[llvm-dev] Fuzzing complex programs

Thu Sep 3 10:25:42 PDT 2015

On Thu, Sep 3, 2015 at 6:55 AM, mats petersson via llvm-dev <
llvm-dev at lists.llvm.org> wrote:

> I'm fairly sure your compiler (or rather linker) errors are coming from
> the fact that you are not linking to the C++ runtime library. Use `clang++
> -std=c++11 *.o`, and I'm reasonably sure it will do what you want.
>

Correct.

>
> --
> Mats
>
> On 3 September 2015 at 12:26, Greg Stark via llvm-dev <
> llvm-dev at lists.llvm.org> wrote:
>
>> On Sun, Aug 30, 2015 at 3:30 PM, Greg Stark <stark at mit.edu> wrote:
>> > To do this effectively I think it would be best to invoke the fuzzer
>> > from inside Postgres. Essentially provide bindings for Libfuzzer so
>> > you can I can have Libfuzzer provide all the test cases to repeatedly
>> > call the internal functions on.
>> >
>> > Is there any example of doing something like this already? Am I taking
>> > a crazy approach?
>>
>>
>> So on further inspection it seems the API I want, at least for the
>> in-process plan is mostly there in LLVMFuzzerNoMain. It would be nice
>> if I could call the driver with a function pointer and void* and it
>> would call my callback passing that closure along with the fuzzed
>> input. But I can probably work around that with a global variable.
>>
>
Not sure I understood this correctly.
Example?

>
>> I'm actually kind of frustrated by a more basic problem. The build
>> system. It seems LibFuzzer is meant to be compiled as part of LLVM but
>> it didn't get compiled when I built LLVM because I didn't build it
>> with sanitize-coverage enabled. Now I can't get it to build because I
>> get errors like:
>>
>> $ for i in *.cpp ; do clang -c -std=c++11 $i ; done
>> $ clang -std=c++11 *.o
>> FuzzerDriver.o: In function `fuzzer::ReadTokensFile(char const*)':
>> FuzzerDriver.cpp:(.text+0x56): undefined reference to
>> `std::allocator<char>::allocator()'
>> FuzzerDriver.cpp:(.text+0x6d): undefined reference to
>> `std::__cxx11::basic_string<char, std::char_traits<char>,
>> std::allocator<char> >::basic_string(char const*, std::allocator<char>
>> const&)'
>> FuzzerDriver.cpp:(.text+0x8d): undefined reference to
>> `std::__cxx11::basic_string<char, std::char_traits<char>,
>> std::allocator<char> >::~basic_string()'
>> FuzzerDriver.cpp:(.text+0x96): undefined reference to
>> `std::allocator<char>::~allocator()'
>> FuzzerDriver.cpp:(.text+0xab): undefined reference to
>> `std::__cxx11::basic_istringstream<char, std::char_traits<char>,
>> std::allocator<char>
>> >::basic_istringstream(std::__cxx11::basic_string<char,
>> std::char_traits<char>, std::allocator<char> > const&,
>> std::_Ios_Openmode)'
>> FuzzerDriver.cpp:(.text+0x14c): undefined reference to
>> `std::allocator<char>::allocator()'
>> FuzzerDriver.cpp:(.text+0x166): undefined reference to
>> `std::__cxx11::basic_string<char, std::char_traits<char>,
>> std::allocator<char> >::basic_string(char const*, std::allocator<char>
>> const&)'
>> FuzzerDriver.cpp:(.text+0x18f): undefined reference to
>> `std::__cxx11::basic_string<char, std::char_traits<char>,
>> std::allocator<char> >::~basic_string()'
>>
>> And I get similar errors if I try to build it using the LLVM CMake
>> generated makefiles (after running "cmake
>> -DLLVM_USE_SANITIZE_COVERAGE=1" in the LibFuzzer directory), in fact I
>> get errors that I need -std=c++11. Do I need to recompile *all* of
>> llvm as if I was going to fuzz LLVM just to get libfuzzer built?
>>
>> --
>> greg
>> _______________________________________________
>> LLVM Developers mailing list
>> llvm-dev at lists.llvm.org
>> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
>>
>
>
> _______________________________________________
> LLVM Developers mailing list
> llvm-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150903/c1fb7cf4/attachment.html>