oss-fuzz icon indicating copy to clipboard operation
oss-fuzz copied to clipboard
verified publisher icon google

Upgrade to Go 1.20

Open clfs opened this issue 2 years ago • 9 comments

This PR is meant to address issue https://github.com/google/oss-fuzz/issues/9949.

install_go.sh says it downloads and installs the latest stable Go, but it uses Go 1.19 instead.

https://github.com/google/oss-fuzz/blob/c9e3a82e3dc1c7142bbff53cdf1eb6dce07d776d/infra/base-images/base-runner/install_go.sh#L22-L25

We should either use Go 1.20 (the latest stable Go at time of writing) or remove the misleading comment.

clfs avatar Mar 19 '23 04:03 clfs

/gcbrun trial_build.py go

jonathanmetzman avatar Mar 20 '23 15:03 jonathanmetzman

This breaks a bunch of projects. here's a representative example, loki:

Step #19 - "compile-libfuzzer-address-x86_64": Running go-fuzz -tags gofuzz -func FuzzParseExpr -o fuzz_parse_expr.a github.com/grafana/loki/pkg/logql/syntax
Step #19 - "compile-libfuzzer-address-x86_64": /usr/bin/ld: /usr/bin/ld: DWARF error: invalid or unhandled FORM value: 0x25
Step #19 - "compile-libfuzzer-address-x86_64": fuzz_parse_expr.a(000020.o): in function `_cgo_cbcce81e6342_C2func_res_search':
Step #19 - "compile-libfuzzer-address-x86_64": cgo_unix_cgo_res.cgo2.c:(.text+0x32): undefined reference to `__res_search'
Step #19 - "compile-libfuzzer-address-x86_64": /usr/bin/ld: fuzz_parse_expr.a(000020.o): in function `_cgo_cbcce81e6342_Cfunc_res_search':
Step #19 - "compile-libfuzzer-address-x86_64": cgo_unix_cgo_res.cgo2.c:(.text+0x81): undefined reference to `__res_search'
Step #19 - "compile-libfuzzer-address-x86_64": clang-15: error: linker command failed with exit code 1 (use -v to see invocation)

jonathanmetzman avatar Mar 20 '23 22:03 jonathanmetzman

@jonathanmetzman Thanks for checking. In that case, I'll just install Go 1.20 over the version that gcr.io/oss-fuzz-base/base-builder-go:v1 provides.

OSS-Fuzz's upgrade to Go 1.19 seemed pretty straightforward, so I'm not sure what changed this time around.

clfs avatar Mar 21 '23 18:03 clfs

Looks like others have encountered this @DavidKorczynski (see https://github.com/containerd/containerd/pull/8103#issuecomment-1429256152)

jonathanmetzman avatar Mar 21 '23 19:03 jonathanmetzman

@AdamKorcz can you assist here? Is it that some projects aren't 1.20 ready yet or should we be able to upgrade this without disabling projects?

DavidKorczynski avatar Mar 21 '23 19:03 DavidKorczynski

@clfs did you test this on a number of OSS-Fuzz projects? If so, how many approximately? By default not all go projects are bumped to 1.20 and each project will individually have to resolve some things to be compatible with this change.

DavidKorczynski avatar Mar 28 '23 20:03 DavidKorczynski

@DavidKorczynski Yes, but only go-json-iterator and protoreflect, so definitely not thorough on my part. Sorry!

I can look through the incompatible projects and put out Go 1.20 upgrade PRs for a few.

clfs avatar Mar 31 '23 01:03 clfs

We bumped as requested by @clfs the Go version, but it looks like that broke our build as gcr.io/oss-fuzz-base/base-builder-go:latest only has go1.19 and we are trying to go mod tidy and we get:

Step #3 - "compile-libfuzzer-address-x86_64": + go mod tidy
Step #3 - "compile-libfuzzer-address-x86_64": go: go.mod file indicates go 1.20, but maximum version supported by tidy is 1.19
Step #3 - "compile-libfuzzer-address-x86_64": ********************************************************************************
Step #3 - "compile-libfuzzer-address-x86_64": Failed to build.

phisco avatar Apr 06 '23 10:04 phisco

@DavidKorczynski Do you know where this stand now that go 1.21 is out ? For info, ngolo-fuzzing is broken cf https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60807 with some message building_Go_requires_Go_1_20_6_or_later

catenacyber avatar Sep 06 '23 12:09 catenacyber