fix

[vanhauser-thc]

that PR was too early accepted :)

I tried to get LTO working (because that is what is comparable to honggfuzz), but the target build is pretty abstracted and therefore difficult to built for that. that mode would be much better than plain afl++ with afl-clang-fast.

[vanhauser-thc]

this is now ready to land

[hazimeh]

@vanhauser-thc How would you recommend addressing the AFL_LLVM_MAP_DYNAMIC=1 issue? PHP has functions with __attribute__((ifunc("resolver"))) which are resolved at load-time by calling resolver(), resulting in the program crashing. According to the README.lto, OpenSSL displays such behavior as well.

Would you suggest adding a special case for these targets in the fuzzer's instrument.sh?
Would it be too much of a slowdown if AFL_LLVM_MAP_DYNAMIC=1 was applied to all targets?

[vanhauser-thc]

with the state of the repo I could only build one target, the others had bugs due to the patching of the bugs not making the target compilable for any fuzzer.
So for this reason I sadly could not test which other benchmarks would fail ... yeah if others have problems then just setting AFL_LLVM_MAP_DYNAMIC=1 for all would be the easy solution.

ah it is the ifunc attribute that causes the issues. (but maybe there are others than that and earlier constructors).
the ifunc attribute is actually something I can check for during instrumentation and abort compilation if found. good to know, thats for my todo list.

[hazimeh]

The master branch does not anchor targets, so their source code changes and breaks patches constantly.
To build Magma, checkout the targets/ dir from the v1.0 branch:
git checkout v1.0 -- targets/
Then all patches should apply.