Add support of SANITIZE_TARGET='address coverage' for fuzzing.
Also, add trace-cmp instrumentation to fuzz_test and host_fuzz_test.
Bug: 22850550
Change-Id: Ifff7b8be693ae991feb0a64e19439370a19b2748
diff --git a/core/Makefile b/core/Makefile
index 9ded53b..dfacf28 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -1383,7 +1383,7 @@
$(call intermediates-dir-for,EXECUTABLES,sqlite3,,,$(TARGET_PREFER_32_BIT))/sqlite3
# We can't build static executables when SANITIZE_TARGET=address
-ifneq (address,$(SANITIZE_TARGET))
+ifeq ($(strip $(SANITIZE_TARGET)),)
built_ota_tools += \
$(call intermediates-dir-for,EXECUTABLES,check_prereq,,,$(TARGET_PREFER_32_BIT))/check_prereq \
$(call intermediates-dir-for,EXECUTABLES,applypatch_static,,,$(TARGET_PREFER_32_BIT))/applypatch_static \
@@ -1526,7 +1526,7 @@
# OTA scripts are only interested in fingerprint related properties
$(hide) echo "oem_fingerprint_properties=$(OEM_THUMBPRINT_PROPERTIES)" >> $(zip_root)/META/misc_info.txt
endif
-ifeq ($(SANITIZE_TARGET),address)
+ifneq ($(strip $(SANITIZE_TARGET)),)
# We need to create userdata.img with real data because the instrumented libraries are in userdata.img.
$(hide) echo "userdata_img_with_data=true" >> $(zip_root)/META/misc_info.txt
endif
@@ -1565,7 +1565,7 @@
ifeq ($(BUILD_OS),darwin)
build_ota_package := false
endif
-ifeq ($(SANITIZE_TARGET),address)
+ifneq ($(strip $(SANITIZE_TARGET)),)
build_ota_package := false
endif
ifeq ($(TARGET_PRODUCT),sdk)
diff --git a/core/config_sanitizers.mk b/core/config_sanitizers.mk
index 1efc932..7189338 100644
--- a/core/config_sanitizers.mk
+++ b/core/config_sanitizers.mk
@@ -75,6 +75,14 @@
my_sanitize := $(CLANG_DEFAULT_UB_CHECKS)
endif
+ifneq ($(filter coverage,$(my_sanitize)),)
+ ifeq ($(filter address,$(my_sanitize)),)
+ $(error $(LOCAL_PATH): $(LOCAL_MODULE): Use of 'coverage' also requires 'address')
+ endif
+ my_cflags += -fsanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp
+ my_sanitize := $(filter-out coverage,$(my_sanitize))
+endif
+
ifneq ($(my_sanitize),)
fsanitize_arg := $(subst $(space),$(comma),$(my_sanitize)),
my_cflags += -fsanitize=$(fsanitize_arg)
diff --git a/core/envsetup.mk b/core/envsetup.mk
index ecfca9f..51a2fb3 100644
--- a/core/envsetup.mk
+++ b/core/envsetup.mk
@@ -276,7 +276,7 @@
TARGET_OUT_COMMON_GEN := $(TARGET_COMMON_OUT_ROOT)/gen
TARGET_OUT := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_SYSTEM)
-ifeq ($(SANITIZE_TARGET),address)
+ifneq ($(filter address,$(SANITIZE_TARGET)),)
target_out_shared_libraries_base := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_DATA)
else
target_out_shared_libraries_base := $(TARGET_OUT)
@@ -333,7 +333,7 @@
TARGET_OUT_CACHE := $(PRODUCT_OUT)/cache
TARGET_OUT_VENDOR := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_VENDOR)
-ifeq ($(SANITIZE_TARGET),address)
+ifneq ($(filter address,$(SANITIZE_TARGET)),)
target_out_vendor_shared_libraries_base := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_DATA)/vendor
else
target_out_vendor_shared_libraries_base := $(TARGET_OUT_VENDOR)
diff --git a/core/executable.mk b/core/executable.mk
index 0ce400c..70ef0d9 100644
--- a/core/executable.mk
+++ b/core/executable.mk
@@ -7,7 +7,7 @@
# LOCAL_MODULE_STEM_64
my_skip_this_target :=
-ifeq (address,$(strip $(SANITIZE_TARGET)))
+ifneq ($(filter address,$(SANITIZE_TARGET)),)
ifeq (true,$(LOCAL_FORCE_STATIC_EXECUTABLE))
my_skip_this_target := true
else ifeq (false, $(LOCAL_CLANG))
diff --git a/core/fuzz_test.mk b/core/fuzz_test.mk
index 065cc03..fc582b3 100644
--- a/core/fuzz_test.mk
+++ b/core/fuzz_test.mk
@@ -7,7 +7,7 @@
$(error $(LOCAL_PATH): $(LOCAL_MODULE): NDK fuzz tests are not supported.)
endif
-LOCAL_CFLAGS += -fsanitize-coverage=edge,indirect-calls,8bit-counters
+LOCAL_CFLAGS += -fsanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp
LOCAL_STATIC_LIBRARIES += libLLVMFuzzer
ifdef LOCAL_MODULE_PATH
diff --git a/core/host_fuzz_test.mk b/core/host_fuzz_test.mk
index e917959..cc7baad 100644
--- a/core/host_fuzz_test.mk
+++ b/core/host_fuzz_test.mk
@@ -3,7 +3,7 @@
## Common flags for host fuzz tests are added.
################################################
-LOCAL_CFLAGS += -fsanitize-coverage=edge,indirect-calls,8bit-counters
+LOCAL_CFLAGS += -fsanitize-coverage=edge,indirect-calls,8bit-counters,trace-cmp
LOCAL_STATIC_LIBRARIES += libLLVMFuzzer
include $(BUILD_HOST_EXECUTABLE)