-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update AFL++ commit id #9461
Update AFL++ commit id #9461
Conversation
/gcbrun trial_build.py all --sanitizer coverage --fuzzing-engine afl |
/gcbrun trial_build.py skcms --sanitizer address --fuzzing-engine libfuzzer |
/gcbrun trial_build.py all --sanitizer address --fuzzing-engine afl |
This breaks three projects. Because the breakage is a runtime, I'm a little nervous about merging this. maybe worth looking into why they break:
tor, woff2, pcre2 To repro:
|
Oh, sorry if I misunderstood. |
yes it is the most current state :) |
poppler seems to fail again but it's a different issue and it passed once. I'm going to ignore that. immer - is broken outside of this PR.failed to parse default search paths from compiler output |
@@ -16,8 +16,8 @@ | |||
################################################################################ | |||
|
|||
# Temporarily disable randomization and enforce a safe and sane setup | |||
export AFL_SKIP_OSSFUZZ=1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this reenabling randomization? I don't want to do this, sorry
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It does not but however set this made a m mistake which cost afl++ a lot of effectiveness. In the future it is better to talk to me about changes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, I'm not great at bash, but this change seems to the block here to be taken and thus randomization being reenabled. Am I misunderstanding something?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah you talk about the ossfuzz skip, you are right that this enables randomization. When I enabled this it was because nobody told me that this was necessary. It looked like a mistake because the line below is. Classic instrumentation is a very bad idea. In cases where targets do asm stuff a target specific “native” should be used
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This pr is now 4 months old and I am not at my computer so I have little memory on this … ;)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure. Let me skip the randomization and try again.
If this doesn't reenable randomization, I'm fine with it, and will merge. I don't want randomization reenabled because it's too frustrating for devs to debug builds. |
/gcbrun trial_build.py all --fuzzing-engine afl --sanitizer address |
Amazing, thanks! |
All of these failures look spurious. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
yay! :) sorry for the mix up about the random compile option feature. |
Looks like this has issues building libevent for us?
Not sure how to get the config log out of there. cc @dergoegge @fanquake As a workaround we can revert thin LTO. |
LTO=1 temporarily disabled due to #9461 (comment) Also, avoid wasting storage space on a docker layer by merging the two layers. cc @dergoegge @fanquake
configure:3759: checking whether the C compiler works
configure:3781: /src/aflplusplus/afl-clang-fast -O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unsigned-integer-overflow,unreachable,vla-bound,vptr -fno-sanitize-recover=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr -I/src/bitcoin-core/depends/x86_64-pc-linux-gnu/include -D_FORTIFY_SOURCE=3 -flto=thin -L/src/bitcoin-core/depends/x86_64-pc-linux-gnu/lib conftest.c >&5
/usr/bin/ld: error: LLVM gold plugin: Invalid record (Producer: 'LLVM15.0.0git' Reader: 'LLVM 15.0.0git')
clang-15: error: linker command failed with exit code 1 (use -v to see invocation)
configure:3785: $? = 1
configure:3823: result: no |
an alternative solution is to set the problem is that pcguard 15+ produces code specific to an llvm version as it seems, and we do not build our pcguard to the specific variant of what llvm 15+ expects this breaks. this will be quite an effort to have an own pcguard that changes behaviour based on the llvm version used ... for the time being I will make a PR to oss-fuzz that switches to llvm native instrumentation. that will be a 3%+ performance decrease though as ours is quite a bit better. |
@vanhauser-thc thanks for following up.
I can confirm that using |
Only for merge after google#10427, which fixes the issue we saw: google#9461 (comment).
For merge after #10427, which fixes the issue we saw with AFL++: #9461 (comment). cc @MarcoFalke @dergoegge
minor fixes and enhancements. does not depend on the PR in clusterfuzz.