Message ID | pull.889.git.1614514959347.gitgitgadget@gmail.com (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | Update 'make fuzz-all' docs to reflect modern clang | expand |
On 2021.02.28 12:22, Andrzej Hunt via GitGitGadget wrote: > From: Andrzej Hunt <ajrhunt@google.com> > > Clang no longer produces a libFuzzer.a, instead you can include > libFuzzer by using -fsanitize=fuzzer. Therefore we should use > that in the example command for building fuzzers. > > I happen to have tested with LLVM 11 - however -fsanitize=fuzzer appears to > work in a wide range of reasonably modern clangs. > > (On my system what used to be libFuzzer.a now lives under the following path, > which is tricky albeit not impossible for a novice such as myself to find: > /usr/lib64/clang/11.0.0/lib/linux/libclang_rt.fuzzer-x86_64.a ) > > Signed-off-by: Andrzej Hunt <ajrhunt@google.com> > --- > Update 'make fuzz-all' docs to reflect modern clang > > I would like to update the examples for 'make fuzz-all' to make it > easier to build fuzzers locally. > > This change should make it easier for the uninitiated to build fuzzers > locally without first having to figure out what LIB_FUZZING_ENGINE is > for. > > ATB, Andrzej Thanks for taking a look at this! This looked correct to me, but when I tried to run the fuzzers I got an error about "-fsanitize-coverage=trace-pc-guard" not being supported any longer. Looking at the LLVM 11.0.0 docs [1], I see that it recommends using "-fsanitize=fuzzer-no-link" instead (the "-no-link" is because we're also building executables that have their own main()). So we'd also want to change CFLAGS to "-fsanitize=fuzzer-no-link,address". [1]: https://releases.llvm.org/11.0.0/docs/LibFuzzer.html#fuzzer-usage
On 01/03/2021 23:39, Josh Steadmon wrote: > Thanks for taking a look at this! This looked correct to me, but when I > tried to run the fuzzers I got an error about > "-fsanitize-coverage=trace-pc-guard" not being supported any longer. Oops, I realised I was accidentally using clang 7 (instead of 11) locally. I can reproduce the same error with my copy of clang-11. Thanks for catching this! > Looking at the LLVM 11.0.0 docs [1], I see that it recommends using > "-fsanitize=fuzzer-no-link" instead (the "-no-link" is because we're > also building executables that have their own main()). > > So we'd also want to change CFLAGS to > "-fsanitize=fuzzer-no-link,address". I will fix this too! I suspect that when I built without fuzzer-no-link, the fuzzer binaries included libFuzzer, but were missing whatever fuzzing-related instrumentation clang should have added. (Fortunately oss-fuzz seems to be adding this to the CFLAGS automatically [1].) [1] https://oss-fuzz-build-logs.storage.googleapis.com/log-74f40f33-f384-475b-b141-0e44afb272f5.txt
diff --git a/Makefile b/Makefile index 9b1bde2e0e64..9f8f459f87b4 100644 --- a/Makefile +++ b/Makefile @@ -3291,11 +3291,11 @@ cover_db_html: cover_db # are not necessarily appropriate for general builds, and that vary greatly # depending on the compiler version used. # -# An example command to build against libFuzzer from LLVM 4.0.0: +# An example command to build against libFuzzer from LLVM 11.0.0: # # make CC=clang CXX=clang++ \ # CFLAGS="-fsanitize-coverage=trace-pc-guard -fsanitize=address" \ -# LIB_FUZZING_ENGINE=/usr/lib/llvm-4.0/lib/libFuzzer.a \ +# LIB_FUZZING_ENGINE=-fsanitize=fuzzer \ # fuzz-all # FUZZ_CXXFLAGS ?= $(CFLAGS)