search for: fuzzermain

...s of ld.bfd have a bug which causes it not to define __start_ and __stop_ symbols if the only reference to those symbols is from a constructor. If I add an artificial reference to the start symbol from libfuzzer's main function, the program links correctly. diff --git a/compiler-rt/lib/fuzzer/FuzzerMain.cpp b/compiler-rt/lib/fuzzer/FuzzerMain.cpp index af8657200be2..c41e28e012db 100644 --- a/compiler-rt/lib/fuzzer/FuzzerMain.cpp +++ b/compiler-rt/lib/fuzzer/FuzzerMain.cpp @@ -16,6 +16,10 @@ extern "C" { int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); } // extern "C&...

...y were > all too new) > > I've gone ahead and fixed the issue on macOS in r311742. > > > If I add an artificial reference to the start symbol from libfuzzer's > main > > function, the program links correctly. > > > > diff --git a/compiler-rt/lib/fuzzer/FuzzerMain.cpp > > b/compiler-rt/lib/fuzzer/FuzzerMain.cpp > > index af8657200be2..c41e28e012db 100644 > > --- a/compiler-rt/lib/fuzzer/FuzzerMain.cpp > > +++ b/compiler-rt/lib/fuzzer/FuzzerMain.cpp > > @@ -16,6 +16,10 @@ extern "C" { > > int LLVMFuzzerTestOneInp...

...ahead and fixed the issue on macOS in r311742. >>> >>> > If I add an artificial reference to the start symbol from libfuzzer's >>> main >>> > function, the program links correctly. >>> > >>> > diff --git a/compiler-rt/lib/fuzzer/FuzzerMain.cpp >>> > b/compiler-rt/lib/fuzzer/FuzzerMain.cpp >>> > index af8657200be2..c41e28e012db 100644 >>> > --- a/compiler-rt/lib/fuzzer/FuzzerMain.cpp >>> > +++ b/compiler-rt/lib/fuzzer/FuzzerMain.cpp >>> > @@ -16,6 +16,10 @@ extern "C&quo...

...uzzpy/llvm_src//llvm/lib/Fuzzer/FuzzerDriver.cpp:201:10 #8 0x141427 in fuzzer::FuzzerDriver(int, char**, int (*)(unsigned char const*, unsigned int)) /home/brian/src/fuzzpy/llvm_src//llvm/lib/Fuzzer/FuzzerDriver.cpp:196:10 #9 0x1873e3 in main /home/brian/src/fuzzpy/llvm_src//llvm/lib/Fuzzer/FuzzerMain.cpp:19:10 #10 0xb6c86775 in __libc_start_main /build/buildd/glibc-2.21/csu/libc-start.c:289 DEATH: artifact_prefix='./'; Test unit written to ./crash-ec9fa023e9db127e2589d0ab4c506055e4174611 -- -Brian -------------- next part -------------- An HTML attachment was scrubbed... URL: &l...

...cpp:201:10 >> #8 0x141427 in fuzzer::FuzzerDriver(int, char**, int (*)(unsigned >> char const*, unsigned int)) >> /home/brian/src/fuzzpy/llvm_src//llvm/lib/Fuzzer/FuzzerDriver.cpp:196:10 >> #9 0x1873e3 in main >> /home/brian/src/fuzzpy/llvm_src//llvm/lib/Fuzzer/FuzzerMain.cpp:19:10 >> #10 0xb6c86775 in __libc_start_main >> /build/buildd/glibc-2.21/csu/libc-start.c:289 >> >> DEATH: >> artifact_prefix='./'; Test unit written to >> ./crash-ec9fa023e9db127e2589d0ab4c506055e4174611 >> >> >> -- >> -Br...

...427 in fuzzer::FuzzerDriver(int, char**, int (*)(unsigned >>>> char const*, unsigned int)) >>>> /home/brian/src/fuzzpy/llvm_src//llvm/lib/Fuzzer/FuzzerDriver.cpp:196:10 >>>> #9 0x1873e3 in main >>>> /home/brian/src/fuzzpy/llvm_src//llvm/lib/Fuzzer/FuzzerMain.cpp:19:10 >>>> #10 0xb6c86775 in __libc_start_main >>>> /build/buildd/glibc-2.21/csu/libc-start.c:289 >>>> >>>> DEATH: >>>> artifact_prefix='./'; Test unit written to >>>> ./crash-ec9fa023e9db127e2589d0ab4c506055e41...

On Thu, Aug 24, 2017 at 3:21 PM, Kostya Serebryany via llvm-dev < llvm-dev at lists.llvm.org> wrote: > > > On Thu, Aug 24, 2017 at 3:20 PM, Justin Bogner <mail at justinbogner.com> > wrote: > >> I think the simplest fix is something like this: >> >> diff --git a/lib/Transforms/Instrumentation/SanitizerCoverage.cpp >>

First off, thanks -- this is a pretty great library and it feels like I'm learning a lot. I'm getting some more experience with libfuzzer and finding that I have a couple of questions: - How does libfuzzer decide to write a new test file? What distinguishes this one from all the other cases for which new test inputs were not written? Must be something about the path taken through the

.../FuzzerDriver.cpp:273 #42 0x00000000005095fc in fuzzer::FuzzerDriver (argc=7, argv=0x7fffd95703e8, Callback=0x5d0880 <LLVMFuzzerTestOneInput(unsigned char const*, unsigned long)>) #43 0x00000000005598cf in main (argc=7, argv=0x7fffd95703e8) at /home/brian/tmp/testing/llvm_src//llvm/lib/Fuzzer/FuzzerMain.cpp:19 -------------- next part -------------- #0 atomic_exchange<__sanitizer::atomic_uint32_t> (mo=__sanitizer::memory_order_acquire, v=2, a=0x640000001290) #1 __sanitizer::BlockingMutex::Lock (this=this at entry=0x640000001290) at /home/brian/tmp/testing/llvm_src/llvm/projects/compiler-rt...