Setup msan fuzzing in Chrome OS |
|
Issue descriptionAdding msan would catch new set of bugs specially related to use of uninitialized values.
,
Jan 10
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/board-overlays/+/6aa0174ce11c0b99217d71d378fb1bd7c1c11e6e commit 6aa0174ce11c0b99217d71d378fb1bd7c1c11e6e Author: Manoj Gupta <manojgupta@google.com> Date: Thu Jan 10 03:52:10 2019 amd64-generic: Add msan-fuzzer profile. We want to enable msan fuzzing on Chrome OS. As a first step, add the msan-fuzzer profile. BUG=chromium:920355 TEST=./setup_board --board=amd64-generic --profile=msan-fuzzer works. Change-Id: Icbeba7c7f5f20012611534b8bd6ddcd2e6e6f4a0 Reviewed-on: https://chromium-review.googlesource.com/1403934 Commit-Ready: Manoj Gupta <manojgupta@chromium.org> Tested-by: Manoj Gupta <manojgupta@chromium.org> Reviewed-by: Caroline Tice <cmtice@chromium.org> Reviewed-by: Jonathan Metzman <metzman@chromium.org> [add] https://crrev.com/6aa0174ce11c0b99217d71d378fb1bd7c1c11e6e/overlay-amd64-generic/profiles/msan-fuzzer/parent [add] https://crrev.com/6aa0174ce11c0b99217d71d378fb1bd7c1c11e6e/overlay-amd64-generic/profiles/msan-fuzzer/make.defaults
,
Jan 10
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/6fa974680bcd6258737359fb1aff42cd0f7c8d5f commit 6fa974680bcd6258737359fb1aff42cd0f7c8d5f Author: Manoj Gupta <manojgupta@google.com> Date: Thu Jan 10 12:49:54 2019 libc++: Build with memory sanitizer support. Enabling msan requires libc++ to be built with msan support. So pass the memory sanitizer option to cmake with USE=msan. BUG=chromium:920355 TEST=USE=msan emerge-amd64-generic libcxx works. Change-Id: Ifa759e01c8a71321f2ae3b91a4148980b5342729 Reviewed-on: https://chromium-review.googlesource.com/1297062 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Tested-by: Manoj Gupta <manojgupta@chromium.org> Reviewed-by: Luis Lozano <llozano@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [modify] https://crrev.com/6fa974680bcd6258737359fb1aff42cd0f7c8d5f/sys-libs/libcxxabi/libcxxabi-7.0.0.ebuild [rename] https://crrev.com/6fa974680bcd6258737359fb1aff42cd0f7c8d5f/sys-libs/libcxx/libcxx-7.0.0-r5.ebuild [modify] https://crrev.com/6fa974680bcd6258737359fb1aff42cd0f7c8d5f/sys-libs/libcxx/libcxx-7.0.0.ebuild [rename] https://crrev.com/6fa974680bcd6258737359fb1aff42cd0f7c8d5f/sys-libs/libcxxabi/libcxxabi-7.0.0-r5.ebuild
,
Jan 10
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/c3c03dbf4056fe371044ebdf66ff33c53d5731ba commit c3c03dbf4056fe371044ebdf66ff33c53d5731ba Author: Manoj Gupta <manojgupta@google.com> Date: Thu Jan 10 21:58:44 2019 chromium-os-fuzzers: Mask virglrenderer fuzzer in msan builds. virglrenderer fuzzer Makefile is hardcoding asan via "-fsanitize=address" which is incompatible with msan. Exclude virglrenderer from msan fuzzing builds till the hardcoded flags are fixed. BUG=chromium:898289 BUG=chromium:920355 TEST=./build_packages target-fuzzers work with USE=msan. Change-Id: I96a3589e7759e235c10b6f0ee9e81ac8a6d1df0f Reviewed-on: https://chromium-review.googlesource.com/1404138 Commit-Ready: Manoj Gupta <manojgupta@chromium.org> Tested-by: Manoj Gupta <manojgupta@chromium.org> Reviewed-by: Caroline Tice <cmtice@chromium.org> Reviewed-by: Jonathan Metzman <metzman@chromium.org> [modify] https://crrev.com/c3c03dbf4056fe371044ebdf66ff33c53d5731ba/virtual/chromium-os-fuzzers/chromium-os-fuzzers-1.ebuild [rename] https://crrev.com/c3c03dbf4056fe371044ebdf66ff33c53d5731ba/virtual/chromium-os-fuzzers/chromium-os-fuzzers-1-r25.ebuild
,
Jan 18
(4 days ago)
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/chromite/+/aadb6391040e63da801e56e8418a232bbaf78aeb commit aadb6391040e63da801e56e8418a232bbaf78aeb Author: Manoj Gupta <manojgupta@google.com> Date: Fri Jan 18 21:10:00 2019 chromeos_config: Add amd64-generic-msan-fuzzer builder. Need a msan-fuzzer builder to upload msan fuzzing artifacts. BUG=chromium:920355 TEST=msan-fuzzer profile exist and should build. Change-Id: I7e6e93dd7415f6deaac0a0eb0984cbc4d3aac640 Reviewed-on: https://chromium-review.googlesource.com/1422857 Commit-Ready: Manoj Gupta <manojgupta@chromium.org> Tested-by: Manoj Gupta <manojgupta@chromium.org> Reviewed-by: Jason Clinton <jclinton@chromium.org> [modify] https://crrev.com/aadb6391040e63da801e56e8418a232bbaf78aeb/config/chromeos_config.py [modify] https://crrev.com/aadb6391040e63da801e56e8418a232bbaf78aeb/config/waterfall_layout_dump.txt [modify] https://crrev.com/aadb6391040e63da801e56e8418a232bbaf78aeb/config/config_dump.json [modify] https://crrev.com/aadb6391040e63da801e56e8418a232bbaf78aeb/config/luci-scheduler.cfg
,
Jan 19
(4 days ago)
,
Today
(10 hours ago)
Set up the job on ClusterFuzz as experimental. Will circle back when I see results.
,
Today
(10 hours ago)
Looks like this won't just work since ClusterFuzz is failing to patch the MSAN binaries using patchelf as it tries to do. Will look into this. |
|
►
Sign in to add a comment |
|
Comment 1 by manojgupta@chromium.org
, Jan 9