Closed alex closed 4 years ago
Yep, that is a pre-existing issue.
Lets see… do we have bors on this repo?
bors r+
Okay, we cannot land this without additional work. Attempting to fuzz with the newer versions of libFuzzer results in:
-fsanitize-coverage=trace-pc-guard is no longer supported by libFuzzer.
Please either migrate to a compiler that supports -fsanitize=fuzzer
or use an older version of libFuzzer
As far as I know rustc has not yet added support for fuzzer
sanitization.
Ahh, of course, I'd forgotten about that.
From what I can tell we just need to change the llvm flags that we pass in, but that will still need changes to cargo-fuzz
AFAIR
The painful bit is that we need some amount of synchronization here -- if we change just rustc or just libfuzzer-sys stuff is broken :-(
On Sun, Oct 20, 2019 at 11:31 AM Simonas Kazlauskas < notifications@github.com> wrote:
From what I can tell we just need to change the flags that we expect, but that will still need changes to cargo-fuzz AFAIK
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/rust-fuzz/libfuzzer-sys/pull/39?email_source=notifications&email_token=AAAAGBBXK2UOP4FN6DEMCJLQPR2UBA5CNFSM4JCUUWXKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEBYMWDI#issuecomment-544262925, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAAGBANONMVGN66DTOY2FDQPR2UBANCNFSM4JCUUWXA .
-- All that is necessary for evil to succeed is for good people to do nothing.
Actually, maybe no rustc changes required, since cargo-fuzz seems to just use -Cllvm-args
Yeah. I had succeeded in running with the following flags:
cargo rustc --release -- -Cpasses='sancov' \
-Cllvm-args=-sanitizer-coverage-level=4 \
-Cllvm-args=-sanitizer-coverage-trace-compares \
-Cllvm-args=-sanitizer-coverage-inline-8bit-counters \
-Cllvm-args=-sanitizer-coverage-stack-depth \
-Cllvm-args=-sanitizer-coverage-trace-geps \
-Cllvm-args=-sanitizer-coverage-prune-blocks=0 \
-Zsanitizer=address \
-Cpanic=abort
# -Cllvm-args=-sanitizer-coverage-pc-table \
pc-table
is something that clang enables but doesn’t work with rustc because of
ERROR: The size of coverage PC tables does not match the
number of instrumented PCs. This might be a compiler bug,
please contact the libFuzzer developers.
Also check https://bugs.llvm.org/show_bug.cgi?id=34636
for possible workarounds (tl;dr: don't use the old GNU ld)
@alex can you please adjust the travis scripts to these new flags and also open a PR against cargo-fuzz with a similar change? We can merge everything then.
I think upgrading dist
from trusty
to bionic
could also resolve the travis failures.
I think we only want stack-depth on Linux (per the comment in clang). Are you sure we want trace-geps and prune-blocks? Clang doesn't set either of those.
On Sun, Oct 20, 2019 at 11:40 AM Simonas Kazlauskas < notifications@github.com> wrote:
Yeah. I had succeeded in running with the following flags:
cargo rustc --release -- -Cpasses='sancov' \
-Cllvm-args=-sanitizer-coverage-level=4 \
-Cllvm-args=-sanitizer-coverage-trace-compares \
-Cllvm-args=-sanitizer-coverage-inline-8bit-counters \
-Cllvm-args=-sanitizer-coverage-stack-depth \
-Cllvm-args=-sanitizer-coverage-trace-geps \
-Cllvm-args=-sanitizer-coverage-prune-blocks=0 \
-Zsanitizer=address \
-Cpanic=abort
-Cllvm-args=-sanitizer-coverage-pc-table \
pc-table is something that clang enables but doesn’t work with rustc because of https://bugs.llvm.org/show_bug.cgi?id=34636.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/rust-fuzz/libfuzzer-sys/pull/39?email_source=notifications&email_token=AAAAGBCGGJKZXZTMQLVSPY3QPR3WZA5CNFSM4JCUUWXKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEBYM4SI#issuecomment-544263753, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAAGBEUPCG2S2MOHIWF4UTQPR3WZANCNFSM4JCUUWXA .
-- All that is necessary for evil to succeed is for good people to do nothing.
Build appears to be green now!
I'm working on the cargo-fuzz side now.
prune-blocks=0 disables pruning explicitly AFAIR, I don’t see any harm in enabling trace-geps. Everything else seemed to be specified by clang on at least x86-64:
# "/usr/bin/clang-8" "-cc1" "-triple" "x86_64-pc-linux-gnu" "-emit-obj" "-mrelax-all" "-disable-free" "-disable-llvm-verifier" "-discard-value-names" "-main-file-name" "test.c" "-mrelocation-model" "pic" "-pic-level" "2" "-pic-is-pie" "-mthread-model" "posix" "-mdisable-fp-elim" "-fmath-errno" "-masm-verbose" "-mconstructor-aliases" "-munwind-tables" "-fuse-init-array" "-target-cpu" "x86-64" "-dwarf-column-info" "-debugger-tuning=gdb" "-resource-dir" "/usr/lib/clang/8.0.0" "-internal-isystem" "/usr/local/include" "-internal-isystem" "/usr/lib/clang/8.0.0/include" "-internal-externc-isystem" "/include" "-internal-externc-isystem" "/usr/include" "-fdebug-compilation-dir" "/tmp" "-ferror-limit" "19" "-fmessage-length" "119" "-stack-protector" "2" "-fobjc-runtime=gcc" "-fdiagnostics-show-option" "-fcolor-diagnostics" "-o" "/tmp/test-5b81de.o" "-x" "c" "test.c" "-faddrsig"
https://github.com/llvm/llvm-project/blob/master/clang/lib/Driver/SanitizerArgs.cpp#L383-L388 is what I'm working from, fwiw
This PR includes both GEPs and prune-blocks.
bors r+
Looks like this isn't working due to https://github.com/rust-fuzz/cargo-fuzz/issues/161