Update libFuzzer to be from the 'release_90' branch

[alex]

Looks like this isn't working due to https://github.com/rust-fuzz/cargo-fuzz/issues/161

[nagisa]

Yep, that is a pre-existing issue.

[nagisa]

Lets see… do we have bors on this repo?

bors r+

[bors[bot]]

Build failed

• continuous-integration/travis-ci/push

[nagisa]

Okay, we cannot land this without additional work. Attempting to fuzz with the newer versions of libFuzzer results in:

-fsanitize-coverage=trace-pc-guard is no longer supported by libFuzzer.
Please either migrate to a compiler that supports -fsanitize=fuzzer
or use an older version of libFuzzer

As far as I know rustc has not yet added support for fuzzer sanitization.

[alex]

Ahh, of course, I'd forgotten about that.

[nagisa]

From what I can tell we just need to change the llvm flags that we pass in, but that will still need changes to cargo-fuzz AFAIR

[alex]

The painful bit is that we need some amount of synchronization here -- if we change just rustc or just libfuzzer-sys stuff is broken :-(

On Sun, Oct 20, 2019 at 11:31 AM Simonas Kazlauskas < notifications@github.com> wrote:

From what I can tell we just need to change the flags that we expect, but that will still need changes to cargo-fuzz AFAIK

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/rust-fuzz/libfuzzer-sys/pull/39?email_source=notifications&email_token=AAAAGBBXK2UOP4FN6DEMCJLQPR2UBA5CNFSM4JCUUWXKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEBYMWDI#issuecomment-544262925, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAAGBANONMVGN66DTOY2FDQPR2UBANCNFSM4JCUUWXA .

-- All that is necessary for evil to succeed is for good people to do nothing.

[alex]

Actually, maybe no rustc changes required, since cargo-fuzz seems to just use -Cllvm-args

[nagisa]

Yeah. I had succeeded in running with the following flags:

cargo rustc --release -- -Cpasses='sancov' \
-Cllvm-args=-sanitizer-coverage-level=4 \
-Cllvm-args=-sanitizer-coverage-trace-compares \
-Cllvm-args=-sanitizer-coverage-inline-8bit-counters \
-Cllvm-args=-sanitizer-coverage-stack-depth \
-Cllvm-args=-sanitizer-coverage-trace-geps \
-Cllvm-args=-sanitizer-coverage-prune-blocks=0 \
-Zsanitizer=address \
-Cpanic=abort

# -Cllvm-args=-sanitizer-coverage-pc-table \

pc-table is something that clang enables but doesn’t work with rustc because of

ERROR: The size of coverage PC tables does not match the
number of instrumented PCs. This might be a compiler bug,
please contact the libFuzzer developers.
Also check https://bugs.llvm.org/show_bug.cgi?id=34636
for possible workarounds (tl;dr: don't use the old GNU ld)

[nagisa]

@alex can you please adjust the travis scripts to these new flags and also open a PR against cargo-fuzz with a similar change? We can merge everything then.

[nagisa]

I think upgrading dist from trusty to bionic could also resolve the travis failures.

[alex]

I think we only want stack-depth on Linux (per the comment in clang). Are you sure we want trace-geps and prune-blocks? Clang doesn't set either of those.

On Sun, Oct 20, 2019 at 11:40 AM Simonas Kazlauskas < notifications@github.com> wrote:

Yeah. I had succeeded in running with the following flags:

cargo rustc --release -- -Cpasses='sancov' \

-Cllvm-args=-sanitizer-coverage-level=4 \

-Cllvm-args=-sanitizer-coverage-trace-compares \

-Cllvm-args=-sanitizer-coverage-inline-8bit-counters \

-Cllvm-args=-sanitizer-coverage-stack-depth \

-Cllvm-args=-sanitizer-coverage-trace-geps \

-Cllvm-args=-sanitizer-coverage-prune-blocks=0 \

-Zsanitizer=address \

-Cpanic=abort

-Cllvm-args=-sanitizer-coverage-pc-table \

pc-table is something that clang enables but doesn’t work with rustc because of https://bugs.llvm.org/show_bug.cgi?id=34636.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/rust-fuzz/libfuzzer-sys/pull/39?email_source=notifications&email_token=AAAAGBCGGJKZXZTMQLVSPY3QPR3WZA5CNFSM4JCUUWXKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEBYM4SI#issuecomment-544263753, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAAGBEUPCG2S2MOHIWF4UTQPR3WZANCNFSM4JCUUWXA .

-- All that is necessary for evil to succeed is for good people to do nothing.

[alex]

Build appears to be green now!

[alex]

I'm working on the cargo-fuzz side now.

[nagisa]

prune-blocks=0 disables pruning explicitly AFAIR, I don’t see any harm in enabling trace-geps. Everything else seemed to be specified by clang on at least x86-64:

# "/usr/bin/clang-8" "-cc1" "-triple" "x86_64-pc-linux-gnu" "-emit-obj" "-mrelax-all" "-disable-free" "-disable-llvm-verifier" "-discard-value-names" "-main-file-name" "test.c" "-mrelocation-model" "pic" "-pic-level" "2" "-pic-is-pie" "-mthread-model" "posix" "-mdisable-fp-elim" "-fmath-errno" "-masm-verbose" "-mconstructor-aliases" "-munwind-tables" "-fuse-init-array" "-target-cpu" "x86-64" "-dwarf-column-info" "-debugger-tuning=gdb" "-resource-dir" "/usr/lib/clang/8.0.0" "-internal-isystem" "/usr/local/include" "-internal-isystem" "/usr/lib/clang/8.0.0/include" "-internal-externc-isystem" "/include" "-internal-externc-isystem" "/usr/include" "-fdebug-compilation-dir" "/tmp" "-ferror-limit" "19" "-fmessage-length" "119" "-stack-protector" "2" "-fobjc-runtime=gcc" "-fdiagnostics-show-option" "-fcolor-diagnostics" "-o" "/tmp/test-5b81de.o" "-x" "c" "test.c" "-faddrsig"

[alex]

https://github.com/llvm/llvm-project/blob/master/clang/lib/Driver/SanitizerArgs.cpp#L383-L388 is what I'm working from, fwiw

[alex]

This PR includes both GEPs and prune-blocks.

[nagisa]

bors r+

[bors[bot]]

Build succeeded

• continuous-integration/travis-ci/push