New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migrate coverage to trace-pc-guard #84
Comments
expat fuzzer crashes with:
|
how can I reproduce it? (w/o docker, please) |
Sure. From the full output of the above (https://gist.github.com/mikea/90a119db04ab54aef09b26ec9ce5aa38) and expat build scrtipt (https://github.com/google/oss-fuzz/blob/master/targets/expat/build.sh): # build libfuzzer
clang++ -g -stdlib=libc++ -std=c++11 -fsanitize=address -c /src/libfuzzer/FuzzerCrossOver.cpp /src/libfuzzer/FuzzerDriver.cpp /src/libfuzzer/FuzzerExtFunctionsDlsym.cpp /src/libfuzzer/FuzzerExtFunctionsWeak.cpp /src/libfuzzer/FuzzerIO.cpp /src/libfuzzer/FuzzerLoop.cpp /src/libfuzzer/FuzzerMain.cpp /src/libfuzzer/FuzzerMutate.cpp /src/libfuzzer/FuzzerSHA1.cpp /src/libfuzzer/FuzzerTracePC.cpp /src/libfuzzer/FuzzerTraceState.cpp /src/libfuzzer/FuzzerUtil.cpp /src/libfuzzer/FuzzerUtilDarwin.cpp /src/libfuzzer/FuzzerUtilLinux.cpp -I/src/libfuzzer
ar ruv /usr/lib/libfuzzer.a /work/libfuzzer/FuzzerCrossOver.o /work/libfuzzer/FuzzerDriver.o /work/libfuzzer/FuzzerExtFunctionsDlsym.o /work/libfuzzer/FuzzerExtFunctionsWeak.o /work/libfuzzer/FuzzerIO.o /work/libfuzzer/FuzzerLoop.o /work/libfuzzer/FuzzerMain.o /work/libfuzzer/FuzzerMutate.o /work/libfuzzer/FuzzerSHA1.o /work/libfuzzer/FuzzerTracePC.o /work/libfuzzer/FuzzerTraceState.o /work/libfuzzer/FuzzerUtil.o /work/libfuzzer/FuzzerUtilDarwin.o /work/libfuzzer/FuzzerUtilLinux.o
export 'CFLAGS=-g -fsanitize=address -fsanitize-coverage=trace-pc-guard'
export 'CXXFLAGS=-g -fsanitize=address -fsanitize-coverage=trace-pc-guard -stdlib=libc++'
export 'CC=clang'
export 'CXX=clang++'
export 'FUZZER_LDFLAGS=-Wl,-whole-archive /usr/local/lib/libc++.a /usr/local/lib/libc++abi.a -Wl,-no-whole-archive'
# build expat
cd /src/expat/expat
./buildconf.sh
./configure
make clean
make -j$(nproc) all
$CXX $CXXFLAGS -std=c++11 -Ilib/ \
/src/parse_fuzzer.cc -o /out/parse_fuzzer \
-lfuzzer .libs/libexpat.a $FUZZER_LDFLAGS |
fixed in LLVM r287030. You'll need to update the compiler now... |
…ds (reported in google/oss-fuzz#84) git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@287030 91177308-0d34-0410-b5e6-96231b3b80d8
…ds (reported in google/oss-fuzz#84) git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@287030 91177308-0d34-0410-b5e6-96231b3b80d8
…ds (reported in google/oss-fuzz#84) git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@287030 91177308-0d34-0410-b5e6-96231b3b80d8
also don't forget to add trace-cmp |
Just to clarify: trace-pc-guard actually requires some work on the sanitizers' side and I want us first to switch to trace-pc-guard. Then, separately (in a few days), I want to also enable trace-cmp. |
(moving discussion from email thread). Latest status: It looks like the coverage dumped by -dump_coverage=1 doesn't work with the sancov tool.
|
The last problem should be fixed with llvm-mirror/llvm@5699207 Let's recheck it tomorrow. |
Thanks Mike! Looks like sancov is working now with the coverage: |
Replace
COV_FLAGS
with-fsanitize-coverage=trace-pc-guard
.Easy test:
The text was updated successfully, but these errors were encountered: