<div dir="ltr">Kostya,<div><br></div><div>I took a quick stab at patching libFuzzer for Apple, but so far I'm thinking something else is incorrect. Patch is attached but when I went to reproduce the examples, the toy example went fine, but with PCRE and Heartbleed I noticed the coverage statistics were pretty poor, and didn't find anything. Admittedly I moved onto Heartbleed pretty quickly so PCRE probably isn't the best judge. But here's a sample log from the Heartbleed session (they were all similar):</div><div><br></div><div><p style="margin:0px;font-size:12px;font-family:'Andale Mono';color:rgb(41,249,20);background-color:rgb(0,0,0)">$ cat fuzz-11.log </p>
<p style="margin:0px;font-size:12px;font-family:'Andale Mono';color:rgb(41,249,20);background-color:rgb(0,0,0)">Seed: 3157140177</p>
<p style="margin:0px;font-size:12px;font-family:'Andale Mono';color:rgb(41,249,20);background-color:rgb(0,0,0)">SetTimer 601</p>
<p style="margin:0px;font-size:12px;font-family:'Andale Mono';color:rgb(41,249,20);background-color:rgb(0,0,0)">PreferSmall: 1</p>
<p style="margin:0px;font-size:12px;font-family:'Andale Mono';color:rgb(41,249,20);background-color:rgb(0,0,0)">#0<span class="" style="white-space:pre"> </span>READ cov 0 bits 0 units 1 exec/s 0 </p>
<p style="margin:0px;font-size:12px;font-family:'Andale Mono';color:rgb(41,249,20);background-color:rgb(0,0,0)">#1<span class="" style="white-space:pre"> </span>pulse cov 0 bits 0 units 1 exec/s 0 </p>
<p style="margin:0px;font-size:12px;font-family:'Andale Mono';color:rgb(41,249,20);background-color:rgb(0,0,0)">#1<span class="" style="white-space:pre"> </span>INITED cov 0 bits 0 units 0 exec/s 0 </p>
<p style="margin:0px;font-size:12px;font-family:'Andale Mono';color:rgb(41,249,20);background-color:rgb(0,0,0)">Done 1 runs in 4 second(s)</p></div><div><br></div><div><br></div><div>Any thoughts? Obviously I'm not attached to anything in the patch, just trying to get something working on OS X.</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jul 8, 2015 at 11:42 AM, Juan Ceasar <span dir="ltr"><<a href="mailto:juan.d.ceasar@gmail.com" target="_blank">juan.d.ceasar@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Thanks! I'll give it a shot and see what I can do to give some patches back.</div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jul 8, 2015 at 9:42 AM, Alexander Potapenko <span dir="ltr"><<a href="mailto:glider@google.com" target="_blank">glider@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">FWIW see also <a href="http://lists.cs.uiuc.edu/pipermail/cfe-dev/2015-June/043301.html" rel="noreferrer" target="_blank">http://lists.cs.uiuc.edu/pipermail/cfe-dev/2015-June/043301.html</a><br>
As far as I understand DFSan functionality isn't required for<br>
libFuzzer to work, so it should be safe to disable DFSan support on<br>
Mac.<br>
<span><br>
On Wed, Jul 8, 2015 at 7:45 AM, Kostya Serebryany <<a href="mailto:kcc@google.com" target="_blank">kcc@google.com</a>> wrote:<br>
</span><div><div>> +pcc , glider<br>
><br>
> On Mon, Jul 6, 2015 at 12:59 PM, Juan Ceasar <<a href="mailto:juan.d.ceasar@gmail.com" target="_blank">juan.d.ceasar@gmail.com</a>><br>
> wrote:<br>
>><br>
>> Afternoon,<br>
>><br>
>> I had an issue with trying to link a program with the DataFlowSanitizer<br>
>> functionality, this is from the libFuzzer project, and I was seeing:<br>
>><br>
>> clang++ -fsanitize=address -fsanitize-coverage=edge test_fuzzer.cc<br>
>> Fuzzer*.o<br>
>><br>
>> Undefined symbols for architecture x86_64:<br>
>><br>
>> "_dfsan_create_label", referenced from:<br>
>><br>
>> fuzzer::TraceState::DFSanCmpCallback(unsigned long, unsigned long,<br>
>> unsigned long, unsigned long long, unsigned long long, unsigned short,<br>
>> unsigned short) in FuzzerTraceState.o<br>
>><br>
>> fuzzer::Fuzzer::InitializeTraceState() in FuzzerTraceState.o<br>
>><br>
>> "_dfsan_get_label_info", referenced from:<br>
>><br>
>> fuzzer::TraceState::GetLabelRange(unsigned short) in<br>
>> FuzzerTraceState.o<br>
>><br>
>> .....<br>
>><br>
>> But then looking at the docs:<br>
>> <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__clang.llvm.org_docs_DataFlowSanitizer.html&d=AwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=Mfk2qtn1LTDThVkh6-oGglNfMADXfJdty4_bhmuhMHA&m=sQoqGAIguHOsuIhAyZ9qA4cp4Gz3X2s0mJIZWLwMBMk&s=nssR1W-UJqtqm8CcYUIAK6HRUftgKbrTVkfJgZmI5QE&e=" rel="noreferrer" target="_blank">http://clang.llvm.org/docs/DataFlowSanitizer.html</a><br>
>><br>
>> It appears that this is only supported under Linux? Is that right?<br>
>><br>
><br>
> Correct. AFAICT, DFSan was only tested on Linux.<br>
> It is quite hard to make it work on Mac because there are too many closed<br>
> source libraries there.<br>
> Nothing impossible though -- it's just that nobody has worked on it.<br>
><br>
> libFuzzer was also never tested on Mac, but I think it should be trivial to<br>
> make it work there.<br>
> I suspect that the errors you see are caused by the weak function<br>
> declarations which don't (???) work on Mac.<br>
> You'll need to #ifdef the weak functions on Mac somehow. Patches and Mac<br>
> buildbots are welcome :)<br>
><br>
> --kcc<br>
><br>
>><br>
>><br>
>><br>
>> _______________________________________________<br>
>> LLVM Developers mailing list<br>
>> <a href="mailto:LLVMdev@cs.uiuc.edu" target="_blank">LLVMdev@cs.uiuc.edu</a> <a href="http://llvm.cs.uiuc.edu" rel="noreferrer" target="_blank">http://llvm.cs.uiuc.edu</a><br>
>> <a href="http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev" rel="noreferrer" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev</a><br>
>><br>
><br>
<br>
<br>
<br>
</div></div><span><font color="#888888">--<br>
Alexander Potapenko<br>
Software Engineer<br>
<br>
Google Germany GmbH<br>
Dienerstraße 12<br>
80331 München<br>
</font></span></blockquote></div><br></div>
</div></div></blockquote></div><br></div>