Google Git
Sign in
dawn / tint.git / 12ed862c7ef2d64711cb7e5200f9c28992e2cd12^! / .
commit12ed862c7ef2d64711cb7e5200f9c28992e2cd12[log] [tgz]
authorBen Clayton <bclayton@google.com>Tue Nov 24 15:28:06 2020 +0000
committerCommit Bot service account <commit-bot@chromium.org>Tue Nov 24 15:28:06 2020 +0000
treec8a66fa48d8551f409252ddc947e24819e2e8ed9
parent1b543c6778bbd80dd94137bcc13b8cdcd546bb26 [diff]
Add fuzzer instrumentation when building fuzzers

Without this the fuzzing is unguided and takes exponentially more time to find interesting corpus cases.

Change-Id: I1b66de153bc41a829a5276a02a729f4e6bb50ef0
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/33722
Reviewed-by: David Neto <dneto@google.com>
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: Ben Clayton <bclayton@google.com>
Auto-Submit: Ben Clayton <bclayton@google.com>

diff --git a/fuzzers/CMakeLists.txt b/fuzzers/CMakeLists.txt
index 90e3fb8..3599d42 100644
--- a/fuzzers/CMakeLists.txt
+++ b/fuzzers/CMakeLists.txt

@@ -14,20 +14,9 @@
 
 function(add_tint_fuzzer NAME)
   add_executable(${NAME} ${NAME}.cc)
-  target_link_libraries(${NAME} libtint)
+  target_link_libraries(${NAME} libtint-fuzz)
   tint_default_compile_options(${NAME})
-  target_link_options(${NAME} PRIVATE
-    -fno-omit-frame-pointer
-    -fsanitize=fuzzer,address,undefined
-    -fsanitize-address-use-after-scope
-    -O1
-    -g
-  )
-
-  target_compile_options(${NAME} PRIVATE
-    -fsanitize=fuzzer,address,undefined
-    -Wno-missing-prototypes
-  )
+  target_compile_options(${NAME} PRIVATE -Wno-missing-prototypes)
 endfunction()
 
 if (${TINT_BUILD_WGSL_READER})

diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 90dc67c..0ff1ee2 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt

@@ -435,10 +435,24 @@
   target_compile_options(libtint PRIVATE -fvisibility=hidden)
 endif()
 
+if (${TINT_BUILD_FUZZERS})
+  # Tint library with fuzzer instrumentation
+  add_library(libtint-fuzz ${TINT_LIB_SRCS})
+  tint_default_compile_options(libtint-fuzz)
+  if (${COMPILER_IS_LIKE_GNU})
+    target_compile_options(libtint-fuzz PRIVATE -fvisibility=hidden)
+  endif()
+  target_compile_options(libtint-fuzz PUBLIC -fsanitize=fuzzer -fsanitize-coverage=trace-cmp)
+  target_link_options(libtint-fuzz PUBLIC -fsanitize=fuzzer -fsanitize-coverage=trace-cmp)
+endif()
+
 set_target_properties(libtint PROPERTIES OUTPUT_NAME "tint")
 
 if(${TINT_BUILD_SPV_READER} OR ${TINT_BUILD_SPV_WRITER})
   tint_spvtools_compile_options(libtint)
+  if (${TINT_BUILD_FUZZERS})
+    tint_spvtools_compile_options(libtint-fuzz)
+  endif()
 endif()
 
 if(${TINT_BUILD_SPV_READER})