This is an archive of the discontinued LLVM Phabricator instance.

[clang-fuzzer] Allow building without coverage instrumentation.
ClosedPublic

Authored by morehouse on Oct 6 2017, 1:04 PM.

Diff Detail

Repository
rL LLVM

Event Timeline

morehouse created this revision.Oct 6 2017, 1:04 PM
morehouse edited the summary of this revision. (Show Details)Oct 6 2017, 1:07 PM
kcc edited edge metadata.Oct 6 2017, 1:13 PM

It's not about coverage instrumentation (not) being present, but about libFuzzer's main() being present, right?
Will we be able to reuse some of Justin's code instead of creating one more main() function?
Or, why not link with libFuzzer (-fsanitize=fuzzer at link time) even if we don't us einstrumentation at compile time?

In D38642#890963, @kcc wrote:

It's not about coverage instrumentation (not) being present, but about libFuzzer's main() being present, right?

Yes.

Will we be able to reuse some of Justin's code instead of creating one more main() function?

This reuses the code that Justin moved to FuzzMutate/FuzzerCLI. That's why the main is so short. But perhaps we could move the main itself into FuzzerCLI?

Or, why not link with libFuzzer (-fsanitize=fuzzer at link time) even if we don't us einstrumentation at compile time?

When I tried this, I got undefined references to all kinds of __sanitizer_cov_* symbols.

kcc added a comment.Oct 6 2017, 1:25 PM

Will we be able to reuse some of Justin's code instead of creating one more main() function?

This reuses the code that Justin moved to FuzzMutate/FuzzerCLI. That's why the main is so short. But perhaps we could move the main itself into FuzzerCLI?

Yes, having one common main makes sense, but see below.

Or, why not link with libFuzzer (-fsanitize=fuzzer at link time) even if we don't us einstrumentation at compile time?

When I tried this, I got undefined references to all kinds of __sanitizer_cov_* symbols.

I'd like to know more.
At least simple cases work fine:

clang++ ~/llvm/projects/compiler-rt/test/fuzzer/SimpleTest.cpp -std=c++11  -c && clang++ SimpleTest.o -fsanitize=fuzzer
In D38642#890969, @kcc wrote:

I'd like to know more.
At least simple cases work fine:

You're right. I was trying to add -fsanitize=fuzzer to CMAKE_CXX_FLAGS right before the link command, which was causing a later compilation to give the error. Setting CMAKE_EXE_LINKER_FLAGS seems to work though.

This seems simpler and cleaner than the approach @bogner took.

kcc added a comment.Oct 6 2017, 1:59 PM

We often suggest to code owners to implement their own dummy main to run fuzz targets as regression tests.
But for ourselves (LLVM) this recommendations makes less sense since libFuzzer is part of LLVM and we can use it's main directly.

morehouse updated this revision to Diff 118087.Oct 6 2017, 2:46 PM
  • Remove dummy main and link with -fsantize=fuzzer.
morehouse edited the summary of this revision. (Show Details)Oct 6 2017, 2:55 PM
kcc added a comment.Oct 6 2017, 2:57 PM

grrr. I am sorry, I've just contradicted myself. :(
The goal here is to build the fuzz targets always and use them as tests, which includes building with any toolchain, including toolchains that don't support -fsanitize=fuzzer....
your original change actually solved this.
If you can *easily* share main() with the one in LLVM -- do it, otherwise don't bother.

morehouse updated this revision to Diff 118097.Oct 6 2017, 3:32 PM
  • Revert "Remove dummy main and link with -fsantize=fuzzer."

conceptually ok, but please let Vitaly review the cmake part.

morehouse added a comment.EditedOct 6 2017, 3:35 PM
In D38642#891074, @kcc wrote:

If you can *easily* share main() with the one in LLVM -- do it, otherwise don't bother.

Does the fuzzer main come from LLVM or compiler-rt now? There's still FuzzerMain.cpp in LLVM, but I'm not sure if we should be using that or not.

kcc added a comment.Oct 6 2017, 5:02 PM
In D38642#891074, @kcc wrote:

If you can *easily* share main() with the one in LLVM -- do it, otherwise don't bother.

Does the fuzzer main come from LLVM or compiler-rt now? There's still FuzzerMain.cpp in LLVM, but I'm not sure if we should be using that or not.

Don't reuse FuzzerMain.cpp.
There is llvm/tools/llvm-isel-fuzzer/DummyISelFuzzer.cpp which your main() duplicates, but these are in different projects (llvm vs clang) so perhaps it's ok.

vitalybuka accepted this revision.Oct 10 2017, 10:34 AM
This revision is now accepted and ready to land.Oct 10 2017, 10:34 AM
morehouse edited the summary of this revision. (Show Details)Oct 10 2017, 10:40 AM
This revision was automatically updated to reflect the committed changes.