search

rust-fuzz / libfuzzer

Rust bindings and utilities for LLVM’s libFuzzer
Apache License 2.0
210 stars 44 forks source link

Optionally use a custom libFuzzer.a archive #27

Closed deweerdt closed 7 years ago

deweerdt commented 7 years ago

Tweak build.rs so that it's possible to use a custom libFuzzer.a archive. This is necessary when using OSS-Fuzz (https://github.com/google/oss-fuzz): the build system has to link with the libFuzzer provided by the LIB_FUZZING_ENGINE environment variable (see https://github.com/google/oss-fuzz/blob/master/docs/new_project_guide.md)

frewsxcv commented 7 years ago

oh wow, this is great! i've been meaning to get this working on libfuzzer oss-fuzz. these changes look good to me. @nagisa @Manishearth any thoughts?

Manishearth commented 7 years ago

r? @nagisa

overall lgtm

nagisa commented 7 years ago

Oh, also, I’ve experimented a number of times with upgrading our libFuzzer before but the newer versions of the fuzzer simply do not work. I have a variety reasons in mind why this could happen but never bothered investigating it further. Seems fairly plausible that anybody using this feature (even oss-fuzz) could hit the same issue.

deweerdt commented 7 years ago

Thank you for your review, @nagisa. I believe that 9ba1905 addresses all your comments so far.

I hope it is pretty obvious that using CUSTOM_LIBFUZZER_PATH will come with no stability guarantees or support whatsoever.

It's clear to me.

Oh, also, I’ve experimented a number of times with upgrading our libFuzzer before but the newer versions of the fuzzer simply do not work.

I've managed to use the current tip of libFuzzer, but for that I had to patch cargo-fuzz with this:

diff --git a/src/main.rs b/src/main.rs
index b8b069e..52b5204 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -221,7 +221,8 @@ impl FuzzProject {
         let other_flags = env::var("RUSTFLAGS").unwrap_or_default();
         let mut rustflags: String = format!(
             "-Cpasses=sancov \
-             -Cllvm-args=-sanitizer-coverage-level=3 \
+             -Cllvm-args=-sanitizer-coverage-level=4 \
+             -Cllvm-args=-sanitizer-coverage-trace-pc \
              -Zsanitizer={sanitizer} \
              -Cpanic=abort",
             sanitizer = sanitizer,
nagisa commented 7 years ago

@deweerdt thanks!

You want to send patch to cargo-fuzz as well?

bors r+

bors[bot] commented 7 years ago

:lock: Permission denied

deweerdt commented 7 years ago

Thanks for the merge!

You want to send patch to cargo-fuzz as well?

Done here: https://github.com/rust-fuzz/cargo-fuzz/pull/118