This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
lib/Driver/ToolChains/
-
Driver/
-
ToolChains/
2
MSVC.cpp

Differential D51008

Enable -fsanitize=fuzzer and -fsanitize=fuzzer-no-link on Windows.
AbandonedPublic

Authored by metzman on Aug 20 2018, 4:17 PM.

Download Raw Diff

Details

Reviewers

morehouse

Summary

This allows -fsanitize=fuzzer and -fsanitize=fuzzer-no-link for the MSVC toolchain (Windows).
When using either when targeting MSVC, Clang will also use some default flags that are needed (such as incremental linking and debug).

Diff Detail

Repository: rC Clang

Event Timeline

metzman created this revision.Aug 20 2018, 4:17 PM

Herald added a subscriber: cfe-commits. · View Herald TranscriptAug 20 2018, 4:17 PM

metzman edited the summary of this revision. (Show Details)Aug 20 2018, 4:28 PM

metzman edited the summary of this revision. (Show Details)Aug 20 2018, 4:33 PM

Matt could you please take a look at this?
I'll add rnk as reviewer once you sign off, since he is a CODE_OWNER for Windows in Clang.

Thanks!

LGTM

lib/Driver/ToolChains/MSVC.cpp
373	Why is `-debug` needed?

metzman added inline comments.Aug 20 2018, 5:50 PM

lib/Driver/ToolChains/MSVC.cpp
373	Without it, libFuzzer quits early with the following error message: ERROR: no interesting inputs were found. Is the code instrumented for coverage? Exiting. I think it's because `sancov.module_ctor` isn't executed (or it isn't calling the init functions in libFuzzer), but I'm not 100% sure about this (or why this is the case). I guess `-debug` isn't strictly necessary because I don't have libFuzzer working perfectly without ASAN yet (I always get warnings from libFuzzer about `__sanitizer_print_stack_trace`, `__sanitizer_acquire_crash_state`, and `__sanitizer_set_death_callback` being missing) and ASAN includes this argument (as well as `-incremental:no`, removing this line doesn't break anything as long as we always compile with ASAN). Do you think I should remove these two arguments? I was planning on tracking down why exactly this occurs later on, but I'm fine doing this now.

Abandoning this revision since I think the libFuzzer on Windows changes would be easier to understand as part of one commit instead of three.
New revision here

Revision Contents

Path

Size

lib/

Driver/

ToolChains/

MSVC.cpp

13 lines

Diff 161606

lib/Driver/ToolChains/MSVC.cpp

Show First 20 Lines • Show All 359 Lines • ▼ Show 20 Lines	void visualstudio::Linker::ConstructJob(Compilation &C, const JobAction &JA,
if (DLL) {		if (DLL) {
CmdArgs.push_back(Args.MakeArgString("-dll"));		CmdArgs.push_back(Args.MakeArgString("-dll"));

SmallString<128> ImplibName(Output.getFilename());		SmallString<128> ImplibName(Output.getFilename());
llvm::sys::path::replace_extension(ImplibName, "lib");		llvm::sys::path::replace_extension(ImplibName, "lib");
CmdArgs.push_back(Args.MakeArgString(std::string("-implib:") + ImplibName));		CmdArgs.push_back(Args.MakeArgString(std::string("-implib:") + ImplibName));
}		}

		if (TC.getSanitizerArgs().needsFuzzer()) {
		if (!Args.hasArg(options::OPT_shared))
		CmdArgs.push_back(
		Args.MakeArgString(std::string("-wholearchive:") +
		TC.getCompilerRTArgString(Args, "fuzzer", false)));
		CmdArgs.push_back(Args.MakeArgString("-debug"));
		morehouseUnsubmitted Not Done Reply Inline Actions Why is `-debug` needed? morehouse: Why is `-debug` needed?
		metzmanAuthorUnsubmitted Not Done Reply Inline Actions Without it, libFuzzer quits early with the following error message: ERROR: no interesting inputs were found. Is the code instrumented for coverage? Exiting. I think it's because `sancov.module_ctor` isn't executed (or it isn't calling the init functions in libFuzzer), but I'm not 100% sure about this (or why this is the case). I guess `-debug` isn't strictly necessary because I don't have libFuzzer working perfectly without ASAN yet (I always get warnings from libFuzzer about `__sanitizer_print_stack_trace`, `__sanitizer_acquire_crash_state`, and `__sanitizer_set_death_callback` being missing) and ASAN includes this argument (as well as `-incremental:no`, removing this line doesn't break anything as long as we always compile with ASAN). Do you think I should remove these two arguments? I was planning on tracking down why exactly this occurs later on, but I'm fine doing this now. metzman: Without it, libFuzzer quits early with the following error message: ``` ERROR: no interesting…
		// Prevent the linker from padding sections we use for instrumentation
		// arrays.
		CmdArgs.push_back(Args.MakeArgString("-incremental:no"));
		}

if (TC.getSanitizerArgs().needsAsanRt()) {		if (TC.getSanitizerArgs().needsAsanRt()) {
CmdArgs.push_back(Args.MakeArgString("-debug"));		CmdArgs.push_back(Args.MakeArgString("-debug"));
CmdArgs.push_back(Args.MakeArgString("-incremental:no"));		CmdArgs.push_back(Args.MakeArgString("-incremental:no"));
if (TC.getSanitizerArgs().needsSharedRt() \|\|		if (TC.getSanitizerArgs().needsSharedRt() \|\|
Args.hasArg(options::OPT__SLASH_MD, options::OPT__SLASH_MDd)) {		Args.hasArg(options::OPT__SLASH_MD, options::OPT__SLASH_MDd)) {
for (const auto &Lib : {"asan_dynamic", "asan_dynamic_runtime_thunk"})		for (const auto &Lib : {"asan_dynamic", "asan_dynamic_runtime_thunk"})
CmdArgs.push_back(TC.getCompilerRTArgString(Args, Lib));		CmdArgs.push_back(TC.getCompilerRTArgString(Args, Lib));
// Make sure the dynamic runtime thunk is not optimized out at link time		// Make sure the dynamic runtime thunk is not optimized out at link time
▲ Show 20 Lines • Show All 917 Lines • ▼ Show 20 Lines	else
(Twine("msvc") + MSVT.getAsString() + Twine('-') + ObjFmt).str());		(Twine("msvc") + MSVT.getAsString() + Twine('-') + ObjFmt).str());
}		}
return Triple.getTriple();		return Triple.getTriple();
}		}

SanitizerMask MSVCToolChain::getSupportedSanitizers() const {		SanitizerMask MSVCToolChain::getSupportedSanitizers() const {
SanitizerMask Res = ToolChain::getSupportedSanitizers();		SanitizerMask Res = ToolChain::getSupportedSanitizers();
Res \|= SanitizerKind::Address;		Res \|= SanitizerKind::Address;
		Res \|= SanitizerKind::Fuzzer;
		Res \|= SanitizerKind::FuzzerNoLink;
Res &= ~SanitizerKind::CFIMFCall;		Res &= ~SanitizerKind::CFIMFCall;
return Res;		return Res;
}		}

static void TranslateOptArg(Arg *A, llvm::opt::DerivedArgList &DAL,		static void TranslateOptArg(Arg *A, llvm::opt::DerivedArgList &DAL,
bool SupportsForcingFramePointer,		bool SupportsForcingFramePointer,
const char *ExpandChar, const OptTable &Opts) {		const char *ExpandChar, const OptTable &Opts) {
assert(A->getOption().matches(options::OPT__SLASH_O));		assert(A->getOption().matches(options::OPT__SLASH_O));
▲ Show 20 Lines • Show All 155 Lines • Show Last 20 Lines