diff --git a/app/boards/native_sim_libfuzzer.conf b/app/boards/native_sim_libfuzzer.conf index ad869e58a3c3..631130f99fc3 100644 --- a/app/boards/native_sim_libfuzzer.conf +++ b/app/boards/native_sim_libfuzzer.conf @@ -8,7 +8,6 @@ CONFIG_SYS_HEAP_BIG_ONLY=y CONFIG_ZEPHYR_NATIVE_DRIVERS=y CONFIG_ARCH_POSIX_LIBFUZZER=y CONFIG_ZEPHYR_POSIX_FUZZ_TICKS=100 -CONFIG_ASAN=y # Override incompatible options found in sof/app/prj.conf # to silence build time warnings diff --git a/app/configs/fuzz_asan.conf b/app/configs/fuzz_asan.conf new file mode 100644 index 000000000000..a4b504ea7617 --- /dev/null +++ b/app/configs/fuzz_asan.conf @@ -0,0 +1 @@ +CONFIG_ASAN=y diff --git a/scripts/fuzz.sh b/scripts/fuzz.sh index 68f3c3cbbbe9..ab9b336abaea 100755 --- a/scripts/fuzz.sh +++ b/scripts/fuzz.sh @@ -12,6 +12,7 @@ Usage: -i4 Appends: -- -DCONFIG_IPC_MAJOR_4=y + fuzz_IPC4_features.conf -i3 See above + -s Which sanitizer to use, defaults to address -p Delete build-fuzz/ first ("pristine") -b Do not run/fuzz: stop after the build. -t n Fuzz for n seconds. @@ -87,15 +88,17 @@ main() local BUILD_ONLY=false local FUZZER_STDOUT=/dev/stdout # bashism local TEST_DURATION=3 + local SANITIZER=address local IPC # Parse "$@". getopts stops after '--' - while getopts "i:hj:po:t:b" opt; do + while getopts "i:hj:ps:o:t:b" opt; do case "$opt" in i) IPC="$OPTARG";; h) print_help; exit 0;; j) if [ "$OPTARG" -eq 0 ]; then JOBS=$(nproc); else JOBS="$OPTARG"; fi;; p) PRISTINE=true;; + s) SANITIZER="$OPTARG";; o) FUZZER_STDOUT="$OPTARG";; t) TEST_DURATION="$OPTARG";; b) BUILD_ONLY=true;; @@ -115,6 +118,11 @@ main() conf_files_list+=";configs/fuzz_IPC${IPC}_features.conf" fi + case $SANITIZER in + address) conf_files_list+=";configs/fuzz_asan.conf";; + *) echo "Unknown fuzzer type"; print_help; exit 1;; + esac + # Note there's never any reason to delete fuzz_corpus/. # Don't trust `west build -p` because it is not 100% unreliable, # especially not when doing unusual toolchain things.