GCOV instrumentation `.gcda` fails when run by atheris

google / atheris

Apache License 2.0

1.38k stars 111 forks source link

GCOV instrumentation `.gcda` fails when run by atheris #42

Open ganler opened 2 years ago

ganler commented 2 years ago

We found that:

A Python library whose kernel is implemented in C/C++ with GCOV instrumentation;
Running it natively produces the coverage data .gcda;
Running it with Atheris will not produce the coverage .gcda;

Since atheris is a fuzzing tool and coverage information is very important as feedback, can we somehow try to support having dumped .gcda while running atheris? Thanks!

The re-producible is shown here:

https://colab.research.google.com/drive/1LQ69TIQqDZeuSC7FYOQxnAIGAwNFNQ6P?usp=sharing

AidenRHall commented 2 years ago

Thanks for bringing this to our attention. I was able to reproduce this issue locally, and although I haven't fully root caused the issue, it does look like moving the call to LoadLibrary into the with atheris.instrument_imports() statement solves this issue on my machine. Can you confirm?

ganler commented 2 years ago

Hi @AidenRHall , thanks for the attention!

Using:

import atheris

with atheris.instrument_imports():
    import sys
    from ctypes import cdll

    libfoo = cdll.LoadLibrary("./libfoo.so")

def TestOneInput(data):
    print(f"libfoo.foo(1) = {libfoo.foo(1)}")
    print(f"libfoo.foo(2) = {libfoo.foo(2)}")
    print(f"libfoo.foo(3) = {libfoo.foo(3)}")
    print(f"libfoo.foo(4) = {libfoo.foo(4)}")
    print(f"libfoo.foo(len(data)) = {len(data)}")

def main():
    atheris.Setup(sys.argv, TestOneInput)
    atheris.Fuzz()

if __name__ == "__main__":
    main()

I still cannot get coverage info (even I tried LLVM-COV more than GCOV).