Kostya, I took a quick stab at patching libFuzzer for Apple, but so far I'm thinking something else is incorrect. Patch is attached but when I went to reproduce the examples, the toy example went fine, but with PCRE and Heartbleed I noticed the coverage statistics were pretty poor, and didn't find anything. Admittedly I moved onto Heartbleed pretty quickly so PCRE probably isn't the best judge. But here's a sample log from the Heartbleed session (they were all similar): $ cat fuzz-11.log Seed: 3157140177 SetTimer 601 PreferSmall: 1 #0 READ cov 0 bits 0 units 1 exec/s 0 #1 pulse cov 0 bits 0 units 1 exec/s 0 #1 INITED cov 0 bits 0 units 0 exec/s 0 Done 1 runs in 4 second(s) Any thoughts? Obviously I'm not attached to anything in the patch, just trying to get something working on OS X. On Wed, Jul 8, 2015 at 11:42 AM, Juan Ceasar <juan.d.ceasar at gmail.com> wrote:> Thanks! I'll give it a shot and see what I can do to give some patches > back. > > On Wed, Jul 8, 2015 at 9:42 AM, Alexander Potapenko <glider at google.com> > wrote: > >> FWIW see also >> http://lists.cs.uiuc.edu/pipermail/cfe-dev/2015-June/043301.html >> As far as I understand DFSan functionality isn't required for >> libFuzzer to work, so it should be safe to disable DFSan support on >> Mac. >> >> On Wed, Jul 8, 2015 at 7:45 AM, Kostya Serebryany <kcc at google.com> wrote: >> > +pcc , glider >> > >> > On Mon, Jul 6, 2015 at 12:59 PM, Juan Ceasar <juan.d.ceasar at gmail.com> >> > wrote: >> >> >> >> Afternoon, >> >> >> >> I had an issue with trying to link a program with the DataFlowSanitizer >> >> functionality, this is from the libFuzzer project, and I was seeing: >> >> >> >> clang++ -fsanitize=address -fsanitize-coverage=edge test_fuzzer.cc >> >> Fuzzer*.o >> >> >> >> Undefined symbols for architecture x86_64: >> >> >> >> "_dfsan_create_label", referenced from: >> >> >> >> fuzzer::TraceState::DFSanCmpCallback(unsigned long, unsigned >> long, >> >> unsigned long, unsigned long long, unsigned long long, unsigned short, >> >> unsigned short) in FuzzerTraceState.o >> >> >> >> fuzzer::Fuzzer::InitializeTraceState() in FuzzerTraceState.o >> >> >> >> "_dfsan_get_label_info", referenced from: >> >> >> >> fuzzer::TraceState::GetLabelRange(unsigned short) in >> >> FuzzerTraceState.o >> >> >> >> ..... >> >> >> >> But then looking at the docs: >> >> http://clang.llvm.org/docs/DataFlowSanitizer.html >> >> >> >> It appears that this is only supported under Linux? Is that right? >> >> >> > >> > Correct. AFAICT, DFSan was only tested on Linux. >> > It is quite hard to make it work on Mac because there are too many >> closed >> > source libraries there. >> > Nothing impossible though -- it's just that nobody has worked on it. >> > >> > libFuzzer was also never tested on Mac, but I think it should be >> trivial to >> > make it work there. >> > I suspect that the errors you see are caused by the weak function >> > declarations which don't (???) work on Mac. >> > You'll need to #ifdef the weak functions on Mac somehow. Patches and Mac >> > buildbots are welcome :) >> > >> > --kcc >> > >> >> >> >> >> >> >> >> _______________________________________________ >> >> LLVM Developers mailing list >> >> LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu >> >> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev >> >> >> > >> >> >> >> -- >> Alexander Potapenko >> Software Engineer >> >> Google Germany GmbH >> Dienerstraße 12 >> 80331 München >> > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150710/bc35aad9/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: dfsan.patch Type: application/octet-stream Size: 1638 bytes Desc: not available URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150710/bc35aad9/attachment.obj>
The log indicates that you did not add the -fsanitize-coverage=... flags. E.g. -fsanitize-coverage=edge,indirect-calls,8bit-counters On Fri, Jul 10, 2015 at 11:40 AM, Juan Ceasar <juan.d.ceasar at gmail.com> wrote:> Kostya, > > I took a quick stab at patching libFuzzer for Apple, but so far I'm > thinking something else is incorrect. Patch is attached but when I went to > reproduce the examples, the toy example went fine, but with PCRE and > Heartbleed I noticed the coverage statistics were pretty poor, and didn't > find anything. Admittedly I moved onto Heartbleed pretty quickly so PCRE > probably isn't the best judge. But here's a sample log from the Heartbleed > session (they were all similar): > > $ cat fuzz-11.log > > Seed: 3157140177 > > SetTimer 601 > > PreferSmall: 1 > > #0 READ cov 0 bits 0 units 1 exec/s 0 > > #1 pulse cov 0 bits 0 units 1 exec/s 0 > > #1 INITED cov 0 bits 0 units 0 exec/s 0 > > Done 1 runs in 4 second(s) > > > Any thoughts? Obviously I'm not attached to anything in the patch, just > trying to get something working on OS X. > > > > On Wed, Jul 8, 2015 at 11:42 AM, Juan Ceasar <juan.d.ceasar at gmail.com> > wrote: > >> Thanks! I'll give it a shot and see what I can do to give some patches >> back. >> >> On Wed, Jul 8, 2015 at 9:42 AM, Alexander Potapenko <glider at google.com> >> wrote: >> >>> FWIW see also >>> http://lists.cs.uiuc.edu/pipermail/cfe-dev/2015-June/043301.html >>> As far as I understand DFSan functionality isn't required for >>> libFuzzer to work, so it should be safe to disable DFSan support on >>> Mac. >>> >>> On Wed, Jul 8, 2015 at 7:45 AM, Kostya Serebryany <kcc at google.com> >>> wrote: >>> > +pcc , glider >>> > >>> > On Mon, Jul 6, 2015 at 12:59 PM, Juan Ceasar <juan.d.ceasar at gmail.com> >>> > wrote: >>> >> >>> >> Afternoon, >>> >> >>> >> I had an issue with trying to link a program with the >>> DataFlowSanitizer >>> >> functionality, this is from the libFuzzer project, and I was seeing: >>> >> >>> >> clang++ -fsanitize=address -fsanitize-coverage=edge test_fuzzer.cc >>> >> Fuzzer*.o >>> >> >>> >> Undefined symbols for architecture x86_64: >>> >> >>> >> "_dfsan_create_label", referenced from: >>> >> >>> >> fuzzer::TraceState::DFSanCmpCallback(unsigned long, unsigned >>> long, >>> >> unsigned long, unsigned long long, unsigned long long, unsigned short, >>> >> unsigned short) in FuzzerTraceState.o >>> >> >>> >> fuzzer::Fuzzer::InitializeTraceState() in FuzzerTraceState.o >>> >> >>> >> "_dfsan_get_label_info", referenced from: >>> >> >>> >> fuzzer::TraceState::GetLabelRange(unsigned short) in >>> >> FuzzerTraceState.o >>> >> >>> >> ..... >>> >> >>> >> But then looking at the docs: >>> >> http://clang.llvm.org/docs/DataFlowSanitizer.html >>> >> >>> >> It appears that this is only supported under Linux? Is that right? >>> >> >>> > >>> > Correct. AFAICT, DFSan was only tested on Linux. >>> > It is quite hard to make it work on Mac because there are too many >>> closed >>> > source libraries there. >>> > Nothing impossible though -- it's just that nobody has worked on it. >>> > >>> > libFuzzer was also never tested on Mac, but I think it should be >>> trivial to >>> > make it work there. >>> > I suspect that the errors you see are caused by the weak function >>> > declarations which don't (???) work on Mac. >>> > You'll need to #ifdef the weak functions on Mac somehow. Patches and >>> Mac >>> > buildbots are welcome :) >>> > >>> > --kcc >>> > >>> >> >>> >> >>> >> >>> >> _______________________________________________ >>> >> LLVM Developers mailing list >>> >> LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu >>> >> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev >>> >> >>> > >>> >>> >>> >>> -- >>> Alexander Potapenko >>> Software Engineer >>> >>> Google Germany GmbH >>> Dienerstraße 12 >>> 80331 München >>> >> >> >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150710/cfe6b75f/attachment.html>
Aha! Thank you! Works perfectly... And for OS X, at least on my 10.10.3 system, I had to build OpenSSL via: COV_FLAGS="-fsanitize-coverage=edge,indirect-calls" ./Configure darwin64-x86_64-cc zlib threads shared && make -j 8 CC="/usr/local/bin/clang -g -fsanitize=address $COV_FLAGS" and then /usr/local/bin/clang++ -g -fsanitize=address handshake_fuzz.o openssl-1.0.1f/libcrypto.a openssl-1.0.1f/libssl.a Fuzzer*.o -lz Just in case you wanted to update the wiki... Because OpenSSL was being finicky I had missed the sanitization args on a rebuild just as you said :-) Thanks again. I'm going to look into the DFSan lib for OS X next week. Have a good one! On Fri, Jul 10, 2015 at 2:44 PM, Kostya Serebryany <kcc at google.com> wrote:> The log indicates that you did not add the -fsanitize-coverage=... flags. > E.g. -fsanitize-coverage=edge,indirect-calls,8bit-counters > > On Fri, Jul 10, 2015 at 11:40 AM, Juan Ceasar <juan.d.ceasar at gmail.com> > wrote: > >> Kostya, >> >> I took a quick stab at patching libFuzzer for Apple, but so far I'm >> thinking something else is incorrect. Patch is attached but when I went to >> reproduce the examples, the toy example went fine, but with PCRE and >> Heartbleed I noticed the coverage statistics were pretty poor, and didn't >> find anything. Admittedly I moved onto Heartbleed pretty quickly so PCRE >> probably isn't the best judge. But here's a sample log from the Heartbleed >> session (they were all similar): >> >> $ cat fuzz-11.log >> >> Seed: 3157140177 >> >> SetTimer 601 >> >> PreferSmall: 1 >> >> #0 READ cov 0 bits 0 units 1 exec/s 0 >> >> #1 pulse cov 0 bits 0 units 1 exec/s 0 >> >> #1 INITED cov 0 bits 0 units 0 exec/s 0 >> >> Done 1 runs in 4 second(s) >> >> >> Any thoughts? Obviously I'm not attached to anything in the patch, just >> trying to get something working on OS X. >> >> >> >> On Wed, Jul 8, 2015 at 11:42 AM, Juan Ceasar <juan.d.ceasar at gmail.com> >> wrote: >> >>> Thanks! I'll give it a shot and see what I can do to give some patches >>> back. >>> >>> On Wed, Jul 8, 2015 at 9:42 AM, Alexander Potapenko <glider at google.com> >>> wrote: >>> >>>> FWIW see also >>>> http://lists.cs.uiuc.edu/pipermail/cfe-dev/2015-June/043301.html >>>> As far as I understand DFSan functionality isn't required for >>>> libFuzzer to work, so it should be safe to disable DFSan support on >>>> Mac. >>>> >>>> On Wed, Jul 8, 2015 at 7:45 AM, Kostya Serebryany <kcc at google.com> >>>> wrote: >>>> > +pcc , glider >>>> > >>>> > On Mon, Jul 6, 2015 at 12:59 PM, Juan Ceasar <juan.d.ceasar at gmail.com >>>> > >>>> > wrote: >>>> >> >>>> >> Afternoon, >>>> >> >>>> >> I had an issue with trying to link a program with the >>>> DataFlowSanitizer >>>> >> functionality, this is from the libFuzzer project, and I was seeing: >>>> >> >>>> >> clang++ -fsanitize=address -fsanitize-coverage=edge test_fuzzer.cc >>>> >> Fuzzer*.o >>>> >> >>>> >> Undefined symbols for architecture x86_64: >>>> >> >>>> >> "_dfsan_create_label", referenced from: >>>> >> >>>> >> fuzzer::TraceState::DFSanCmpCallback(unsigned long, unsigned >>>> long, >>>> >> unsigned long, unsigned long long, unsigned long long, unsigned >>>> short, >>>> >> unsigned short) in FuzzerTraceState.o >>>> >> >>>> >> fuzzer::Fuzzer::InitializeTraceState() in FuzzerTraceState.o >>>> >> >>>> >> "_dfsan_get_label_info", referenced from: >>>> >> >>>> >> fuzzer::TraceState::GetLabelRange(unsigned short) in >>>> >> FuzzerTraceState.o >>>> >> >>>> >> ..... >>>> >> >>>> >> But then looking at the docs: >>>> >> http://clang.llvm.org/docs/DataFlowSanitizer.html >>>> >> >>>> >> It appears that this is only supported under Linux? Is that right? >>>> >> >>>> > >>>> > Correct. AFAICT, DFSan was only tested on Linux. >>>> > It is quite hard to make it work on Mac because there are too many >>>> closed >>>> > source libraries there. >>>> > Nothing impossible though -- it's just that nobody has worked on it. >>>> > >>>> > libFuzzer was also never tested on Mac, but I think it should be >>>> trivial to >>>> > make it work there. >>>> > I suspect that the errors you see are caused by the weak function >>>> > declarations which don't (???) work on Mac. >>>> > You'll need to #ifdef the weak functions on Mac somehow. Patches and >>>> Mac >>>> > buildbots are welcome :) >>>> > >>>> > --kcc >>>> > >>>> >> >>>> >> >>>> >> >>>> >> _______________________________________________ >>>> >> LLVM Developers mailing list >>>> >> LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu >>>> >> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev >>>> >> >>>> > >>>> >>>> >>>> >>>> -- >>>> Alexander Potapenko >>>> Software Engineer >>>> >>>> Google Germany GmbH >>>> Dienerstraße 12 >>>> 80331 München >>>> >>> >>> >> >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150710/325ceb42/attachment.html>