This is an archive of the discontinued LLVM Phabricator instance.

Differential D38864

[Sanitizers] By default build libFuzzer with frame pointers.
ClosedPublic

Authored by alekseyshl on Oct 12 2017, 4:35 PM.

Details

Reviewers
eugenis
vitalybuka
Summary

Lacking frame pointers, sanitized fuzzers collect bogus stack
traces and the set of stack traces grows indefinitely, leading to OOMs.

Diff Detail

Event Timeline

alekseyshl created this revision.Oct 12 2017, 4:35 PM
Harbormaster completed remote builds in B11118: Diff 118860.Oct 12 2017, 4:35 PM
Herald added a subscriber: mgorny. · View Herald TranscriptOct 12 2017, 4:35 PM
vitalybuka accepted this revision.Oct 12 2017, 4:40 PM
This revision is now accepted and ready to land.Oct 12 2017, 4:40 PM
eugenis added inline comments.Oct 12 2017, 4:47 PM
lib/fuzzer/CMakeLists.txt
35

COMPILER_RT_LIBFUZZER_OMIT_FRAME_POINTER - why is it needed? We don't have a similar escape hatch for every other compiler option, why start now?

alekseyshl added inline comments.Oct 12 2017, 5:01 PM
lib/fuzzer/CMakeLists.txt
35

If your fuzz target is going to be built with no sanitizers, why would you need frame pointers? Or you think it's excessive and frame pointers are not a big deal to always have them?

eugenis added inline comments.Oct 12 2017, 5:05 PM
lib/fuzzer/CMakeLists.txt
35

No one really does that, I hope.
Also, libfuzzer is now part of the toolchain, and people building fuzz targets don't rebuild it.

alekseyshl updated this revision to Diff 118864.Oct 12 2017, 5:08 PM
  • Always build libFuzzer with frame pointers
alekseyshl marked an inline comment as done.Oct 12 2017, 5:08 PM
alekseyshl closed this revision.Oct 16 2017, 10:05 AM

rL315770

Revision Contents

PathSize
lib/
fuzzer/
2 lines

Diff 118864

lib/fuzzer/CMakeLists.txt

Show All 26 LinesCHECK_CXX_SOURCE_COMPILES("
static thread_local int blah; static thread_local int blah;
int main() { int main() {
return 0; return 0;
} }
" HAS_THREAD_LOCAL) " HAS_THREAD_LOCAL)
set(LIBFUZZER_CFLAGS ${SANITIZER_COMMON_CFLAGS}) set(LIBFUZZER_CFLAGS ${SANITIZER_COMMON_CFLAGS})
append_list_if(COMPILER_RT_HAS_OMIT_FRAME_POINTER_FLAG -fno-omit-frame-pointer LIBFUZZER_CFLAGS)
eugenisUnsubmitted
Not Done
ReplyInline Actions

COMPILER_RT_LIBFUZZER_OMIT_FRAME_POINTER - why is it needed? We don't have a similar escape hatch for every other compiler option, why start now?

eugenis: COMPILER_RT_LIBFUZZER_OMIT_FRAME_POINTER - why is it needed? We don't have a similar escape…
alekseyshlAuthorUnsubmitted
Not Done
ReplyInline Actions

If your fuzz target is going to be built with no sanitizers, why would you need frame pointers? Or you think it's excessive and frame pointers are not a big deal to always have them?

alekseyshl: If your fuzz target is going to be built with no sanitizers, why would you need frame pointers?
eugenisUnsubmitted
Done
ReplyInline Actions

No one really does that, I hope.
Also, libfuzzer is now part of the toolchain, and people building fuzz targets don't rebuild it.

eugenis: No one really does that, I hope. Also, libfuzzer is now part of the toolchain, and people…
if (CMAKE_CXX_FLAGS MATCHES "fsanitize-coverage") if (CMAKE_CXX_FLAGS MATCHES "fsanitize-coverage")
list(APPEND LIBFUZZER_CFLAGS -fno-sanitize-coverage=trace-pc-guard,edge,trace-cmp,indirect-calls,8bit-counters) list(APPEND LIBFUZZER_CFLAGS -fno-sanitize-coverage=trace-pc-guard,edge,trace-cmp,indirect-calls,8bit-counters)
endif() endif()
if(NOT HAS_THREAD_LOCAL) if(NOT HAS_THREAD_LOCAL)
list(APPEND LIBFUZZER_CFLAGS -Dthread_local=__thread) list(APPEND LIBFUZZER_CFLAGS -Dthread_local=__thread)
endif() endif()
Show All 35 Lines