Update AFL++ commit id #9461
Update AFL++ commit id #9461
Conversation
|
/gcbrun trial_build.py all --sanitizer coverage --fuzzing-engine afl |
|
/gcbrun trial_build.py skcms --sanitizer address --fuzzing-engine libfuzzer |
|
/gcbrun trial_build.py all --sanitizer address --fuzzing-engine afl |
|
This breaks three projects. Because the breakage is a runtime, I'm a little nervous about merging this. maybe worth looking into why they break: tor, woff2, pcre2 To repro: |
Oh, sorry if I misunderstood. |
|
yes it is the most current state :) |
|
poppler seems to fail again but it's a different issue and it passed once. I'm going to ignore that. immer - is broken outside of this PR.failed to parse default search paths from compiler output |
| @@ -16,8 +16,8 @@ | |||
| ################################################################################ | |||
|
|
|||
| # Temporarily disable randomization and enforce a safe and sane setup | |||
| export AFL_SKIP_OSSFUZZ=1 | |||
There was a problem hiding this comment.
Is this reenabling randomization? I don't want to do this, sorry
There was a problem hiding this comment.
It does not but however set this made a m mistake which cost afl++ a lot of effectiveness. In the future it is better to talk to me about changes.
There was a problem hiding this comment.
Sorry, I'm not great at bash, but this change seems to the block here to be taken and thus randomization being reenabled. Am I misunderstanding something?
There was a problem hiding this comment.
Ah you talk about the ossfuzz skip, you are right that this enables randomization. When I enabled this it was because nobody told me that this was necessary. It looked like a mistake because the line below is. Classic instrumentation is a very bad idea. In cases where targets do asm stuff a target specific “native” should be used
There was a problem hiding this comment.
This pr is now 4 months old and I am not at my computer so I have little memory on this … ;)
There was a problem hiding this comment.
Sure. Let me skip the randomization and try again.
|
If this doesn't reenable randomization, I'm fine with it, and will merge. I don't want randomization reenabled because it's too frustrating for devs to debug builds. |
|
/gcbrun trial_build.py all --fuzzing-engine afl --sanitizer address |
Amazing, thanks! |
|
All of these failures look spurious. |
|
yay! :) sorry for the mix up about the random compile option feature. |
|
Looks like this has issues building libevent for us? Not sure how to get the config log out of there. cc @dergoegge @fanquake As a workaround we can revert thin LTO. |
LTO=1 temporarily disabled due to #9461 (comment) Also, avoid wasting storage space on a docker layer by merging the two layers. cc @dergoegge @fanquake
configure:3759: checking whether the C compiler works
configure:3781: /src/aflplusplus/afl-clang-fast -O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unsigned-integer-overflow,unreachable,vla-bound,vptr -fno-sanitize-recover=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr -I/src/bitcoin-core/depends/x86_64-pc-linux-gnu/include -D_FORTIFY_SOURCE=3 -flto=thin -L/src/bitcoin-core/depends/x86_64-pc-linux-gnu/lib conftest.c >&5
/usr/bin/ld: error: LLVM gold plugin: Invalid record (Producer: 'LLVM15.0.0git' Reader: 'LLVM 15.0.0git')
clang-15: error: linker command failed with exit code 1 (use -v to see invocation)
configure:3785: $? = 1
configure:3823: result: no |
|
an alternative solution is to set the problem is that pcguard 15+ produces code specific to an llvm version as it seems, and we do not build our pcguard to the specific variant of what llvm 15+ expects this breaks. this will be quite an effort to have an own pcguard that changes behaviour based on the llvm version used ... for the time being I will make a PR to oss-fuzz that switches to llvm native instrumentation. that will be a 3%+ performance decrease though as ours is quite a bit better. |
|
@vanhauser-thc thanks for following up.
I can confirm that using |
Only for merge after google#10427, which fixes the issue we saw: google#9461 (comment).
For merge after #10427, which fixes the issue we saw with AFL++: #9461 (comment). cc @MarcoFalke @dergoegge
minor fixes and enhancements. does not depend on the PR in clusterfuzz.