search

google / oss-fuzz

OSS-Fuzz - continuous fuzzing for open source software.
https://google.github.io/oss-fuzz
Apache License 2.0
10.51k stars 2.23k forks source link

Unable to recompile using chronos #12411

Open mzfr opened 2 months ago

mzfr commented 2 months ago

I tried to use the chronos tool but the final command fails 

❯ docker run -ti --entrypoint="recompile" "gcr.io/oss-fuzz/${PROJECT}-ofg-cached-asan"
/usr/local/bin/recompile: line 2: /usr/local/bin/recompile_env.sh: No such file or directory

I was trying to rebuild the fmt project with FUZZ_TARGET being one-arg-fuzzer

Below is the every command I executed:

export PROJECT=fmt
export FUZZ_TARGET=one-arg-fuzzer
export FUZZING_LANGUAGE=c++

infra/experimental/chronos/prepare-recompile "$PROJECT" "$FUZZ_TARGET" "$FUZZING_LANGUAGE"

python infra/helper.py build_image "$PROJECT"

docker run -ti --entrypoint="/bin/sh" --env SANITIZER="address" --name "${PROJECT}-origin-asan" "gcr.io/oss-fuzz/${PROJECT}" -c "compile && rm -rf /out/*"

docker commit "${PROJECT}-origin-asan" "gcr.io/oss-fuzz/${PROJECT}-ofg-cached-asan"

docker run -ti --entrypoint="recompile" "gcr.io/oss-fuzz/${PROJECT}-ofg-cached-asan"
Jarvx commented 2 months ago

Here are more concrete stacktrace. I have tested with two Linux servers running ubuntu 20.04 and 22.04LTS using this bug info( https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44763) The root cause is it fails at this line so the env script is not being written: https://github.com/google/oss-fuzz/blob/f07ca711a5a261eca1368088aa13badbb84a9a7f/infra/experimental/chronos/chronos.sh#L48


-- CMake version: 3.29.2
-- The CXX compiler identification is Clang 18.0.0
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Check for working CXX compiler: /usr/local/bin/clang++ - skipped
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- {fmt} version: 11.0.2
-- Build type: Debug
-- Performing Test HAS_NULLPTR_WARNING
-- Performing Test HAS_NULLPTR_WARNING - Success
-- Configuring done (0.6s)
-- Generating done (0.0s)
-- Build files have been written to: /src/fmt/build
++ execute_or_record_command
++ [[ cmake --build . == *\o\n\e\-\a\r\g\-\f\u\z\z\e\r* ]]
++ [[ false == \t\r\u\e ]]
+ cmake --build .
[13/15] Linking CXX executable bin/two-args-fuzzer
[15/15] Linking CXX executable bin/chrono-duration-fuzzer
++ execute_or_record_command
++ [[ cp bin/*fuzzer $OUT == *\o\n\e\-\a\r\g\-\f\u\z\z\e\r* ]]
++ [[ false == \t\r\u\e ]]
+ cp bin/chrono-duration-fuzzer bin/chrono-timepoint-fuzzer bin/float-fuzzer bin/named-arg-fuzzer bin/one-arg-fuzzer bin/two-args-fuzzer /out
sha256:01c14fedd409b280c3bce74c052a7fafd9d7d32c95a5ecb5732d2b26e21319d9
/usr/local/bin/recompile: line 2: /usr/local/bin/recompile_env.sh: No such file or directory```
Jarvx commented 2 months ago

Hi, it looks like this project (fmt) uses CMake, therefore, the actual bash commands contain no fuzz target at all. After debugging, I found actual bash commands are :

cmake --build .
cmake .. -GNinja -DCMAKE_BUILD_TYPE=Debug -DCMAKE_CXX_STANDARD=14 -DFMT_DOC=Off -DFMT_TEST=Off -DFMT_SAFE_DURATION_CAST=On -DFMT_FUZZ=On -DFMT_FUZZ_LINKMAIN=Off -DFMT_FUZZ_LDFLAGS=$LIB_FUZZING_ENGINE

It looks like chronos will not record command in this case. Please correct me if my observation is not an intended result from chronos. I have added bash code to capture all bash commands in that if-else-block (line48).

DonggeLiu commented 2 months ago

Thanks @Jarvx! This is likely because the DEBUG trap does not inherently propagate to commands run by subshells or external commands like CMAKE and Make.

Maybe we can use strace?