Link fuzzers against shared library to reduce executable sizes

CMakeLists.txt

@@ -19,6 +19,10 @@ include(cmake/FindClangTidy.cmake)
 ########################################################################
 ## Project/Build Configuration
 
+if ( ZEEK_ENABLE_FUZZERS )
+    # Fuzzers use shared lib to save disk space, so need -fPIC on everything
+    set(CMAKE_POSITION_INDEPENDENT_CODE ON)
+endif ()
 
 if (ENABLE_ZEEK_UNIT_TESTS)
     enable_testing()

src/fuzzers/CMakeLists.txt

@@ -26,14 +26,11 @@ macro(ADD_FUZZ_TARGET _name)
     set(_fuzz_target zeek-${_name}-fuzzer)
     set(_fuzz_source ${_name}-fuzzer.cc)
 
-    add_executable(${_fuzz_target} ${_fuzz_source} ${ARGN}
-                   $<TARGET_OBJECTS:zeek_objs>
-                   $<TARGET_OBJECTS:zeek_fuzzer_common>
-                   ${zeek_HEADERS}
-                   ${bro_SUBDIR_LIBS}
-                   ${bro_PLUGIN_LIBS})
+    add_executable(${_fuzz_target} ${_fuzz_source} ${ARGN})
 
-    target_link_libraries(${_fuzz_target} ${zeekdeps}
+    target_link_libraries(${_fuzz_target}
+                          zeek_fuzzer_shared
+                          ${BIND_LIBRARY}
                           ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS})
 
     if ( DEFINED ZEEK_FUZZING_ENGINE )
@@ -45,7 +42,31 @@ macro(ADD_FUZZ_TARGET _name)
 endmacro ()
 
 include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR})
-add_library(zeek_fuzzer_common OBJECT FuzzBuffer.cc)
+
 add_library(zeek_fuzzer_standalone OBJECT standalone-driver.cc)
 
+add_library(zeek_fuzzer_shared SHARED
+            $<TARGET_OBJECTS:zeek_objs>
+            ${bro_SUBDIR_LIBS}
+            ${bro_PLUGIN_LIBS}
+            FuzzBuffer.cc
+)
+
+set(zeek_fuzzer_shared_deps)
+
+foreach(_dep ${zeekdeps} )
+    # The bind library is handled a bit hack-ishly since it defaults to
+    # linking it as static library by default on Linux, but at least
+    # on one common distro, that static library wasn't compiled with -fPIC
+    # and so not usable in the shared library we're trying to build.
+    # So instead, the fuzzer executable, not the shared lib, links it.
+    if ( NOT "${_dep}" STREQUAL "${BIND_LIBRARY}" )
+        set(zeek_fuzzer_shared_deps ${zeek_fuzzer_shared_deps} ${_dep})
+    endif ()
+endforeach ()
+
+target_link_libraries(zeek_fuzzer_shared
+                      ${zeek_fuzzer_shared_deps}
+                      ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS})
+
 add_fuzz_target(pop3)

src/fuzzers/README

@@ -11,10 +11,8 @@ Example Build: Initial Fuzzing and Seed Corpus
 First configure and build for fuzzing (with libFuzzer) and code coverage::
 
     $ LIB_FUZZING_ENGINE="" CC=clang CXX=clang++ \
-      CFLAGS="-fprofile-instr-generate -fcoverage-mapping" \
-      CXXFLAGS="-fprofile-instr-generate -fcoverage-mapping" \
       ./configure --build-type=debug --build-dir=./build-fuzz-cov \
-      --sanitizers=fuzzer-no-link --enable-fuzzers
+      --sanitizers=fuzzer-no-link --enable-fuzzers --enable-coverage
 
     $ cd build-fuzz-cov && make -j $(nproc)
 
@@ -43,9 +41,9 @@ To check the code coverage of the corpus::
 
     $ ./src/fuzzers/zeek-pop3-fuzzer min-corpus/*
 
-    $ llvm-profdata merge -sparse default.profraw -o zeek.profdata && \
-      llvm-cov report ./src/fuzzers/zeek-pop3-fuzzer -instr-profile=zeek.profdata \
-        ../src/analyzer/protocol/pop3/
+    $ llvm-cov gcov $(find . -name POP3.cc.gcda) | grep -A1 POP3.cc
+
+    # Annotated source file is now output to POP3.cc.gcov
 
 If the code coverage isn't satisfying, there may be something wrong with
 the fuzzer, it may need a better dictionary, or it may need to fuzz for longer.