From 3630c50e11a415fe2d85c83123df56db74ea5a39 Mon Sep 17 00:00:00 2001 From: Kobrin Eli Date: Fri, 13 May 2022 01:05:21 +0300 Subject: [PATCH] [tensorflow] New fuzzing targets from core/kernels/fuzzing (#7704) --- projects/tensorflow/build.sh | 74 +++++++++++++++++++++++++++++++++++- 1 file changed, 72 insertions(+), 2 deletions(-) diff --git a/projects/tensorflow/build.sh b/projects/tensorflow/build.sh index 72dab7e46..928bfdc2d 100755 --- a/projects/tensorflow/build.sh +++ b/projects/tensorflow/build.sh @@ -43,6 +43,10 @@ if [ "$SANITIZER" = "undefined" ] then echo "--linkopt=$(find $(llvm-config --libdir) -name libclang_rt.ubsan_standalone_cxx-x86_64.a | head -1)" fi +if [ "$SANITIZER" = "address" ] +then + echo "--action_env=ASAN_OPTIONS=detect_leaks=0,detect_odr_violation=0" +fi )" # Ugly hack to get LIB_FUZZING_ENGINE only for fuzz targets @@ -52,7 +56,7 @@ sed -i -e 's/linkstatic/linkopts = \["-fsanitize=fuzzer"\],\nlinkstatic/' tensor # Determine all fuzz targets. To control what gets fuzzed with OSSFuzz, all # supported fuzzers are in `//tensorflow/security/fuzzing`. # Ignore fuzzers tagged with `no_oss` in opensource. -declare -r FUZZERS=$(bazel query 'kind(cc_.*, tests(//tensorflow/security/fuzzing/...)) - attr(tags, no_oss, kind(cc_.*, tests(//tensorflow/security/fuzzing/...)))' | grep -v checkpoint_reader_fuzz) +declare FUZZERS=$(bazel query 'kind(cc_.*, tests(//tensorflow/security/fuzzing/...)) - attr(tags, no_oss, kind(cc_.*, tests(//tensorflow/security/fuzzing/...)))' | grep -v checkpoint_reader_fuzz) # checkpoint_reader_fuzz seems out of date with the API # Build the fuzzer targets. @@ -77,6 +81,70 @@ for bazel_target in ${FUZZERS}; do cp ${bazel_location} ${OUT}/$fuzz_name done +echo " write_to_bazelrc('import %workspace%/tools/bazel.rc')" >> configure.py +yes "" | ./configure + +declare FUZZERS=$(grep '^tf_ops_fuzz_target' tensorflow/core/kernels/fuzzing/BUILD | cut -d'"' -f2 | grep -v decode_base64) + +cat >> tensorflow/core/kernels/fuzzing/tf_ops_fuzz_target_lib.bzl << END + +def cc_tf(name): + native.cc_test( + name = name + "_fuzz", + deps = [ + "//tensorflow/core/kernels/fuzzing:fuzz_session", + "//tensorflow/core/kernels/fuzzing:" + name + "_fuzz_lib", + "//tensorflow/cc:cc_ops", + "//tensorflow/cc:scope", + "//tensorflow/core:core_cpu", + ], + + linkopts = ["-fsanitize=fuzzer"] + ) +END + +cat >> tensorflow/core/kernels/fuzzing/BUILD << END + +load("//tensorflow/core/kernels/fuzzing:tf_ops_fuzz_target_lib.bzl", "cc_tf") + +END + +for fuzzer in ${FUZZERS}; do + echo cc_tf\(\"${fuzzer}\"\) >> tensorflow/core/kernels/fuzzing/BUILD +done + +declare FUZZERS=$(bazel query 'kind(cc_.*, tests(//tensorflow/core/kernels/fuzzing/...))' | grep -v decode_base64) + +bazel build \ + --spawn_strategy=sandboxed \ + --jobs=$(nproc) \ + --config=monolithic \ + --dynamic_mode=off \ + ${EXTRA_FLAGS} \ + --verbose_failures \ + --strip=never \ + --define=framework_shared_object=false \ + -- //tensorflow/core/kernels/fuzzing:all + +# The fuzzers built above are in the `bazel-bin/` symlink. But they need to be +# in `$OUT`, so move them accordingly. +for bazel_target in ${FUZZERS}; do + colon_index=$(expr index "${bazel_target}" ":") + fuzz_name="${bazel_target:$colon_index}" + bazel_location="bazel-bin/${bazel_target/:/\/}" + cp ${bazel_location} ${OUT}/$fuzz_name + corpus_location=tensorflow/core/kernels/fuzzing/corpus/$(basename ${fuzz_name} _fuzz) + if [[ -d ${corpus_location} ]] + then + find ${corpus_location} -type f | xargs zip -j ${OUT}/${fuzz_name}_seed_corpus.zip + fi + dict_location=tensorflow/core/kernels/fuzzing/dictionaries/$(basename ${fuzz_name} _fuzz).dict + if [[ -f ${dict_location} ]] + then + cp ${dict_location} $OUT/${fuzz_name}.dict + fi +done + # For coverage, we need to remap source files to correspond to the Bazel build # paths. We also need to resolve all symlinks that Bazel creates. if [ "$SANITIZER" = "coverage" ] @@ -89,7 +157,9 @@ then ${RSYNC_CMD} tensorflow/ ${REMAP_PATH} # Sync generated proto files. - ${RSYNC_CMD} ./bazel-out/k8-opt/bin/tensorflow/core/protobuf ${REMAP_PATH} + ${RSYNC_CMD} ./bazel-out/k8-opt/bin/tensorflow/ ${REMAP_PATH} + ${RSYNC_CMD} ./bazel-out/k8-opt/bin/external/ ${REMAP_PATH} + ${RSYNC_CMD} ./bazel-out/k8-opt/bin/third_party/ ${REMAP_PATH} # Sync external dependencies. We don't need to include `bazel-tensorflow`. # Also, remove `external/org_tensorflow` which is a copy of the entire source