This is an archive of the discontinued LLVM Phabricator instance.

[libFuzzer] Update documentation regarding MSan.
ClosedPublic

Authored by morehouse on Jul 17 2018, 11:47 AM.

Details

Event Timeline

morehouse created this revision.Jul 17 2018, 11:47 AM

Ran fuzzer-test-suite's test-everything.sh with -fsanitize=memory,fuzzer and all MSan reports came from the fuzz target, not libFuzzer. I think it's time to document the new capability.

kcc added a comment.Jul 17 2018, 2:40 PM

all MSan reports came from the fuzz target, not libFuzzer

It may be more subtle than this. Did you investigate the msan reports?

Benchmarks easy to discern the crash cause:

  • boringssl - Finds same use-after-free as ASan.
  • c-ares - Finds same crash as vanilla libFuzzer.
  • freetype - Finds the target line.
  • guetzli - False positive (fuzz target uses std::map).
  • harfbuzz - Hits time limit without crashing.
  • lcms - No crashes after several days.
  • libjpeg-turbo - Finds the target line.
  • openssl-1.0.1f - Finds Heartbleed.
  • pcre2 - Finds same buffer overflow as ASan.

Benchmarks with new crash stack traces under MSan. Would take more effort to determine cause:

  • json
  • libarchive
  • libpng
  • libssh
  • libxml
  • openssl-1.0.2d
  • proj4
  • re2
  • woff2

I could investigate each of the new crashes, but that's more time than I'd like to spend on this. Maybe I will just change the documentation to say that MSan support is experimental.

  • Support MSan experimentally.
kcc accepted this revision.Jul 19 2018, 10:55 AM

LGTM

This revision is now accepted and ready to land.Jul 19 2018, 10:55 AM
This revision was automatically updated to reflect the committed changes.