[llvm-dev] Building LLVM's fuzzers (original) (raw)

George Karpenkov via llvm-dev llvm-dev at lists.llvm.org
Thu Aug 24 14:37:31 PDT 2017

OK so with Kuba’s help I’ve found the error: with optimization, dead stripping of produced libraries is enabled, which removes coverage instrumentation.

However, this has nothing to do with the move to compiler-rt, so I’m quite skeptical on whether it has worked beforehand.

A trivial fix is to do:

diff --git a/cmake/modules/HandleLLVMOptions.cmake b/cmake/modules/HandleLLVMOptions.cmake index 04596a6ff63..5465d8d95ba 100644 --- a/cmake/modules/HandleLLVMOptions.cmake +++ b/cmake/modules/HandleLLVMOptions.cmake @@ -665,6 +665,9 @@ if(LLVM_USE_SANITIZER) endif() if (LLVM_USE_SANITIZE_COVERAGE) append("-fsanitize=fuzzer-no-link" CMAKE_C_FLAGS CMAKE_CXX_FLAGS) +

endif() endif()

Any arguments against that?

Apparently, a better way is to follow ASAN instrumentation pass, which uses some magic to protect against dead-stripping.

On Aug 24, 2017, at 11:29 AM, Justin Bogner <mail at justinbogner.com> wrote:

(kcc, george: sorry for the re-send, the first was from a non-list email address) My configuration for building the fuzzers in the LLVM tree doesn't seem to work any more (possibly as of moving libFuzzer to compiler-rt, but there have been a few other changes in the last week or so that may be related). I'm building with a fresh top-of-tree clang and setting -DLLVMUSESANITIZER=Address and -DLLVMUSESANITIZECOVERAGE=On, which was working before: _% cmake -GNinja _ _-DCMAKEBUILDTYPE=Release -DLLVMENABLEASSERTIONS=On _ _-DLLVMENABLEWERROR=On _ _-DLLVMUSESANITIZER=Address -DLLVMUSESANITIZECOVERAGE=On _ _-DCMAKECCOMPILER=$HOME/llvm-lkgc/bin/clang _ $HOME/code/llvm-src But when I run any of the fuzzers, it looks like the sanitizer coverage hasn't been set up correctly: % ./bin/llvm-as-fuzzer 2017-08-24 11:14:33 INFO: Seed: 4089166883 INFO: Loaded 1 modules (50607 guards): 50607 [0x10e14ef80, 0x10e18063c), INFO: Loaded 1 PC tables (0 PCs): 0 [0x10e2870a8,0x10e2870a8), ERROR: The size of coverage PC tables does not match the number of instrumented PCs. This might be a bug in the compiler, please contact the libFuzzer developers. From the build logs, it looks like we're now building objects with these sanitizer flags: -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link We're then linking the fuzzer binaries with these: -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link -fsanitize=fuzzer Any idea what's wrong or where to start looking?

More information about the llvm-dev mailing list