search

rust-fuzz / cargo-fuzz

Command line helpers for fuzzing
https://rust-fuzz.github.io/book/cargo-fuzz.html
Apache License 2.0
1.53k stars 109 forks source link

macOS supported or not is unclear. #351

Closed cameronelliott closed 9 months ago

cameronelliott commented 9 months ago

I think this issue is still valid, libfuzzer says it only works on linux, yet it does work on macOS. This caused me to be confused about problems running cargo fuzz run were a fundamental libfuzzer issue with macOS, or a borked setup of my compiler. This can be closed

The libfuzzer README page says this libFuzzer relies on LLVM sanitizer support. The Rust compiler has built-in support for LLVM sanitizer support, for now, it's limited to Linux. As a result, libfuzzer-sys only works on Linux.

Yet, the cargo-fuzz README says this Note: libFuzzer needs LLVM sanitizer support, so this only works on x86-64 Linux, x86-64 macOS and Apple-Silicon (aarch64) macOS for now. Which sort of implies libfuzzer should work on macOS. (running cargo fuzz init creates a cargo.toml with libfuzzer-sys as a dependency)

My macOS fuzzing attempts are failing, but I don't know if it is due to libfuzzer-sys not working on macos, or whether I might have a borked llvm or headers install or something else.

Should I be able to get the fuzzing tutorial working on macos?

Here are the errors I get when trying to run cargo fuzz run fuzz_target_1

   Compiling libfuzzer-sys v0.4.7
The following warnings were emitted during compilation:

warning: libfuzzer-sys@0.4.7: In file included from libfuzzer/FuzzerLoop.cpp:11:
warning: libfuzzer-sys@0.4.7: In file included from libfuzzer/FuzzerCorpus.h:14:
warning: libfuzzer-sys@0.4.7: In file included from libfuzzer/FuzzerDataFlowTrace.h:31:
warning: libfuzzer-sys@0.4.7: In file included from libfuzzer/FuzzerDefs.h:15:
warning: libfuzzer-sys@0.4.7: /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/c++/v1/cstddef:50:9: error: no member named 'nullptr_t' in the global namespace
warning: libfuzzer-sys@0.4.7: using ::nullptr_t;
warning: libfuzzer-sys@0.4.7:       ~~^
warning: libfuzzer-sys@0.4.7: In file included from libfuzzer/FuzzerIOPosix.cpp:14:
warning: libfuzzer-sys@0.4.7: In file included from libfuzzer/FuzzerIO.h:14:
warning: libfuzzer-sys@0.4.7: In file included from libfuzzer/FuzzerDefs.h:15:
warning: libfuzzer-sys@0.4.7: /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/c++/v1/cstddef:50:9: error: no member named 'nullptr_t' in the global namespace
warning: libfuzzer-sys@0.4.7: using ::nullptr_t;
warning: libfuzzer-sys@0.4.7:       ~~^
warning: libfuzzer-sys@0.4.7: In file included from libfuzzer/FuzzerDataFlowTrace.cpp:11:
warning: libfuzzer-sys@0.4.7: In file included from libfuzzer/FuzzerDataFlowTrace.h:In file included from libfuzzer/FuzzerMutate.cpp:1131:
warning: libfuzzer-sys@0.4.7: In file included from libfuzzer/FuzzerDefs.h:15:
warning: libfuzzer-sys@0.4.7: /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/c++/v1/cstddef:50:9: error: no member named 'nullptr_t' in the global namespace
warning: libfuzzer-sys@0.4.7: :
warning: libfuzzer-sys@0.4.7: In file included from libfuzzer/FuzzerDefs.h:15:
warning: libfuzzer-sys@0.4.7: using ::nullptr_t;/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/c++/v1/cstddef
[cargo_fuzz_run_fuzz_target_log.txt](https://github.com/rust-fuzz/cargo-fuzz/files/13747206/cargo_fuzz_run_fuzz_target_log.txt)

[ LONG list of errors removed ]

Error: failed to build fuzz script: ASAN_OPTIONS="detect_odr_violation=0" RUSTFLAGS="-Cpasses=sancov-module -Cllvm-args=-sanitizer-coverage-level=4 -Cllvm-args=-sanitizer-coverage-inline-8bit-counters -Cllvm-args=-sanitizer-coverage-pc-table -Cllvm-args=-sanitizer-coverage-trace-compares --cfg fuzzing -Clink-dead-code -Zsanitizer=address -Cdebug-assertions -C codegen-units=1" "cargo" "build" "--manifest-path" "/Users/c/Documents/rsync/fuzztst2/fuzz/Cargo.toml" "--target" "x86_64-apple-darwin" "--release" "--bin" "fuzz_target_1"
cameronelliott commented 9 months ago

Here is the full log file in case a kind soul would look at it.

cargo_fuzz_run_fuzz_target_log.txt

cameronelliott commented 9 months ago

I will close this, the correct answer is to file and issue or make a PR on libfuzzer to remove the text saying "compatible with linux only"