This is an archive of the discontinued LLVM Phabricator instance.

Differential D37041

Update LLVM fuzzers to use the libFuzzer bundled with the compiler toolchain
ClosedPublic

Authored by george.karpenkov on Aug 22 2017, 5:28 PM.

Details

Reviewers
kcc
bogner
morehouse
vitalybuka
Commits
rG0ac90d3f78c2: Update LLVM fuzzers to use the libFuzzer bundled with the compiler toolchain
rL311515: Update LLVM fuzzers to use the libFuzzer bundled with the compiler toolchain
Summary

The only current downside is that on mac fuzzing only works when ASAN_OPTIONS=detect_container_overflow=0 is specified.
This happens as libFuzzer itself is not compiled with sanitization anymore.
I am working on a fix for that.

Diff Detail

Event Timeline

george.karpenkov created this revision.Aug 22 2017, 5:28 PM
Herald added subscribers: JDevlieghere, mgorny. · View Herald TranscriptAug 22 2017, 5:28 PM
george.karpenkov added inline comments.Aug 22 2017, 5:29 PM
cmake/modules/HandleLLVMOptions.cmake
667

This is important. Otherwise, libFuzzer dies with a message about inconsistent coverage annotation.

tools/llvm-dwarfdump/fuzzer/llvm-dwarfdump-fuzzer.cpp
39

Had to fix this file, otherwise wouldn't compile.

tools/llvm-mc-assemble-fuzzer/llvm-mc-assemble-fuzzer.cpp
12

No trivial path to it anymore, and unclear why it was included.

kcc accepted this revision.Aug 22 2017, 5:35 PM
kcc edited reviewers, added: morehouse, vitalybuka; removed: samsonov.

LGTM
Please don't add samsonov@ to reviews -- he has left the team :(
Please add morehouse@ and vitalybuka@ instead.

This revision is now accepted and ready to land.Aug 22 2017, 5:35 PM
vitalybuka accepted this revision.Aug 22 2017, 5:40 PM
Closed by commit rL311515: Update LLVM fuzzers to use the libFuzzer bundled with the compiler toolchain (authored by george.karpenkov). · Explain WhyAug 22 2017, 5:42 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
cmake/
modules/
2 lines
tools/
llvm-as-fuzzer/
7 lines
llvm-dwarfdump/
fuzzer/
6 lines
6 lines
llvm-mc-assemble-fuzzer/
9 lines
1 line
llvm-mc-disassemble-fuzzer/
9 lines
1 line

Diff 112267

cmake/modules/HandleLLVMOptions.cmake

Show First 20 LinesShow All 658 Lines▼ Show 20 Linesif(LLVM_USE_SANITIZER)
else() else()
message(FATAL_ERROR "LLVM_USE_SANITIZER is not supported on this platform.") message(FATAL_ERROR "LLVM_USE_SANITIZER is not supported on this platform.")
endif() endif()
if (LLVM_USE_SANITIZER MATCHES "(Undefined;)?Address(;Undefined)?") if (LLVM_USE_SANITIZER MATCHES "(Undefined;)?Address(;Undefined)?")
add_flag_if_supported("-fsanitize-address-use-after-scope" add_flag_if_supported("-fsanitize-address-use-after-scope"
FSANITIZE_USE_AFTER_SCOPE_FLAG) FSANITIZE_USE_AFTER_SCOPE_FLAG)
endif() endif()
if (LLVM_USE_SANITIZE_COVERAGE) if (LLVM_USE_SANITIZE_COVERAGE)
append("-fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp" CMAKE_C_FLAGS CMAKE_CXX_FLAGS) append("-fsanitize=fuzzer-no-link" CMAKE_C_FLAGS CMAKE_CXX_FLAGS)
george.karpenkovAuthorUnsubmitted
Not Done
ReplyInline Actions

This is important. Otherwise, libFuzzer dies with a message about inconsistent coverage annotation.

george.karpenkov: This is important. Otherwise, libFuzzer dies with a message about inconsistent coverage…
endif() endif()
endif() endif()
# Turn on -gsplit-dwarf if requested # Turn on -gsplit-dwarf if requested
if(LLVM_USE_SPLIT_DWARF) if(LLVM_USE_SPLIT_DWARF)
add_definitions("-gsplit-dwarf") add_definitions("-gsplit-dwarf")
endif() endif()
▲ Show 20 LinesShow All 139 LinesShow Last 20 Lines

tools/llvm-as-fuzzer/CMakeLists.txt

if( LLVM_USE_SANITIZE_COVERAGE ) if( LLVM_USE_SANITIZE_COVERAGE )
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=fuzzer")
set(LLVM_LINK_COMPONENTS set(LLVM_LINK_COMPONENTS
AsmParser AsmParser
BitWriter BitWriter
Core Core
Support Support
) )
add_llvm_tool(llvm-as-fuzzer add_llvm_tool(llvm-as-fuzzer
llvm-as-fuzzer.cpp) llvm-as-fuzzer.cpp)
target_link_libraries(llvm-as-fuzzer
LLVMFuzzer
)
endif() endif()

tools/llvm-dwarfdump/fuzzer/CMakeLists.txt

set(LLVM_LINK_COMPONENTS set(LLVM_LINK_COMPONENTS
DebugInfoDWARF DebugInfoDWARF
Object Object
Support Support
) )
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=fuzzer")
add_llvm_executable(llvm-dwarfdump-fuzzer add_llvm_executable(llvm-dwarfdump-fuzzer
EXCLUDE_FROM_ALL EXCLUDE_FROM_ALL
llvm-dwarfdump-fuzzer.cpp llvm-dwarfdump-fuzzer.cpp
) )
target_link_libraries(llvm-dwarfdump-fuzzer
LLVMFuzzer
)

tools/llvm-dwarfdump/fuzzer/llvm-dwarfdump-fuzzer.cpp

Show All 26 Linesextern "C" void LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
Expected<std::unique_ptr<ObjectFile>> ObjOrErr = Expected<std::unique_ptr<ObjectFile>> ObjOrErr =
ObjectFile::createObjectFile(Buff->getMemBufferRef()); ObjectFile::createObjectFile(Buff->getMemBufferRef());
if (auto E = ObjOrErr.takeError()) { if (auto E = ObjOrErr.takeError()) {
consumeError(std::move(E)); consumeError(std::move(E));
return; return;
} }
ObjectFile &Obj = *ObjOrErr.get(); ObjectFile &Obj = *ObjOrErr.get();
std::unique_ptr<DIContext> DICtx = DWARFContext::create(Obj); std::unique_ptr<DIContext> DICtx = DWARFContext::create(Obj);
DICtx->dump(nulls(), DIDT_All);
DIDumpOptions opts;
opts.DumpType = DIDT_All;
DICtx->dump(nulls(), opts);
george.karpenkovAuthorUnsubmitted
Not Done
ReplyInline Actions

Had to fix this file, otherwise wouldn't compile.

george.karpenkov: Had to fix this file, otherwise wouldn't compile.
} }

tools/llvm-mc-assemble-fuzzer/CMakeLists.txt

if( LLVM_USE_SANITIZE_COVERAGE ) if( LLVM_USE_SANITIZE_COVERAGE )
include_directories(BEFORE set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=fuzzer")
${CMAKE_CURRENT_SOURCE_DIR}/../../lib/Fuzzer)
set(LLVM_LINK_COMPONENTS set(LLVM_LINK_COMPONENTS
AllTargetsAsmPrinters AllTargetsAsmPrinters
AllTargetsAsmParsers AllTargetsAsmParsers
AllTargetsDescs AllTargetsDescs
AllTargetsInfos AllTargetsInfos
MC MC
MCParser MCParser
Support Support
) )
add_llvm_tool(llvm-mc-assemble-fuzzer add_llvm_tool(llvm-mc-assemble-fuzzer
llvm-mc-assemble-fuzzer.cpp) llvm-mc-assemble-fuzzer.cpp)
target_link_libraries(llvm-mc-assemble-fuzzer
LLVMFuzzer
)
endif() endif()

tools/llvm-mc-assemble-fuzzer/llvm-mc-assemble-fuzzer.cpp

//===--- llvm-mc-fuzzer.cpp - Fuzzer for the MC layer ---------------------===// //===--- llvm-mc-fuzzer.cpp - Fuzzer for the MC layer ---------------------===//
// //
// The LLVM Compiler Infrastructure // The LLVM Compiler Infrastructure
// //
// This file is distributed under the University of Illinois Open Source // This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details. // License. See LICENSE.TXT for details.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "FuzzerInterface.h"
george.karpenkovAuthorUnsubmitted
Not Done
ReplyInline Actions

No trivial path to it anymore, and unclear why it was included.

george.karpenkov: No trivial path to it anymore, and unclear why it was included.
#include "llvm-c/Target.h" #include "llvm-c/Target.h"
#include "llvm/MC/SubtargetFeature.h" #include "llvm/MC/SubtargetFeature.h"
#include "llvm/MC/MCAsmBackend.h" #include "llvm/MC/MCAsmBackend.h"
#include "llvm/MC/MCAsmInfo.h" #include "llvm/MC/MCAsmInfo.h"
#include "llvm/MC/MCContext.h" #include "llvm/MC/MCContext.h"
#include "llvm/MC/MCInstPrinter.h" #include "llvm/MC/MCInstPrinter.h"
#include "llvm/MC/MCInstrInfo.h" #include "llvm/MC/MCInstrInfo.h"
#include "llvm/MC/MCObjectFileInfo.h" #include "llvm/MC/MCObjectFileInfo.h"
▲ Show 20 LinesShow All 293 LinesShow Last 20 Lines

tools/llvm-mc-disassemble-fuzzer/CMakeLists.txt

if( LLVM_USE_SANITIZE_COVERAGE ) if( LLVM_USE_SANITIZE_COVERAGE )
include_directories(BEFORE
${CMAKE_CURRENT_SOURCE_DIR}/../../lib/Fuzzer)
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=fuzzer")
set(LLVM_LINK_COMPONENTS set(LLVM_LINK_COMPONENTS
AllTargetsAsmPrinters AllTargetsAsmPrinters
AllTargetsDescs AllTargetsDescs
AllTargetsDisassemblers AllTargetsDisassemblers
AllTargetsInfos AllTargetsInfos
MC MC
MCDisassembler MCDisassembler
MCParser MCParser
Support Support
) )
add_llvm_tool(llvm-mc-disassemble-fuzzer add_llvm_tool(llvm-mc-disassemble-fuzzer
llvm-mc-disassemble-fuzzer.cpp) llvm-mc-disassemble-fuzzer.cpp)
target_link_libraries(llvm-mc-disassemble-fuzzer
LLVMFuzzer
)
endif() endif()

tools/llvm-mc-disassemble-fuzzer/llvm-mc-disassemble-fuzzer.cpp

//===--- llvm-mc-fuzzer.cpp - Fuzzer for the MC layer ---------------------===// //===--- llvm-mc-fuzzer.cpp - Fuzzer for the MC layer ---------------------===//
// //
// The LLVM Compiler Infrastructure // The LLVM Compiler Infrastructure
// //
// This file is distributed under the University of Illinois Open Source // This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details. // License. See LICENSE.TXT for details.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "FuzzerInterface.h"
#include "llvm-c/Disassembler.h" #include "llvm-c/Disassembler.h"
#include "llvm-c/Target.h" #include "llvm-c/Target.h"
#include "llvm/MC/SubtargetFeature.h" #include "llvm/MC/SubtargetFeature.h"
#include "llvm/Support/CommandLine.h" #include "llvm/Support/CommandLine.h"
#include "llvm/Support/raw_ostream.h" #include "llvm/Support/raw_ostream.h"
using namespace llvm; using namespace llvm;
▲ Show 20 LinesShow All 123 LinesShow Last 20 Lines