search for: fsanit

...): 0 [0x10e2870a8,0x10e2870a8), ERROR: The size of coverage PC tables does not match the number of instrumented PCs. This might be a bug in the compiler, please contact the libFuzzer developers. >From the build logs, it looks like we're now building objects with these sanitizer flags: -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link We're then linking the fuzzer binaries with these: -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link -fsanitize=fuzzer Any idea what's wrong or where to start looking?

...The size of coverage PC tables does not match the number of instrumented PCs. This might be a bug in the compiler, please contact the libFuzzer developers. >> >> From the build logs, it looks like we're now building objects with these >> sanitizer flags: >> >> -fsanitize=address >> -fsanitize-address-use-after-scope >> -fsanitize=fuzzer-no-link >> >> We're then linking the fuzzer binaries with these: >> >> -fsanitize=address >> -fsanitize-address-use-after-scope >> -fsanitize=fuzzer-no-link >> -fs...

...odules/HandleLLVMOptions.cmake > index 04596a6ff63..5465d8d95ba 100644 > --- a/cmake/modules/HandleLLVMOptions.cmake > +++ b/cmake/modules/HandleLLVMOptions.cmake > @@ -665,6 +665,9 @@ if(LLVM_USE_SANITIZER) > endif() > if (LLVM_USE_SANITIZE_COVERAGE) > append("-fsanitize=fuzzer-no-link" CMAKE_C_FLAGS CMAKE_CXX_FLAGS) > + > + # Dead stripping messes up coverage instrumentation. > + set(LLVM_NO_DEAD_STRIP ON) > endif() > endif() > > Any arguments against that? We shouldn't do this. We really only want to prevent dead stripp...

Hi All, Chandler, After listening to Chandlers presentation at Going native 2013, I think "lld" should add a buildbot configuration to turn on building lld with -fsanitize options and have buildbot configurations to run on * darwin * linux (ubuntu). I was not really sure on if llvm changes use a buildbot with the -fsanitize options turned on / how stable the llvm libraries are when compiled using those options. Does it make sense to have * llvm built in the...

...one. Alex On Sep 6, 2013, at 2:27 PM, Shankar Easwaran <shankare at codeaurora.org> wrote: > Hi All, Chandler, > > After listening to Chandlers presentation at Going native 2013, > > I think "lld" should add a buildbot configuration to turn on building lld with -fsanitize options and have buildbot configurations to run on > > * darwin > * linux (ubuntu). > > I was not really sure on if llvm changes use a buildbot with the -fsanitize options turned on / how stable the llvm libraries are when compiled using those options. > > Does it make se...

> On Aug 24, 2017, at 2:55 PM, Kostya Serebryany <kcc at google.com> wrote: > > Interesting. > This is a relatively new addition (fsanitize-coverage=pc-tables, which is now a part of -fsanitize=fuzzer). > The tests worked (did they? On Mac?) so I thought everything is ok. For tests we never compile the tested target with -O3 (and that wouldn’t be sufficient), and for testing fuzzers I was always building them in debug > Y...

....org/gnu/wget/wget-1.19.5.tar.gz). But when compiled with dfsan, it encountered a null pointer dereference error. Following an old post: http://lists.llvm.org/pipermail/cfe-dev/2014-May/037160.html . I was trying to use a blacklist for openssl functions. My commands are: export CC="clang -g -fsanitize=dataflow -fsanitize-blacklist=/tmp/openssl-list.txt export LDFLAGS=" -fsanitize=dataflow -fsanitize-blacklist=/tmp/openssl-list.txt ./configure --with-ssl=openssl make I've tried with clang 9,10, and the nightly build of 11 today. The error is: when trying to run "src/wget www.go...

I get some failing tests from compiler-rt. FAIL: cfi :: cross-dso/stats.cpp (30831 of 30893) ******************** TEST 'cfi :: cross-dso/stats.cpp' FAILED ******************** Script: -- /usr/local/google/home/prazek/llvm-build-release/./bin/clang -fuse-ld=gold -flto -fsanitize=cfi -fwhole-program-vtables --driver-mode=g++ -fsanitize-cfi-cross-dso -fvisibility=default -DSHARED_LIB -fPIC -g -fsanitize-stats -shared -o /usr/local/google/home/prazek/llvm-build-release/projects/compiler-rt/test/cfi/Devirt/cross-dso/Output/ stats.cpp.tmp.so /usr/local/google/home/prazek/llv...

Hi Alex, + Galina Ubuntu/Debian should work as well, I wanted one flavor where lld could be built on linux platform. I will want to have a seperate buildbot to seperate failures if any due to the fsanitize options. Do you know if llvm itself gets tested as a complete build with the fsanitize options ? Enabling tsan seems to be a good idea too. Thanks Shankar Easwaran On 9/8/2013 10:22 PM, Alex Rosenberg wrote: > There are existing Darwin and Win7 builders, and a few Debian configs that a...

...nkov <ekarpenkov at apple.com >> > >> > wrote: >> > >> >> >> >> On Aug 24, 2017, at 2:55 PM, Kostya Serebryany <kcc at google.com> wrote: >> >> >> >> Interesting. >> >> This is a relatively new addition (fsanitize-coverage=pc-tables, which >> is >> >> now a part of -fsanitize=fuzzer). >> >> The tests worked (did they? On Mac?) so I thought everything is ok. >> >> >> >> >> >> For tests we never compile the tested target with -O3 (and that &g...

Hi Mitch, Thank you for the response. 1. You don't need to build the library with `-fsanitize-coverage=...`, using `-fsanitize=fuzzer-no-link,address` should be sufficient. - Acknowledged 2. (although you can actually build object files/shared libraries with -fsanitize=fuzzer, and the libFuzzer main won't be linked, if this makes your build process easier). - with just the *fuzzer...

...cs' > > > > On Thu, Aug 24, 2017 at 3:07 PM, George Karpenkov <ekarpenkov at apple.com> > wrote: > >> >> On Aug 24, 2017, at 2:55 PM, Kostya Serebryany <kcc at google.com> wrote: >> >> Interesting. >> This is a relatively new addition (fsanitize-coverage=pc-tables, which is >> now a part of -fsanitize=fuzzer). >> The tests worked (did they? On Mac?) so I thought everything is ok. >> >> >> For tests we never compile the tested target with -O3 (and that wouldn’t >> be sufficient), >> and for testi...

...p=0x7ff38f83ac20 uninitialized, fixing it*. I am not sure what this means. Also, I can see that the apifunc is called and it runs but it does not show up in the *NEW_FUNC[x/xxx]: *log lines in the libfuzzer output. To enable fuzzing. First I build the library with the following libfuzzer flags. *-fsanitize=fuzzer-no-link,address -fsanitize-coverage=edge,indirect-calls* I also had to make a blacklist to avoid some buffer overflow and use after free error during this build. After this, I link the fuzz target with the library and use the following libfuzzer options. *-fsanitize=fuzzer,address* I am...

...y on the optimizer). >> >> Is there a simple way to reproduce the link failure? >> > > > ninja compiler-rt > echo 'extern "C" int LLVMFuzzerTestOneInput(const unsigned char *a, > unsigned long b){return 0; } ' > test.cc > clang -O3 test.cc -fsanitize=fuzzer # works > clang -O3 test.cc -Wl,-gc-sections -fsanitize=fuzzer # fails > It seems that the issue is that older versions of ld.bfd have a bug which causes it not to define __start_ and __stop_ symbols if the only reference to those symbols is from a constructor. If I add an artifi...

Hello all! (+cc Vedant Kumar, who I've been told knows a lot about UBSan!) I am trying to fix an assert that occurs when the transforms in llvm/lib/Transforms/Coroutines are applied to LLVM IR that has been generated with UBSan enabled -- specifically, '-fsanitize=null'. You can see an example of the assert in this 26-line C++ file here: https://godbolt.org/g/Gw9UZq Note that without the '-fsanitize=null' option this compiles fine, but when that option is used, Clang/LLVM crashes due to "error in backend: cannot move instruction since i...

...reproduce the link failure? > >>> > >> > >> > >> ninja compiler-rt > >> echo 'extern "C" int LLVMFuzzerTestOneInput(const unsigned char *a, > >> unsigned long b){return 0; } ' > test.cc > >> clang -O3 test.cc -fsanitize=fuzzer # works > >> clang -O3 test.cc -Wl,-gc-sections -fsanitize=fuzzer # fails > >> > > > > It seems that the issue is that older versions of ld.bfd have a bug which > > causes it not to define __start_ and __stop_ symbols if the only > reference > &g...

> I think your best bet for controlling code bloat is to compile with > -fsanitize=undefined -fsanitize-trap=undefined. Also you may not need all of UBSan's checks at the same time -- so pick and choose among its checks using the finer-grained flags. If you're really stuck against a hard limit on code size, try applying UBSan to a subset of files in your project at...

...M, Philip Reames via llvm-dev wrote: > Fair warning, the following is a devil's advocate position, but it's > also a serious question. > > Given the entire point of this flag appears to be bug mitigation, why > not frame this as a sanitizer?  If we had a hypothetical > -fsanitize=dereference which tried to catch dereferenced pointers > derived from null, wouldn't that handle the case at hand? It's called "-fsanitize=null": it catches stuff like "x[3]" where x is null. It's not quite complete; we don't check for arithmetic on a nu...

...g technology while sanitizers are associated with inserting additional checks into the program. The different linking behavior is another major difference. Anna. > On Apr 27, 2017, at 4:08 PM, Kostya Serebryany via llvm-dev <llvm-dev at lists.llvm.org> wrote: > > on the one hand, -fsanitize=fuzzer might indeed be confusing as it behaves in somewhat different way compared to other sanitizers > Major difference: links in a library with main() > On the other hand, I like "-fsanitize=fuzzer,address" more than "-fsanitize=address -ffuzzer" > > --kcc &g...

Hi All, Recently we have introduced a short syntactic sugar flag for compiling a file with libfuzzer: one just needs to add “-fsanitize=fuzzer” to the command line, and the driver would specify coverage flags and link with libfuzzer automatically. I wanted to ask whether it would make more sense to rename the flag to “-ffuzzer”, as it’s not a sanitizer, and it has a much heavier effect. Thanks, George