[lld] r308809 - Don't crash on an empty section with an ALIGN.

George Rimar via llvm-commits llvm-commits at lists.llvm.org
Mon Jul 24 08:52:45 PDT 2017

>>><llvm-commits at lists.llvm.org> wrote:
>>>> I noticed that during last weeks we had several fixes committed to fix LLD crashes
>>>> because of uncommon scripts. Like this one or discarding synthetic sections earlier.
>>>> About a year ago we used AFL (http://lcamtuf.coredump.cx/afl/) for fuzzing LLD.
>>>> That time we fuzzed input objects (binaries).
>>>> As far I know it is possible to teach AFL about some syntax and provide a dictionary of keywords,
>>>> and as a result it probably should be able to generate and test linkerscripts.
>>>> Which probably can reveal more uncommon cases leading to crashes/hangs may be.
>>>It shouldn't be particularly hard to do mutation based on the linker
>>>script grammar.
>>>Maybe you can use `libFuzzer`, but I havne't looked into it (IIRC Peter did).
>>>You can also try something like what's described in
>>>"Skeletal Program Enumeration for Rigorous Compiler Testing"
>>>https://arxiv.org/abs/1610.03148 . For your first run(s), you can
>>>probably ignore scoping, and just swap, e.g. directives.
>> Yep, I do not expect mutation be hard to do. Never tried this before though.
>> Also never used libFuzzer, will take a look on it and that link tomorrow.
>> Then probably try to do dome trivial mutation to check how it works in general.
>Please note that this is a completely different kind of work compared
>to what we did last year.
>In fact, while in the linker input case you can just "tolerate"
>crashes, because the output of the compiler is the input to the linker
>(garbage-in garbage-out), here you have human input (i.e. the linker
>script tests).
>We could try to never crash on invalid linker scripts and emit a sane
>diagnostic instead, if possible.

Yeah, thats exactly what I was thinking about :) 
Honestly at previous week I tried to do quick AFL run out of curiosity
to check what happen with current LLD. I mutated testcase objects,
just like the year ago. After 10h run it found few crashes, but after review
of them I found it will probably be hard to justify and land fixes. 

And scripts are really different at this point. 
I agree that we should never crashs/hang for them.


More information about the llvm-commits mailing list