<div dir="ltr">Interesting. <div>This is a relatively new addition (fsanitize-coverage=pc-tables, which is now a part of -fsanitize=fuzzer). </div><div>The tests worked (did they? On Mac?) so I thought everything is ok. </div><div>Yea, we need to make sure the pc-tables are not stripped (this is a separate section with globals). </div><div>(I still haven't documented pc-tables, will do soon)</div><div><br></div>Do you know what's the analog of Wl,-dead_strip on Linux?<div><br></div><div>--kcc <br> <div><br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Aug 24, 2017 at 2:49 PM, Justin Bogner <span dir="ltr"><<a href="mailto:mail@justinbogner.com" target="_blank">mail@justinbogner.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">George Karpenkov <<a href="mailto:ekarpenkov@apple.com">ekarpenkov@apple.com</a>> writes:<br>
> OK so with Kuba’s help I’ve found the error: with optimization, dead<br>
> stripping of produced libraries is enabled,<br>
> which removes coverage instrumentation.<br>
><br>
> However, this has nothing to do with the move to compiler-rt, so I’m<br>
> quite skeptical on whether it has worked<br>
> beforehand.<br>
><br>
> A trivial fix is to do:<br>
><br>
> diff --git a/cmake/modules/<wbr>HandleLLVMOptions.cmake b/cmake/modules/<wbr>HandleLLVMOptions.cmake<br>
> index 04596a6ff63..5465d8d95ba 100644<br>
> --- a/cmake/modules/<wbr>HandleLLVMOptions.cmake<br>
> +++ b/cmake/modules/<wbr>HandleLLVMOptions.cmake<br>
> @@ -665,6 +665,9 @@ if(LLVM_USE_SANITIZER)<br>
> endif()<br>
> if (LLVM_USE_SANITIZE_COVERAGE)<br>
> append("-fsanitize=fuzzer-no-<wbr>link" CMAKE_C_FLAGS CMAKE_CXX_FLAGS)<br>
> +<br>
> + # Dead stripping messes up coverage instrumentation.<br>
> + set(LLVM_NO_DEAD_STRIP ON)<br>
> endif()<br>
> endif()<br>
><br>
> Any arguments against that?<br>
<br>
</span>We shouldn't do this. We really only want to prevent dead stripping of<br>
the counters themselves - disabling it completely isn't very nice.<br>
<span class=""><br>
> Apparently, a better way is to follow ASAN instrumentation pass,<br>
> which uses some magic to protect against dead-stripping.<br>
<br>
</span>I thought this was already being done - how else did it work before?<br>
<div class="HOEnZb"><div class="h5"><br>
>> On Aug 24, 2017, at 11:29 AM, Justin Bogner <<a href="mailto:mail@justinbogner.com">mail@justinbogner.com</a>> wrote:<br>
>><br>
>> (kcc, george: sorry for the re-send, the first was from a non-list email<br>
>> address)<br>
>><br>
>> My configuration for building the fuzzers in the LLVM tree doesn't seem to<br>
>> work any more (possibly as of moving libFuzzer to compiler-rt, but there<br>
>> have been a few other changes in the last week or so that may be related).<br>
>><br>
>> I'm building with a fresh top-of-tree clang and setting<br>
>> -DLLVM_USE_SANITIZER=Address and -DLLVM_USE_SANITIZE_COVERAGE=<wbr>On, which<br>
>> was working before:<br>
>><br>
>> % cmake -GNinja \<br>
>> -DCMAKE_BUILD_TYPE=Release -DLLVM_ENABLE_ASSERTIONS=On \<br>
>> -DLLVM_ENABLE_WERROR=On \<br>
>> -DLLVM_USE_SANITIZER=Address -DLLVM_USE_SANITIZE_COVERAGE=<wbr>On \<br>
>> -DCMAKE_C_COMPILER=$HOME/llvm-<wbr>lkgc/bin/clang \<br>
>> $HOME/code/llvm-src<br>
>><br>
>> But when I run any of the fuzzers, it looks like the sanitizer coverage<br>
>> hasn't been set up correctly:<br>
>><br>
>> % ./bin/llvm-as-fuzzer 2017-08-24 11:14:33<br>
>> INFO: Seed: 4089166883<br>
>> INFO: Loaded 1 modules (50607 guards): 50607 [0x10e14ef80, 0x10e18063c),<br>
>> INFO: Loaded 1 PC tables (0 PCs): 0 [0x10e2870a8,0x10e2870a8),<br>
>> ERROR: The size of coverage PC tables does not match the number of instrumented PCs. This might be a bug in the compiler, please contact the libFuzzer developers.<br>
>><br>
>> From the build logs, it looks like we're now building objects with these<br>
>> sanitizer flags:<br>
>><br>
>> -fsanitize=address<br>
>> -fsanitize-address-use-after-<wbr>scope<br>
>> -fsanitize=fuzzer-no-link<br>
>><br>
>> We're then linking the fuzzer binaries with these:<br>
>><br>
>> -fsanitize=address<br>
>> -fsanitize-address-use-after-<wbr>scope<br>
>> -fsanitize=fuzzer-no-link<br>
>> -fsanitize=fuzzer<br>
>><br>
>> Any idea what's wrong or where to start looking?<br>
</div></div></blockquote></div><br></div>