search for: fuzzer

Hi, This started as an off hand comment in [1] but this appears to be a real issue so I'm moving the discussion to the mailing list. In r270942 the time taken to run LibFuzzer's test became noticeably longer. I am building on * Arch Linux (4.5.4-1-ARCH #1 SMP PREEMPT Wed May 11 22:21:28 CEST 2016 x86_64 GNU/Linux) * I am building libFuzzer and running its tests like so ``` CC=<new_clang> CXX=<new_clang++> cmake -DLLVM_USE_SANITIZE_COVERAGE=1 -DLLVM_USE_...

...s to see. --kcc On Fri, May 27, 2016 at 6:18 PM, Dan Liew <dan at su-root.co.uk> wrote: > Hi, > > This started as an off hand comment in [1] but this appears to be a > real issue so I'm moving the discussion to the mailing list. > > In r270942 the time taken to run LibFuzzer's test became noticeably > longer. I am building on > > * Arch Linux (4.5.4-1-ARCH #1 SMP PREEMPT Wed May 11 22:21:28 CEST > 2016 x86_64 GNU/Linux) > * I am building libFuzzer and running its tests like so > > ``` > CC=<new_clang> CXX=<new_clang++> cmake -DLL...

Kostya, I think I've found what looks like a reproducible bug in libFuzzer. The code under test is built with ASan and the first ASan CHECK failure shows fuzzer in the stack trace. (see below) One of the factors that may be unique in my testing is that each iteration can take a very long time to execute (tens or hundreds of seconds). Let me know if you need more info,...

Continuing my quixotic effort to get 'check-all' clean, I am seeing a Fuzzer failure on x86-64 Linux. Do any builders run fuzzer tests? FAIL: libFuzzer :: value-profile-mem.test (103 of 103) ******************** TEST 'libFuzzer :: value-profile-mem.test' FAILED ******************** Script: -- : 'RUN: at line 4'; /build/x86_64/./bin/clang --driver-mode...

> > > I'd like llvm-isel-fuzzer to be added once its committed consider it done (once it's there) > (which should > be as soon as LLVM fuzzers work in release builds again). One potential > issue is that llvm-isel-fuzzer is more of a collection of fuzzers, and > it needs some arguments to run (ie, to choose th...

...> +Matt Morehouse <mailto:mascasa at google.com> > > On Fri, Jan 4, 2019 at 11:43 AM David Greene via llvm-dev <llvm-dev at lists.llvm.org <mailto:llvm-dev at lists.llvm.org>> wrote: > Continuing my quixotic effort to get 'check-all' clean, I am seeing a > Fuzzer failure on x86-64 Linux. Do any builders run fuzzer tests? > > FAIL: libFuzzer :: value-profile-mem.test (103 of 103) > ******************** TEST 'libFuzzer :: value-profile-mem.test' FAILED ******************** > Script: > -- > : 'RUN: at line 4'; /build/x86...

I decided to try out the fuzzer library and clang-fuzzer, but it doesn't seem to build for me. From the cmake files, I was pretty sure all I need to do is set -DLLVM_USE_SANITIZE_COVERAGE=ON, but with this I get a number of link errors for "lib/Fuzzer/test/LLVMFuzzer-CounterTest", for example: lib/libLLVMFuzzer.a...

...> Hi Brian, > Yes, looks like a bug in sanitizer coverage, please send the reproducer. > > On Tue, Dec 1, 2015 at 5:22 PM, Brian Cain <brian.cain at gmail.com> wrote: > >> >> Kostya, >> >> I think I've found what looks like a reproducible bug in libFuzzer. The >> code under test is built with ASan and the first ASan CHECK failure shows >> fuzzer in the stack trace. (see below) >> >> One of the factors that may be unique in my testing is that each >> iteration can take a very long time to execute (tens or hundreds of &...

...coverage, please send the reproducer. >>> >>> On Tue, Dec 1, 2015 at 5:22 PM, Brian Cain <brian.cain at gmail.com> wrote: >>> >>>> >>>> Kostya, >>>> >>>> I think I've found what looks like a reproducible bug in libFuzzer. >>>> The code under test is built with ASan and the first ASan CHECK failure >>>> shows fuzzer in the stack trace. (see below) >>>> >>>> One of the factors that may be unique in my testing is that each >>>> iteration can take a very long...

...y 27, 2016 at 6:18 PM, Dan Liew <dan at su-root.co.uk> wrote: > >> Hi, >> >> This started as an off hand comment in [1] but this appears to be a >> real issue so I'm moving the discussion to the mailing list. >> >> In r270942 the time taken to run LibFuzzer's test became noticeably >> longer. I am building on >> >> * Arch Linux (4.5.4-1-ARCH #1 SMP PREEMPT Wed May 11 22:21:28 CEST >> 2016 x86_64 GNU/Linux) >> * I am building libFuzzer and running its tests like so >> >> ``` >> CC=<new_clang> CX...

(kcc, george: sorry for the re-send, the first was from a non-list email address) My configuration for building the fuzzers in the LLVM tree doesn't seem to work any more (possibly as of moving libFuzzer to compiler-rt, but there have been a few other changes in the last week or so that may be related). I'm building with a fresh top-of-tree clang and setting -DLLVM_USE_SANITIZER=Address and -DLLVM_USE_SANITIZE...

...LEPATH=/Users/bogner/llvm-lkgc/bin/clang++ >> On Aug 24, 2017, at 11:29 AM, Justin Bogner <mail at justinbogner.com> wrote: >> >> (kcc, george: sorry for the re-send, the first was from a non-list email >> address) >> >> My configuration for building the fuzzers in the LLVM tree doesn't seem to >> work any more (possibly as of moving libFuzzer to compiler-rt, but there >> have been a few other changes in the last week or so that may be related). >> >> I'm building with a fresh top-of-tree clang and setting >> -DLLVM_...

First off, thanks -- this is a pretty great library and it feels like I'm learning a lot. I'm getting some more experience with libfuzzer and finding that I have a couple of questions: - How does libfuzzer decide to write a new test file? What distinguishes this one from all the other cases for which new test inputs were not written? Must be something about the path taken through the code? - Can I use afl-cmin or is there somethi...

...t 5:53 PM, Brian Cain via llvm-dev < > llvm-dev at lists.llvm.org> wrote: > >> >> First off, thanks -- this is a pretty great library and it feels like I'm >> learning a lot. >> > > Thanks! > > >> I'm getting some more experience with libfuzzer and finding that I have a >> couple of questions: >> > > >> >> - How does libfuzzer decide to write a new test file? What distinguishes >> this one from all the other cases for which new test inputs were not >> written? Must be something about the path ta...

On Tue, Aug 22, 2017 at 4:34 PM, Kostya Serebryany <kcc at google.com> wrote: > > > On Tue, Aug 22, 2017 at 4:21 PM, George Karpenkov <ekarpenkov at apple.com> > wrote: > >> Hi, >> >> As a part of a recent move of libFuzzer from LLVM to compiler-rt I am >> looking into updating the build code >> for the libraries which use libFuzzer. >> >> I have tried to compile llvm-mc-assemble-fuzzer, and >> llvm-mc-disassemble-fuzzer, and I couldn’t build either of those. >> For the first one, t...

Hello List, I'm currently writing my own little optimization pass (on LLVM 6.0) and considered it a neat idea to fuzz it using llvm-opt-fuzzer, which in theory should be a ready-made tool for such jobs as far as I can tell, potentially helping me to find UB and Address issues in my pass. So I went ahead and followed the instructions in the build manual [1] to build LLVM's llvm-opt-fuzzer as "RelWithDebInfo" with clang / cla...

So I was curious to start using the libFuzzer, but trying to follow along I got the following error: clang++ -fsanitize=address -fsanitize-coverage=edge test_fuzzer.cc Fuzzer*.o Undefined symbols for architecture x86_64: "_dfsan_create_label", referenced from: fuzzer::TraceState::DFSanCmpCallback(unsigned long, unsigned l...

...dleLLVMOptions.cmake > index 04596a6ff63..5465d8d95ba 100644 > --- a/cmake/modules/HandleLLVMOptions.cmake > +++ b/cmake/modules/HandleLLVMOptions.cmake > @@ -665,6 +665,9 @@ if(LLVM_USE_SANITIZER) > endif() > if (LLVM_USE_SANITIZE_COVERAGE) > append("-fsanitize=fuzzer-no-link" CMAKE_C_FLAGS CMAKE_CXX_FLAGS) > + > + # Dead stripping messes up coverage instrumentation. > + set(LLVM_NO_DEAD_STRIP ON) > endif() > endif() > > Any arguments against that? We shouldn't do this. We really only want to prevent dead stripping of the...

...t;> I wouldn't expect that to work because for ELF targets llvm.used has no >> effect on the object file (only on the optimizer). >> >> Is there a simple way to reproduce the link failure? >> > > > ninja compiler-rt > echo 'extern "C" int LLVMFuzzerTestOneInput(const unsigned char *a, > unsigned long b){return 0; } ' > test.cc > clang -O3 test.cc -fsanitize=fuzzer # works > clang -O3 test.cc -Wl,-gc-sections -fsanitize=fuzzer # fails > It seems that the issue is that older versions of ld.bfd have a bug which causes it no...

> On Aug 24, 2017, at 2:55 PM, Kostya Serebryany <kcc at google.com> wrote: > > Interesting. > This is a relatively new addition (fsanitize-coverage=pc-tables, which is now a part of -fsanitize=fuzzer). > The tests worked (did they? On Mac?) so I thought everything is ok. For tests we never compile the tested target with -O3 (and that wouldn’t be sufficient), and for testing fuzzers I was always building them in debug > Yea, we need to make sure the pc-tables are not stripped (this is...