Add initial support for i386 builds

[jonathanmetzman]

Add initial support for i386 (ie: 32 bit/x86) builds.
Build + install i386 versions of clang libraries.
Build + install an i386 version of libc++.
Create a new build option ARCHITECTURE (that defaults to x86_64).
Use the correct CFLAGS and CXXFLAGS (to compile for i386 and use the right libc++) when ARCHITECTURE is i386.

[jonathanmetzman]

I've only tested this with skcms so far I need to do more.
This is currently blocked on my LLVM patch adding i386 support to libFuzzer.

Once that patch lands it is unclear if we will simply roll clang forward early or if we will need to wait for Chromium's clang to be updated.
We could use libFuzzingEngine.a in $LIB_FUZZING_ENGINE as a temporary workaround that unblocks this patch.

[jonathanmetzman]

The runner needs a 32-bit compatible version of ld-linux.so and other basic libraries (including libgcc for some strange reason?) for this to work. That can be done by installing libc6-dev-i386 on the runner.

[jonathanmetzman]

The runner needs a 32-bit compatible version of ld-linux.so and other basic libraries (including libgcc for some strange reason?) for this to work. That can be done by installing libc6-dev-i386 on the runner.

I do this now by installing libc6-dev-i386 to the runner (as well as the runner). With dependencies it adds about 50 MB to the image size. It pulls in a lot that is potentially not needed on the runner so reducing that might be worth exploring.

[evverx]

@jonathanmetzman I think it's a great idea but having opened google/sanitizers#778 (which was closed as a duplicate of google/sanitizers#628) I was under the impression that i386 wasn't the most popular platform among the developers of sanitizers. I'm wondering if this has changed.

[evverx]

What I was trying to say is that it would be great if there was a way to turn it off completely when (if?) it's merged because after I peppered the code with kludges to get around MSan false positives nobody is willing to fix I'd wait for someone else to test how stable sanitizers on i386 are.

[jonathanmetzman]

I was under the impression that i386 wasn't the most popular platform among the developers of sanitizers. I'm wondering if this has changed.

It isn't the most popular but we've had Chrome's libFuzzer targets running on i386 for months now without any issues. I don't know enough to say it will work but I think it will. CC @kcc @morehouse
if they have any comments.

What I was trying to say is that it would be great if there was a way to turn it off completely when (if?) it's merged

There will be an easy way to turn it off. Initially it will be off by default, projects will need to opt-in to it by adding something to project.yaml.

I peppered the code with kludges to get around MSan false positives nobody is willing to fix I'd wait for someone else to test how stable sanitizers on i386 are.

MSAN is totally unsupported on i386. We only plan on using ASAN for now.

[morehouse]

I was under the impression that i386 wasn't the most popular platform among the developers of sanitizers. I'm wondering if this has changed.

We're not opposed to sanitizers on 32-bit, we just don't have the resources to support them ourselves. We have similar stories for sanitizers on Mac, Windows, etc., but many of those platforms have other interested parties that support them (e.g., Apple).

[evverx]

I thought you were going to roll it out globally. Looks like it doesn't seem to be the case and I could wait for more issues found by ASan on i386 to be opened to the public (or as a last resort to experiment with it locally) before turning it on. Sorry for the noise.

I also went through issues at https://bugs.chromium.org/p/chromium/issues/list?can=1&q=description%3Ax86_libfuzzer_chrome_asan%2Cx86_libfuzzer_chrome_asan_debug and I'm wondering what is going to happen when ASan finds a memory leak for example on i386 and x86_64 with AFL and libFuzzer. Is my understanding correct that it will open 3 different issues?

[jonathanmetzman]

I thought you were going to roll it out globally. Looks like it doesn't seem to be the case and I could wait for more issues found by ASan on i386 to be opened to the public (or as a last resort to experiment with it locally) before turning it on. Sorry for the noise.

No problem. This is a fine approach to take.

I also went through issues at https://bugs.chromium.org/p/chromium/issues/list?can=1&q=description%3Ax86_libfuzzer_chrome_asan%2Cx86_libfuzzer_chrome_asan_debug

Good sleuthing!

and I'm wondering what is going to happen when ASan finds a memory leak for example on i386 and x86_64 with AFL and libFuzzer. Is my understanding correct that it will open 3 different issues?

No. It will be deduplicated and only one issue should be filed (this will make it harder to determine which bugs are x86 only but iirc there are definitely some clear cases of this). Also we will only use libFuzzer on x86 (AFL doesn't use LSAN btw).

[jonathanmetzman]

Need to roll clang past r359802 to support this.

[jonathanmetzman]

Chrome rolled to 360094 so this can land even if my OSS-Fuzz clang roll doesn't stick.

[jonathanmetzman]

This PR won't contain any documentation changes as I want to land this change before I fully support its use by OSS-Fuzz users.

[jonathanmetzman]

@oliverchang @inferno-chromium PTAL

[oliverchang]

LGTM. this will need changes to CF images as well for 32-bit libs right?

[jonathanmetzman]

LGTM. this will need changes to CF images as well for 32-bit libs right?

Yep. Will change that with my CF-repo changes.

[inferno-chromium]

can you make this a CFLAGS_EXTRA and then add support for that similar to
infra/base-images/base-clang/Dockerfile:ENV CXXFLAGS "$CFLAGS $CXXFLAGS_EXTRA"

[jonathanmetzman]

Why? as far as I can tell CXXFLAGS_EXTRA is to have "extra" flags to append to CFLAGS to get CXXFLAGS instead of having to repeat the flags. I don't think I understand the benefits having CFLAGS_EXTRA provides.

[inferno-chromium]

ah my bad, this is flags itself, so appending to CFLAGS directly is fine.

[inferno-chromium]

--architecture is fine.

[jonathanmetzman]

--architecture is fine.

Thanks. I'm not opposed to arch, we can discuss before we make this feature supported.