Fix tensorflow build (#6860)

* Fix tensorflow build * Remove MSAN from tensorflow as when building, Protobuf trips on it * Restrict tensorflow to libfuzzer due to ugly hack
2021-11-19 15:25:40 +01:00 · 2021-11-19 15:25:40 +01:00 · a35e3e96de
parent a21768ce6a
commit a35e3e96de
3 changed files with 12 additions and 7 deletions
--- a/projects/tensorflow/Dockerfile
+++ b/projects/tensorflow/Dockerfile
@ -34,6 +34,10 @@ RUN curl -Lo /usr/bin/bazel \
        && \
    chmod +x /usr/bin/bazel

+ENV JAVA_HOME /usr/lib/jvm/java-15-openjdk-amd64
+# it fails after installing java due to jazzer env variables missing
+RUN install_java.sh || true
+
 RUN git clone --depth 1 https://github.com/tensorflow/tensorflow tensorflow
 WORKDIR $SRC/tensorflow
 COPY build.sh $SRC/
--- a/projects/tensorflow/build.sh
+++ b/projects/tensorflow/build.sh
@ -45,26 +45,26 @@ then
 fi
 )"

+# Ugly hack to get LIB_FUZZING_ENGINE only for fuzz targets
+# and not for other binaries such as protoc
+sed -i -e 's/linkstatic/linkopts = \["-fsanitize=fuzzer"\],\nlinkstatic/' tensorflow/security/fuzzing/tf_fuzzing.bzl
+
 # Determine all fuzz targets. To control what gets fuzzed with OSSFuzz, all
 # supported fuzzers are in `//tensorflow/security/fuzzing`.
 # Ignore fuzzers tagged with `no_oss` in opensource.
-declare -r FUZZERS=$(bazel query 'kind(cc_.*, tests(//tensorflow/security/fuzzing/...)) - attr(tags, no_oss, kind(cc_.*, tests(//tensorflow/security/fuzzing/...)))')
+declare -r FUZZERS=$(bazel query 'kind(cc_.*, tests(//tensorflow/security/fuzzing/...)) - attr(tags, no_oss, kind(cc_.*, tests(//tensorflow/security/fuzzing/...)))' | grep -v checkpoint_reader_fuzz)
+# checkpoint_reader_fuzz seems out of date with the API

 # Build the fuzzer targets.
 # Pass in `--config=libc++` to link against libc++.
 # Pass in `--verbose_failures` so it is easy to debug compile crashes.
 # Pass in `--strip=never` to ensure coverage support.
-# Pass in `$LIB_FUZZING_ENGINE` to `--copt` and `--linkopt` to ensure we have a
-# `main` symbol defined (all these fuzzers build without a `main` and by default
-# `$CFLAGS` and `CXXFLAGS` compile with `-fsanitize=fuzzer-no-link`).
 # Since we have `assert` in fuzzers, make sure `NDEBUG` is not defined
 bazel build \
  --config=libc++ \
  ${EXTRA_FLAGS} \
  --verbose_failures \
  --strip=never \
-  --copt=${LIB_FUZZING_ENGINE} \
-  --linkopt=${LIB_FUZZING_ENGINE} \
  --copt='-UNDEBUG' \
  -- ${FUZZERS}

--- a/projects/tensorflow/project.yaml
+++ b/projects/tensorflow/project.yaml
@ -6,5 +6,6 @@ auto_ccs:
 sanitizers:
  - address
  - undefined
-  - memory
+fuzzing_engines:
+  - libfuzzer
 main_repo: 'https://github.com/tensorflow/tensorflow'