From ae94594a64daacd32d0ec85746b2e7f3d02164f3 Mon Sep 17 00:00:00 2001
From: Craig Tiller <ctiller@google.com>
Date: Wed, 23 Mar 2016 21:43:58 -0700
Subject: [PATCH] Support tracing fuzzers

---
 Makefile                                         | 10 ++++++++++
 build.yaml                                       | 13 +++++++++++++
 templates/tools/fuzzer/runners.template          |  8 +++++++-
 tools/fuzzer/runners/hpack_parser_fuzzer_test.sh |  8 +++++++-
 tools/fuzzer/runners/http_fuzzer_test.sh         |  8 +++++++-
 tools/fuzzer/runners/json_fuzzer_test.sh         |  8 +++++++-
 tools/fuzzer/runners/uri_fuzzer_test.sh          |  8 +++++++-
 tools/run_tests/configs.json                     |  8 ++++++++
 8 files changed, 66 insertions(+), 5 deletions(-)

diff --git a/Makefile b/Makefile
index b974126a974..b23d5f8b7e7 100644
--- a/Makefile
+++ b/Makefile
@@ -95,6 +95,16 @@ LDXX_opt = $(DEFAULT_CXX)
 CPPFLAGS_opt = -O2
 DEFINES_opt = NDEBUG
 
+VALID_CONFIG_asan-trace-cmp = 1
+REQUIRE_CUSTOM_LIBRARIES_asan-trace-cmp = 1
+CC_asan-trace-cmp = clang
+CXX_asan-trace-cmp = clang++
+LD_asan-trace-cmp = clang
+LDXX_asan-trace-cmp = clang++
+CPPFLAGS_asan-trace-cmp = -O0 -fsanitize-coverage=trace-cmp -fsanitize=address -fno-omit-frame-pointer -Wno-unused-command-line-argument -DGPR_NO_DIRECT_SYSCALLS
+LDFLAGS_asan-trace-cmp = -fsanitize=address
+DEFINES_asan-trace-cmp += GRPC_TEST_SLOWDOWN_BUILD_FACTOR=3
+
 VALID_CONFIG_dbg = 1
 CC_dbg = $(DEFAULT_CC)
 CXX_dbg = $(DEFAULT_CXX)
diff --git a/build.yaml b/build.yaml
index 76a126c9470..ef2f269272d 100644
--- a/build.yaml
+++ b/build.yaml
@@ -2846,6 +2846,19 @@ configs:
     test_environ:
       ASAN_OPTIONS: detect_leaks=0:color=always
     timeout_multiplier: 3
+  asan-trace-cmp:
+    CC: clang
+    CPPFLAGS: -O0 -fsanitize-coverage=trace-cmp -fsanitize=address -fno-omit-frame-pointer
+      -Wno-unused-command-line-argument -DGPR_NO_DIRECT_SYSCALLS
+    CXX: clang++
+    LD: clang
+    LDFLAGS: -fsanitize=address
+    LDXX: clang++
+    compile_the_world: true
+    test_environ:
+      ASAN_OPTIONS: detect_leaks=1:color=always
+      LSAN_OPTIONS: suppressions=tools/lsan_suppressions.txt:report_objects=1
+    timeout_multiplier: 3
   basicprof:
     CPPFLAGS: -O2 -DGRPC_BASIC_PROFILER -DGRPC_TIMERS_RDTSC
     DEFINES: NDEBUG
diff --git a/templates/tools/fuzzer/runners.template b/templates/tools/fuzzer/runners.template
index 99cd7376761..26ac7c80dfa 100644
--- a/templates/tools/fuzzer/runners.template
+++ b/templates/tools/fuzzer/runners.template
@@ -35,4 +35,10 @@ template: |
   # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   #
 
-  bins/$config/${selected.name} -max_total_time=3600 fuzzer_output ${' '.join(selected.corpus_dirs)}
+  flags="-max_total_time=3600"
+  if [ "$config" == "asan-trace-cmp" ]
+  then
+    flags="-use_traces=1 $flags"
+  fi
+
+  bins/$config/${selected.name} $flags fuzzer_output ${' '.join(selected.corpus_dirs)}
diff --git a/tools/fuzzer/runners/hpack_parser_fuzzer_test.sh b/tools/fuzzer/runners/hpack_parser_fuzzer_test.sh
index d6315ec6264..366fe76ab3f 100644
--- a/tools/fuzzer/runners/hpack_parser_fuzzer_test.sh
+++ b/tools/fuzzer/runners/hpack_parser_fuzzer_test.sh
@@ -29,4 +29,10 @@
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
-bins/$config/hpack_parser_fuzzer_test -max_total_time=3600 fuzzer_output test/core/transport/chttp2/hpack_parser_corpus
+flags="-max_total_time=3600"
+if [ "$config" == "asan-trace-cmp" ]
+then
+  flags="-use_traces=1 $flags"
+fi
+
+bins/$config/hpack_parser_fuzzer_test $flags fuzzer_output test/core/transport/chttp2/hpack_parser_corpus
diff --git a/tools/fuzzer/runners/http_fuzzer_test.sh b/tools/fuzzer/runners/http_fuzzer_test.sh
index 74dfe6ea23c..00a420809c1 100644
--- a/tools/fuzzer/runners/http_fuzzer_test.sh
+++ b/tools/fuzzer/runners/http_fuzzer_test.sh
@@ -29,4 +29,10 @@
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
-bins/$config/http_fuzzer_test -max_total_time=3600 fuzzer_output test/core/http/corpus
+flags="-max_total_time=3600"
+if [ "$config" == "asan-trace-cmp" ]
+then
+  flags="-use_traces=1 $flags"
+fi
+
+bins/$config/http_fuzzer_test $flags fuzzer_output test/core/http/corpus
diff --git a/tools/fuzzer/runners/json_fuzzer_test.sh b/tools/fuzzer/runners/json_fuzzer_test.sh
index 2b0770a5053..1cd3d55d1bd 100644
--- a/tools/fuzzer/runners/json_fuzzer_test.sh
+++ b/tools/fuzzer/runners/json_fuzzer_test.sh
@@ -29,4 +29,10 @@
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
-bins/$config/json_fuzzer_test -max_total_time=3600 fuzzer_output test/core/json/corpus
+flags="-max_total_time=3600"
+if [ "$config" == "asan-trace-cmp" ]
+then
+  flags="-use_traces=1 $flags"
+fi
+
+bins/$config/json_fuzzer_test $flags fuzzer_output test/core/json/corpus
diff --git a/tools/fuzzer/runners/uri_fuzzer_test.sh b/tools/fuzzer/runners/uri_fuzzer_test.sh
index 5225d18db22..bac4fb844dc 100644
--- a/tools/fuzzer/runners/uri_fuzzer_test.sh
+++ b/tools/fuzzer/runners/uri_fuzzer_test.sh
@@ -29,4 +29,10 @@
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
-bins/$config/uri_fuzzer_test -max_total_time=3600 fuzzer_output test/core/client_config/uri_corpus
+flags="-max_total_time=3600"
+if [ "$config" == "asan-trace-cmp" ]
+then
+  flags="-use_traces=1 $flags"
+fi
+
+bins/$config/uri_fuzzer_test $flags fuzzer_output test/core/client_config/uri_corpus
diff --git a/tools/run_tests/configs.json b/tools/run_tests/configs.json
index a858170d87a..325e9aa9295 100644
--- a/tools/run_tests/configs.json
+++ b/tools/run_tests/configs.json
@@ -2,6 +2,14 @@
   {
     "config": "opt"
   }, 
+  {
+    "config": "asan-trace-cmp", 
+    "environ": {
+      "ASAN_OPTIONS": "detect_leaks=1:color=always", 
+      "LSAN_OPTIONS": "suppressions=tools/lsan_suppressions.txt:report_objects=1"
+    }, 
+    "timeout_multiplier": 3
+  }, 
   {
     "config": "dbg"
   },