LGTM

For what it's worth, it's not clear to me that even if you _did_ compile _sre.c with fuzzer-no-link that you'd get good results. The regexp engine is effectively an interpreter, which is probably the worst case for coverage guided fuzzing -- essentially the program counter and branches have a low correspondence with semantics. For example, trying to match the regexp ab, you'd have two MATCH_CHAR opcodes, but it'd be backed by a single C function, so you wouldn't get different coverage for one matching versus the other.

FWIW, another thing that probably deserves to be mentioned is that compiling it this way does not get you the GWP-ASAN integration, you need to go via CMake if you want that.

FYI, I'm not an LLVM committer, so I'll need someone to merge this for me. Thanks!

I was marked as a review on this, but I suspect you intended to get some other Alex :-)

I had a patch to use posix_spawn on all posix platforms, but hit some issues I didn't quite have the time to debug all the way through. It's a good idea in my view.

I don't know this code very well at all, so just one small comment that jumped out to me. Conceptually it looks like this solves the problem we were seeing. Thanks for jumping on this so quickly!

Do you need any additional changes from me?

• Use at_scope_exit to simplify destroying the posix_spawn_file_actions

Would you be ok landing this with the current approach (+/- any other feedback of course), and filing a follow-up bug to switch it to a runtime check?

• Simply use vfork everywhere, the macOS manpage does not describe it's semantics correctly.
• Query for sysconf open max before vforking
• Switch back to using posix_spawn everywhere but Android
• Use posix_spawn based implementation on r28+ for Android
• Destroy file_actions

• Use posix_spawn based implementation on r28+ for Android

Yes, I imagine such a thing is possible. It may also be detect at compile time which version of the SDK it's targetting, but I don't know the Android SDK (NDK?) well enough to say how.

• Switch back to using posix_spawn everywhere but Android

Fantastic, thanks for the review. (As an FYI I'm not an llvm committer, so I can't land this myself).

• Query for sysconf open max before vforking

• Simply use vfork everywhere, the macOS manpage does not describe it's semantics correctly.

Good call actually checking the manpage... both dup2 and close seem to work perfectly fine in the child after vfork. I'll update the patch accordingly.

In D48451#1140158, @eugenis wrote:

Sorry I did not notice this before. Try vfork?

I'm not an llvm committer, what's the process for getting this landed from here?

Thanks!

@morehouse I'm not familiar with the LLVM development process, what's the next step now that this has been reviewed?