Closed frewsxcv closed 7 years ago
I looked into this tonight briefly. For reference:
I understand how to do all these steps except for the first one. If anyone knows how to compile the fuzz target with sanitization into an object file, please share
I assume it's just a matter of passing the -fsanitize argument via -Cllvm-args and then using the regular rust commands for making object files?
Oh, wait, this is libfuzzer. Unsure why libfuzzer-sys needs support for this, I'd assume cargo fuzz is what would drive this.
Fuzzing with libfuzzer already builds stuff with sancov enabled.
On Feb 22, 2017 7:52 AM, "Manish Goregaokar" notifications@github.com wrote:
Oh, wait, this is libfuzzer. Unsure why libfuzzer-sys needs support for this, I'd assume cargo fuzz is what would drive this.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/rust-fuzz/libfuzzer-sys/issues/5#issuecomment-281576583, or mute the thread https://github.com/notifications/unsubscribe-auth/AApc0lRfKHAsNtN0IVO41N-JcI_7OxLtks5re80SgaJpZM4MGgHa .
Unsure why libfuzzer-sys needs support for this, I'd assume cargo fuzz is what would drive this.
Yeah, this is right. Most of the changes will probably happen in cargo-fuzz. Though, these instructions indicate that we need to build an object file of the fuzz target, which might involve changes to this crate?
I don't see how this crate should be affected. libFuzzer is an alternate to AFL, it doesn't "work with AFL", to the best of my knowledge. You'd need to perhaps write similar bindings, or have cargo-fuzz pass down similar flags, but it's still different.
http://llvm.org/docs/LibFuzzer.html#afl-compatibility
Not sure how easy this is, but it would be nice. Then afl.rs could use this.