LibFuzzer and platforms availability

Hi there.

I’m trying to use LibFuzzer on OSX and face some issues:
I checked out LibFuzzer documentation[1] and managed to proceed until the final step of the first example.
Now I see linker errors related to dfsan, dfsan’s documentation[2] states explicitly “DataFlowSanitizer is a work in progress, currently under development for x86_64 Linux.”.

Does it mean that LibFuzzer available only on Linux platform? Can somebody confirm or refute my conclusion?

[1] http://llvm.org/docs/LibFuzzer.html
[2] http://clang.llvm.org/docs/DataFlowSanitizer.html

Hi there.

I’m trying to use LibFuzzer on OSX and face some issues:
I checked out LibFuzzer documentation[1] and managed to proceed until the
final step of the first example.
Now I see linker errors related to dfsan, dfsan’s documentation[2] states
explicitly “DataFlowSanitizer is a work in progress, currently under
development for x86_64 Linux.”.

Yes, libFuzzer does not build on OSX today.
Marshall (CC-ed) has managed to make it work with a couple of #ifdefs
in FuzzerTraceState.cpp.

I'll try to commit such patches later this week, but I don't have a Mac so
it will be harder for me to test.
If anyone wants it quicker -- patches are welcome.
I would also appreciate if someone can set up a build bot for libFuzzer on
Mac :slight_smile:
(similar to lab.llvm.org:8011/builders/sanitizer-x86_64-linux-fuzzer)

r247321 refactors the code so that it should build on Mac.
I haven’t actually tested it on Mac – so please help me and send follow up patches if needed.

check-fuzzer will still fail because some of the libFuzzer tests require dfsan.
I’d use some help from someone with a Mac to modify lib/Fuzzer/test/CMakeLists.txt so that it does not run dfsan-dependent tests on Mac.

Thanks,

–kcc

That’s great, thank you for patch.

r247321 refactors the code so that it should build on Mac.
I haven't actually tested it on Mac -- so please help me and send follow up patches if needed.

I can confirm that first example worked as expected (with some additions: '-I path_to_compiler_rt/include' when build LibFuzzer and ‘-lclang_rt.asan_osx_dynamic -L path_to_libs/clang/3.8.0/lib/darwin’).

check-fuzzer will still fail because some of the libFuzzer tests require dfsan.

make doesn’t see check-fuzzer rule, seems it’s disabled somewhere in CMakeLists, I’m going to investigate.

I'll try to commit such patches later this week, but I don't have a Mac so it will be harder for me to test.

Please, don’t hesitate to CC me and I’ll run tests on my machine.

If anyone wants it quicker -- patches are welcome.

I’d be happy to send them, but I know nothing about LibFuzzer internals :slight_smile:

That’s great, thank you for patch.

> r247321 refactors the code so that it should build on Mac.
> I haven't actually tested it on Mac -- so please help me and send follow
up patches if needed.

I can confirm that first example worked as expected (with some additions:
'-I path_to_compiler_rt/include' when build LibFuzzer and
‘-lclang_rt.asan_osx_dynamic -L path_to_libs/clang/3.8.0/lib/darwin’).

Weird. This should not be needed if -fsanitize=address is provided to the
link command.

> check-fuzzer will still fail because some of the libFuzzer tests require
dfsan.

make doesn’t see check-fuzzer rule, seems it’s disabled somewhere in
CMakeLists, I’m going to investigate.

check-fuzzer appears only with cmake option
-DLLVM_USE_SANITIZE_COVERAGE=YES
See http://llvm.org/docs/LibFuzzer.html#fuzzing-components-of-llvm
I never tried it Mac though

> I'll try to commit such patches later this week, but I don't have a Mac
so it will be harder for me to test.

Please, don’t hesitate to CC me and I’ll run tests on my machine.

> If anyone wants it quicker -- patches are welcome.

I’d be happy to send them, but I know nothing about LibFuzzer internals :slight_smile:

That should be done not in libFuzzer code, but in CMake files in
lib/Fuzzer/test

Actually, all I did was implement an empty DF sanitizer :slight_smile:

extern "C" {

typedef uint16_t dfsan_label;

struct dfsan_label_info {
// Fields for union labels, set to 0 for base labels.
dfsan_label l1;
dfsan_label l2;

// Fields for base labels.
const char *desc;
void *userdata;
};

dfsan_label dfsan_create_label(const char *desc, void *userdata) { return
0; }

const struct dfsan_label_info *dfsan_get_label_info(dfsan_label label) {
return NULL; }
dfsan_label dfsan_read_label(const void *addr, size_t size) { return 0; }
void dfsan_set_label(dfsan_label label, void *addr, size_t size) {}

}

extern "C" void LLVMFuzzerTestOneInput(const unsigned char *data, size_t
size) {...}

-- Marshall