-instr-generate" + QEMU_CFLAGS="$QEMU_CFLAGS -fprofile-instr-generate -fcoverage-mapping" + QEMU_LDFLAGS="$LDFLAGS -fsanitize=fuzzer,address" + + # Add tests/ to include path, since this is done in tests/Makefile.include, + # and required for QOS objects to build. This can be removed if/when the + # fuzzer is compiled using rules in tests/Makefile.include + QEMU_INCLUDES="-iquote \$(SRC_PATH)/tests $QEMU_INCLUDES" + echo "CONFIG_FUZZ=y" >> $config_host_mak +fi if test "$tcg_interpreter" = "yes"; then QEMU_INCLUDES="-iquote \$(SRC_PATH)/tcg/tci $QEMU_INCLUDES"
This adds sanitizer/fuzzer related cflags and adds tests/ to the include path. This include change is needed for qos to build, and is normally located in tests/Makefile.include, but currently the fuzzer builds from the i386-softmmu target, not anything in tests. Signed-off-by: Alexander Oleinik <alxndr@bu.edu> --- configure | 15 +++++++++++++++ 1 file changed, 15 insertions(+)