New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bad Build Checks check libraries #1566
Comments
We treat any executable file in the |
I (think I) can mark the .so files as non-executable. |
Wow, I din't know that those are marked as executable by default. Would it be possible to put those files into a subdir of |
I think I would need to add some parameters at link time so that it would look in the subdirectory. note: it isn't actually needed for them to be marked executable on Linux, but the fact that they are executable by default is an issue. |
checking for LLVMFuzzerTestOneInput should work everywhere, @jonathanmetzman can you add that in the bad build check ? @Dor1s - any reason for not that ? |
It's still unclear to me why projects need to ship shared libraries, as we explicitly require to use static linking as per https://github.com/google/oss-fuzz/blob/798abca6f4bc42203bcc52684bdd145a0b494eeb/docs/fuzzer_environment.md#runtime-dependencies |
@inferno-chromium just don't want to add any unnecessary complications for handling the behavior we do discourage and tend to avoid |
I don't know that SwiftShader needs to be dynamically linked, but I haven't seen any way to build a static version of SwiftShader and FWIW I think Chrome uses it as a shared object, even in non-component builds (maybe so that it can switch between angle and swiftshader?). I don't actually know why the docs are anti-dynamic linking, as long as projects ship the library in |
Blocking #1563 |
Fair point regarding SwiftShader, I don't know either! I think in general static builds are faster and more portable, that's why we prefer those. @oliverchang may have any opinion here as well. I don't want to be a blocker here if I'm the only one who against that check :) |
I agree, my uneducated opinion is that static linking is usually preferable. |
I think it makes sense to check for LLVMFuzzerTestOneInput in executables. It's not too complicated and matches CF behaviour. Even if we discourage shared libraries, not having the LLVMFuzzerTestOneInput check during bad build check is not the correct check for that :) |
+1 Do you know some of the reasons not to ship DLLs in $OUT? the main one I can think of is messing up clang coverage but I'm sure there is something I am missing. |
The workaround is no longer necessary, because the scripts checking fuzzers have stopped going down to the subdirectories of $OUT and started to look for the string "LLVMFuzzerTestOneInput" to tell fuzzers and random binaries apart. Some more details can be found at google/oss-fuzz#1566.
I saw this output on a local branch of skia:
The text was updated successfully, but these errors were encountered: