Merge "Fix fuzzer builds."
diff --git a/core/config_sanitizers.mk b/core/config_sanitizers.mk
index d3adee5..ebce00b 100644
--- a/core/config_sanitizers.mk
+++ b/core/config_sanitizers.mk
@@ -235,12 +235,17 @@
my_sanitize := $(CLANG_DEFAULT_UB_CHECKS)
endif
-ifneq ($(filter coverage,$(my_sanitize)),)
- ifeq ($(filter address,$(my_sanitize)),)
- $(error $(LOCAL_PATH): $(LOCAL_MODULE): Use of 'coverage' also requires 'address')
- endif
- my_cflags += -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp
- my_sanitize := $(filter-out coverage,$(my_sanitize))
+ifneq ($(filter fuzzer,$(my_sanitize)),)
+ # SANITIZE_TARGET='fuzzer' actually means to create the fuzzer coverage
+ # information, not to link against the fuzzer main().
+ my_sanitize := $(filter-out fuzzer,$(my_sanitize))
+ my_sanitize += fuzzer-no-link
+
+ # TODO(b/131771163): Disable LTO for fuzzer builds. Note that Cfi causes
+ # dependency on LTO.
+ my_sanitize := $(filter-out cfi,$(my_sanitize))
+ my_cflags += -fno-lto
+ my_ldflags += -fno-lto
endif
ifneq ($(filter integer_overflow,$(my_sanitize)),)
@@ -280,7 +285,12 @@
my_cflags += -fsanitize=$(fsanitize_arg)
my_asflags += -fsanitize=$(fsanitize_arg)
- ifdef LOCAL_IS_HOST_MODULE
+ # When fuzzing, we wish to crash with diagnostics on any bug.
+ ifneq ($(filter fuzzer-no-link,$(my_sanitize)),)
+ my_cflags += -fno-sanitize-trap=all
+ my_cflags += -fno-sanitize-recover=all
+ my_ldflags += -fsanitize=fuzzer-no-link
+ else ifdef LOCAL_IS_HOST_MODULE
my_cflags += -fno-sanitize-recover=all
my_ldflags += -fsanitize=$(fsanitize_arg)
else
@@ -378,7 +388,7 @@
ifneq ($(filter unsigned-integer-overflow signed-integer-overflow integer,$(my_sanitize)),)
ifeq ($(filter unsigned-integer-overflow signed-integer-overflow integer,$(my_sanitize_diag)),)
ifeq ($(filter cfi,$(my_sanitize_diag)),)
- ifeq ($(filter address hwaddress,$(my_sanitize)),)
+ ifeq ($(filter address hwaddress fuzzer-no-link,$(my_sanitize)),)
my_cflags += -fsanitize-minimal-runtime
my_cflags += -fno-sanitize-trap=integer
my_cflags += -fno-sanitize-recover=integer
diff --git a/core/fuzz_test.mk b/core/fuzz_test.mk
index 2cc2e2c..f5bdef0 100644
--- a/core/fuzz_test.mk
+++ b/core/fuzz_test.mk
@@ -15,8 +15,7 @@
my_fuzzer:=$(TARGET_FUZZ_ENGINE)
endif
-
-LOCAL_CFLAGS += -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp
+LOCAL_SANITIZE += fuzzer
ifeq ($(my_fuzzer),libFuzzer)
LOCAL_STATIC_LIBRARIES += libFuzzer
diff --git a/core/host_fuzz_test.mk b/core/host_fuzz_test.mk
index 556e02f..54c6577 100644
--- a/core/host_fuzz_test.mk
+++ b/core/host_fuzz_test.mk
@@ -4,7 +4,7 @@
################################################
$(call record-module-type,HOST_FUZZ_TEST)
-LOCAL_CFLAGS += -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp
+LOCAL_SANITIZE += fuzzer
LOCAL_STATIC_LIBRARIES += libLLVMFuzzer
include $(BUILD_HOST_EXECUTABLE)