cmake: support coverage-guided testing in Lua

When using a sanitizer like Address Sanitizer with luzer, it’s
necessary to LD_PRELOAD the sanitizer's shared object. ASan requires
that it be loaded first, before anything else; it must either be
preloaded, or statically linked into the executable (in this case, the
Lua interpreter). ASan and UBSan define many of the same code
coverage symbols as libFuzzer. In typical libFuzzer usage, this isn’t an
issue, since ASan/UBSan declare those symbols weak; the libFuzzer ones
take precedence. But when libFuzzer is loaded in a shared object later,
that doesn't work. The symbols from ASan/UBSan have already been loaded
via LD_PRELOAD, and coverage information therefore goes to those
libraries, leaving libFuzzer very broken.

The only good way to solve this is to link libFuzzer into Lua itself,
instead of luzer. Since it's therefore part of the proper executable
rather than a shared object that's dynamically loaded later, symbol
resolution works correctly and libFuzzer symbols take precedence.

```
cd build/lua-master/source
mkdir lf
cp /usr/lib/llvm-21/lib/clang/21/lib/linux/libclang_rt.fuzzer_no_main-x86_64.a lf/
cd lf/
ar x libclang_rt.fuzzer_no_main-x86_64.a
```

The patch make the following changes:

- rename cmake/SetClangLibRT.cmake to cmake/LibFuzzer.cmake
- bump luzer version to the latest
- add a CMake function that unpacks LibFuzzer
- update PUC Rio Lua and LuaJIT patches so their build systems
  can link LibFuzzer object files with Lua runtime executable
  binaries

1. https://security.googleblog.com/2020/12/how-atheris-python-fuzzer-works.html
2. https://github.com/google/atheris/blob/master/native_extension_fuzzing.md#option-b-linking-libfuzzer-into-python
3. https://github.com/google/atheris/blob/master/libfuzzer_mod/cpython-3.8.6-add-libFuzzer.patch

Follows up tarantool/tarantool#11884

Author: ligurio

CMakeLists.txt

@@ -33,6 +33,12 @@ set(CMAKE_INCLUDE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake" ${CMAKE_INCLUDE_PATH}
 include(SetBuildParallelLevel)
 include(SetHardwareArch)
 
+if (ENABLE_LAPI_TESTS)
+  include(LibFuzzer)
+  SetLibFuzzerPath(FUZZER_NO_MAIN_LIBRARY)
+  SetLibFuzzerObjDir(LibFuzzerObjDir)
+endif()
+
 if (USE_LUA AND NOT LUA_VERSION)
   set(LUA_VERSION "master")
 endif()

cmake/BuildLua.cmake

@@ -65,6 +65,7 @@ macro(build_lua LUA_VERSION)
         # `io.popen()` is not supported by default, it is enabled
         # by `LUA_USE_POSIX` flag. Required by a function `random_locale()`.
         set(CFLAGS "${CFLAGS} -DLUA_USE_POSIX")
+        set(LDFLAGS "${LDFLAGS} -lstdc++")
     endif()
 
     include(ExternalProject)
@@ -90,6 +91,7 @@ macro(build_lua LUA_VERSION)
         BUILD_COMMAND cd <SOURCE_DIR> && make -j CC=${CMAKE_C_COMPILER}
                                                  CFLAGS=${CFLAGS}
                                                  LDFLAGS=${LDFLAGS}
+                                                 LF_PATH=${LibFuzzerObjDir}
         INSTALL_COMMAND ""
 
         BUILD_BYPRODUCTS ${LUA_LIBRARY} ${LUA_EXECUTABLE}

cmake/BuildLuaJIT.cmake

@@ -88,6 +88,7 @@ macro(build_luajit LJ_VERSION)
         # CMake option LUAJIT_FRIENDLY_MODE in luzer requires
         # LUAJIT_ENABLE_CHECKHOOK.
         set(CFLAGS "${CFLAGS} -DLUAJIT_ENABLE_CHECKHOOK")
+        set(LDFLAGS "${LDFLAGS} -lstdc++")
     endif()
 
     include(ExternalProject)
@@ -116,6 +117,7 @@ macro(build_luajit LJ_VERSION)
                                                  CFLAGS=${CFLAGS}
                                                  LDFLAGS=${LDFLAGS}
                                                  HOST_CFLAGS=-fno-sanitize=undefined
+                                                 LF_PATH=${LibFuzzerObjDir}
                                                  -C src
         INSTALL_COMMAND ""
 

cmake/BuildLuzer.cmake

@@ -34,7 +34,7 @@ endif()
 
 ExternalProject_Add(bundled-luzer
     GIT_REPOSITORY https://github.com/ligurio/luzer
-    GIT_TAG fc4a32fe98f1da8b07f74a35f40b678692e7152b
+    GIT_TAG e4624477735961457f562423ef2ba9afa51ba170
     GIT_PROGRESS TRUE
     GIT_SHALLOW FALSE
     SOURCE_DIR ${LUZER_DIR}/source

cmake/LibFuzzer.cmake

@@ -0,0 +1,62 @@
+# The function sets the given variable in a parent scope to a
+# string with hardware architecture name and this name should
+# match to hardware architecture name used in a library name of
+# libclang_rt.fuzzer_no_main: aarch64, x86_64, i386.
+function(SetHwArchString outvar)
+  set(${outvar} ${CMAKE_SYSTEM_PROCESSOR} PARENT_SCOPE)
+endfunction()
+
+# The function sets the given variable in a parent scope to a
+# value with path to libclang_rt.fuzzer_no_main [1] library.
+# The function raises a fatal message if C compiler is not Clang.
+#
+# $ clang-15 -print-file-name=libclang_rt.fuzzer_no_main-x86_64.a
+# $ /usr/lib/llvm-15/lib/clang/15.0.7/lib/linux/libclang_rt.fuzzer_no_main-x86_64.a
+#
+# 1. https://llvm.org/docs/LibFuzzer.html#using-libfuzzer-as-a-library
+function(SetLibFuzzerPath outvar)
+  if (NOT CMAKE_C_COMPILER_ID STREQUAL "Clang")
+    message(FATAL_ERROR "C compiler is not a Clang")
+  endif ()
+
+  SetHwArchString(HW_ARCH)
+  if (CMAKE_SYSTEM_NAME STREQUAL "Linux")
+    set(lib_name "libclang_rt.fuzzer_no_main-${HW_ARCH}.a")
+  else()
+    message(FATAL_ERROR "Unsupported system: ${CMAKE_SYSTEM_NAME}")
+  endif()
+
+  execute_process(COMMAND ${CMAKE_C_COMPILER} "-print-file-name=${lib_name}"
+    RESULT_VARIABLE CMD_ERROR
+    OUTPUT_VARIABLE CMD_OUTPUT
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+  )
+  if (CMD_ERROR)
+    message(FATAL_ERROR "${CMD_ERROR}")
+  endif()
+
+  if(NOT EXISTS ${CMD_OUTPUT})
+    message(FATAL_ERROR "${lib_name} was not found.")
+  endif()
+
+  set(${outvar} ${CMD_OUTPUT} PARENT_SCOPE)
+endfunction()
+
+# The function unpack libFuzzer archive located at <LibFuzzerPath>
+# to a directory <LibFuzzerDir> and return a path to a directory
+# with libFuzzer's object files.
+function(SetLibFuzzerObjDir outvar)
+  set(LibFuzzerDir ${PROJECT_BINARY_DIR}/libFuzzer_unpacked)
+  file(MAKE_DIRECTORY ${LibFuzzerDir})
+  SetLibFuzzerPath(LibFuzzerPath)
+  execute_process(
+    COMMAND ${CMAKE_AR} x ${LibFuzzerPath} --output ${LibFuzzerDir}
+    RESULT_VARIABLE CMD_ERROR
+    OUTPUT_VARIABLE CMD_OUTPUT
+    WORKING_DIRECTORY ${LibFuzzerDir}
+  )
+  if (CMD_ERROR)
+    message(FATAL_ERROR "${CMD_ERROR}")
+  endif()
+  set(${outvar} ${LibFuzzerDir} PARENT_SCOPE)
+endfunction()

patches/luajit-v2.1.patch

@@ -1,5 +1,41 @@
+diff --git a/src/Makefile b/src/Makefile
+index 969bf289..2375daf3 100644
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -189,7 +189,7 @@ endif
+
+ ASOPTIONS= $(CCOPT) $(CCWARN) $(XCFLAGS) $(CFLAGS)
+ CCOPTIONS= $(CCDEBUG) $(ASOPTIONS)
+-LDOPTIONS= $(CCDEBUG) $(LDFLAGS)
++LDOPTIONS= $(CCDEBUG) $(LDFLAGS) -Wl,--whole-archive $(LIBFUZZER) -Wl,--no-whole-archive
+
+ HOST_CC= $(CC)
+ HOST_RM?= rm -f
+@@ -514,6 +514,10 @@ LJLIB_O= lib_base.o lib_math.o lib_bit.o lib_string.o lib_table.o \
+	 lib_buffer.o
+ LJLIB_C= $(LJLIB_O:.o=.c)
+
++ifneq ($(LF_PATH),)
++LIBFUZZER_O= $(shell find $(LF_PATH) -maxdepth 1 -name '*.o')
++endif
++
+ LJCORE_O= lj_assert.o lj_gc.o lj_err.o lj_char.o lj_bc.o lj_obj.o lj_buf.o \
+	  lj_str.o lj_tab.o lj_func.o lj_udata.o lj_meta.o lj_debug.o \
+	  lj_prng.o lj_state.o lj_dispatch.o lj_vmevent.o lj_vmmath.o \
+@@ -748,9 +752,9 @@ $(LUAJIT_SO): $(LJVMCORE_O)
+	$(Q)$(TARGET_LD) $(TARGET_ASHLDFLAGS) -o $@ $(LJVMCORE_DYNO) $(TARGET_ALIBS)
+	$(Q)$(TARGET_STRIP) $@
+
+-$(LUAJIT_T): $(TARGET_O) $(LUAJIT_O) $(TARGET_DEP)
++$(LUAJIT_T): $(TARGET_O) $(LUAJIT_O) $(TARGET_DEP) $(LIBFUZZER_O)
+	$(E) "LINK      $@"
+-	$(Q)$(TARGET_LD) $(TARGET_ALDFLAGS) -o $@ $(LUAJIT_O) $(TARGET_O) $(TARGET_ALIBS)
++	$(Q)$(TARGET_LD) $(TARGET_ALDFLAGS) -o $@ $(LUAJIT_O) $(TARGET_O) $(TARGET_ALIBS) $(LIBFUZZER_O)
+	$(Q)$(TARGET_STRIP) $@
+	$(E) "OK        Successfully built LuaJIT"
+
 diff --git a/src/host/buildvm.c b/src/host/buildvm.c
-index ec99e501..d23530c4 100644
+index 24db75f4..021e7dbe 100644
 --- a/src/host/buildvm.c
 +++ b/src/host/buildvm.c
 @@ -35,6 +35,10 @@
@@ -14,7 +50,7 @@ index ec99e501..d23530c4 100644
 
  /* DynASM glue definitions. */
 diff --git a/src/lj_buf.h b/src/lj_buf.h
-index 744e5747..ea299472 100644
+index 15a04250..ef701256 100644
 --- a/src/lj_buf.h
 +++ b/src/lj_buf.h
 @@ -165,6 +165,13 @@ LJ_FUNC SBuf * LJ_FASTCALL lj_buf_putchar(SBuf *sb, int c);
@@ -32,7 +68,7 @@ index 744e5747..ea299472 100644
  {
    return (char *)memcpy(p, q, len) + len;
 diff --git a/src/lj_carith.c b/src/lj_carith.c
-index 9bea0a33..046dea4c 100644
+index b09812c6..98128daa 100644
 --- a/src/lj_carith.c
 +++ b/src/lj_carith.c
 @@ -159,6 +159,11 @@ static int carith_ptr(lua_State *L, CTState *cts, CDArith *ca, MMS mm)
@@ -48,7 +84,7 @@ index 9bea0a33..046dea4c 100644
  {
    if (ctype_isnum(ca->ct[0]->info) && ca->ct[0]->size <= 8 &&
 diff --git a/src/lj_opt_fold.c b/src/lj_opt_fold.c
-index ce78505b..bc9d64f3 100644
+index 456c04b2..4edfa742 100644
 --- a/src/lj_opt_fold.c
 +++ b/src/lj_opt_fold.c
 @@ -260,6 +260,11 @@ LJFOLDF(kfold_numcomp)
@@ -64,10 +100,10 @@ index ce78505b..bc9d64f3 100644
  {
    switch (op) {
 diff --git a/src/lj_parse.c b/src/lj_parse.c
-index 5a44f8db..bfe044a8 100644
+index 832f6bf4..7d0390e4 100644
 --- a/src/lj_parse.c
 +++ b/src/lj_parse.c
-@@ -934,6 +934,11 @@ static void bcemit_binop(FuncState *fs, BinOpr op, ExpDesc *e1, ExpDesc *e2)
+@@ -935,6 +935,11 @@ static void bcemit_binop(FuncState *fs, BinOpr op, ExpDesc *e1, ExpDesc *e2)
  }
 
  /* Emit unary operator. */
@@ -80,7 +116,7 @@ index 5a44f8db..bfe044a8 100644
  {
    if (op == BC_NOT) {
 diff --git a/src/lj_snap.c b/src/lj_snap.c
-index 6fda08ba..c7f51d7d 100644
+index d0d28c81..c8d5ffcc 100644
 --- a/src/lj_snap.c
 +++ b/src/lj_snap.c
 @@ -763,6 +763,13 @@ static void snap_restoreval(jit_State *J, GCtrace *T, ExitState *ex,
@@ -98,7 +134,7 @@ index 6fda08ba..c7f51d7d 100644
  static void snap_restoredata(jit_State *J, GCtrace *T, ExitState *ex,
 			     SnapNo snapno, BloomFilter rfilt,
 diff --git a/src/lj_str.c b/src/lj_str.c
-index cfdaec6f..88f9c765 100644
+index f34d6d95..806c67db 100644
 --- a/src/lj_str.c
 +++ b/src/lj_str.c
 @@ -13,6 +13,15 @@
@@ -118,7 +154,7 @@ index cfdaec6f..88f9c765 100644
 
  /* Ordered compare of strings. Assumes string data is 4-byte aligned. */
 diff --git a/src/lj_strfmt.c b/src/lj_strfmt.c
-index 909255db..ef9bd4f9 100644
+index 0936298d..32e93c42 100644
 --- a/src/lj_strfmt.c
 +++ b/src/lj_strfmt.c
 @@ -99,6 +99,11 @@ retlit:

patches/puc-rio-lua.patch

@@ -1,5 +1,5 @@
 diff --git a/makefile b/makefile
-index 8674519f..17dabfa8 100644
+index 8674519f..e205ffa2 100644
 --- a/makefile
 +++ b/makefile
 @@ -39,7 +39,7 @@ CWARNSC= -Wdeclaration-after-statement \
@@ -11,11 +11,13 @@ index 8674519f..17dabfa8 100644
 
  # Some useful compiler options for internal tests:
  # -DLUAI_ASSERT turns on all assertions inside Lua.
-@@ -73,11 +73,11 @@ LOCAL = $(TESTS) $(CWARNS)
+@@ -72,12 +72,12 @@ LOCAL = $(TESTS) $(CWARNS)
+ # For C89, "-std=c89 -DLUA_USE_C89"
  # Note that Linux/Posix options are not compatible with C89
  MYCFLAGS= $(LOCAL) -std=c99 -DLUA_USE_LINUX
- MYLDFLAGS= -Wl,-E
+-MYLDFLAGS= -Wl,-E
 -MYLIBS= -ldl
++MYLDFLAGS= -Wl,-E -Wl,--whole-archive -Wl,--no-whole-archive
 +MYLIBS= -ldl $(LDFLAGS)
 
 
@@ -26,3 +28,17 @@ index 8674519f..17dabfa8 100644
  AR= ar rc
  RANLIB= ranlib
  RM= rm -f
+@@ -96,9 +96,12 @@ CORE_O=	lapi.o lcode.o lctype.o ldebug.o ldo.o ldump.o lfunc.o lgc.o llex.o \
+ AUX_O=	lauxlib.o
+ LIB_O=	lbaselib.o ldblib.o liolib.o lmathlib.o loslib.o ltablib.o lstrlib.o \
+	lutf8lib.o loadlib.o lcorolib.o linit.o
++ifneq ($(LF_PATH),)
++LF_O= $(shell find $(LF_PATH) -maxdepth 1 -name '*.o')
++endif
+
+ LUA_T=	lua
+-LUA_O=	lua.o
++LUA_O=	lua.o $(LF_O)
+
+
+ ALL_T= $(CORE_T) $(LUA_T)