Details
- Reviewers
ldionne - Group Reviewers
Restricted Project
Diff Detail
- Repository
- rG LLVM Github Monorepo
Event Timeline
libcxx/test/libcxx/fuzzing/unique.pass.cpp | ||
---|---|---|
1 | From https://buildkite.com/llvm-project/libcxx-ci/builds/27285#018908b8-92d3-42af-9094-090e2ac9773b: St11char_traitsIcESaIcEEE[_ZNK6fuzzer7Command12getFlagValueERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE]+0x2c9): undefined reference to `std::__throw_length_error(char const*)' /usr/bin/ld: (.text._ZNK6fuzzer7Command12getFlagValueERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE[_ZNK6fuzzer7Command12getFlagValueERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE]+0x2e1): undefined reference to `std::__throw_out_of_range_fmt(char const*, ...)' /usr/bin/ld: /usr/lib/llvm-17/lib/clang/17/lib/linux/libclang_rt.fuzzer-x86_64.a(FuzzerFork.cpp.o): in function `std::vector<unsigned long, std::allocator<unsigned long> >::insert(__gnu_cxx::__normal_iterator<unsigned long const*, std::vector<unsigned long, std::allocator<unsigned long> > >, unsigned long const&)': (.text._ZNSt6vectorImSaImEE6insertEN9__gnu_cxx17__normal_iteratorIPKmS1_EERS4_[_ZNSt6vectorImSaImEE6insertEN9__gnu_cxx17__normal_iteratorIPKmS1_EERS4_]+0x280): undefined reference to `std::__throw_length_error(char const*)' /usr/bin/ld: /usr/lib/llvm-17/lib/clang/17/lib/linux/libclang_rt.fuzzer-x86_64.a(FuzzerFork.cpp.o): in function `void std::vector<fuzzer::SizedFile, std::allocator<fuzzer::SizedFile> >::_M_realloc_insert<fuzzer::SizedFile const&>(__gnu_cxx::__normal_iterator<fuzzer::SizedFile*, std::vector<fuzzer::SizedFile, std::allocator<fuzzer::SizedFile> > >, fuzzer::SizedFile const&)': (.text._ZNSt6vectorIN6fuzzer9SizedFileESaIS1_EE17_M_realloc_insertIJRKS1_EEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_[_ZNSt6vectorIN6fuzzer9SizedFileESaIS1_EE17_M_realloc_insertIJRKS1_EEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_]+0xe9): undefined reference to `std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_create(unsigned long&, unsigned long)' /usr/bin/ld: ... So it turns out that on our CI machine (which runs Linux), /usr/lib/llvm-17/lib/clang/17/lib/linux/libclang_rt.fuzzer-x86_64.a has been compiled against libstdc++. I guess that's because compiler-rt is compiled against libstdc++ by default in LLVM releases. However, the result is that we can't use that part of compiler-rt with -nostdlib++. @kcc Did you folks think about a way that the stdlib itself could use fuzzing? Are we doing something fundamentally wrong, or do we need to basically build our own compiler-rt against libc++ in order to do this? |
libcxx/test/libcxx/fuzzing/unique.pass.cpp | ||
---|---|---|
1 | Other options:
|
libcxx/test/libcxx/fuzzing/unique.pass.cpp | ||
---|---|---|
1 | I went for just running it in the bootstrapping build for now. We can try to build compiler-rt everywhere later. |
libcxx/utils/libcxx/test/features.py | ||
---|---|---|
103–111 | ||
libcxx/utils/libcxx/test/format.py | ||
1 | You should take a look at libcxx/utils/ci/oss-fuzz.sh, it will need to be fixed. LIBCPP_OSS_FUZZ won't be needed anymore. | |
220–225 | Let's remove -O3. | |
221–223 | ||
377–380 | Let's not hardcode -O3 in fuzz tests. We should instead run the test suite with optimizations enabled when we mean to. And we should also run these fuzzing tests under OSS fuzz. | |
379 | Instead of introducing %{run_flags}, let's hardcode -max_total_time here in the test format. Eventually we might make it something we can customize via the lit config (globally) if there's a use case for it. Otherwise we're adding complexity (RUN_FLAGS: support) for a very tiny use case. |
Pretty much LGTM after applying feedback.
libcxx/utils/ci/run-buildbot | ||
---|---|---|
343 | Let's add - "**/crash-" to the artifacts paths in buildkite-pipeline.yml. Also we probably want to use a different crash file pattern like libcxx-fuzz-crash-XXXXXXXXXXXXXXXXX if that's possible. | |
libcxx/utils/libcxx/test/dsl.py | ||
208 | Let's add a docstring explaining what this does. | |
208–213 | This also means you're missing tests for this function. | |
libcxx/utils/libcxx/test/format.py | ||
379 | Let's also add a timeout for each function to execute, that way we won't blow up if calling e.g. std::regex with some crazy input leads to an infinite loop. |
libcxx/test/libcxx/selftest/fuzz.cpp/compile-error.fuzz.cpp | ||
---|---|---|
2 | Not attached: we should mark the tests that are failing right now as UNSUPPORTED temporarily and then we can enable them again as we fix those issues. Otherwise this review might be blocked for a long time. |
Thanks for working on this! Should we mention fuzzing on the libc++ contributing page. Until this patch I wasn't even aware we had a fuzzing framework. I would say that format should have fuzzing too, @philnik already asked about it, and I will do it.
I think we should first find out what we actually want to fuzz and how to properly do it before we mention anything on the contributing page. After all, these should be just additional coverage, not the main thing we use for testing.
Fair point. My general idea is to fuzz everything where the library acts on user defined input. I guess that is mainly parsers, where I consider format specifiers and regexes also parsing.
OSS-Fuzz pulls these fuzzing tests and runs them all the time.
If you move them, then you should update the settings at OSS-Fuzz.
Please add simple tests for compileAndRunSucceeds.