<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Aug 24, 2017 at 3:16 PM, Kostya Serebryany <span dir="ltr"><<a href="mailto:kcc@google.com" target="_blank">kcc@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">With -Wl,-gc-sections I get this: <div><div>SimpleTest.cpp:(.text.sancov.<wbr>module_ctor[sancov.module_<wbr>ctor]+0x1b): undefined reference to `__start___sancov_pcs'</div><div>SimpleTest.cpp:(.text.sancov.<wbr>module_ctor[sancov.module_<wbr>ctor]+0x20): undefined reference to `__stop___sancov_pcs'</div></div></div></blockquote><div><br></div><div>This happens only with 'ld'. </div><div>lld and gold are fine. </div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><br></div><div><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Aug 24, 2017 at 3:07 PM, George Karpenkov <span dir="ltr"><<a href="mailto:ekarpenkov@apple.com" target="_blank">ekarpenkov@apple.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><br><div><span><blockquote type="cite"><div>On Aug 24, 2017, at 2:55 PM, Kostya Serebryany <<a href="mailto:kcc@google.com" target="_blank">kcc@google.com</a>> wrote:</div><br class="m_-661722199526222090m_-5514399190065812133Apple-interchange-newline"><div><div dir="ltr">Interesting. <div>This is a relatively new addition (fsanitize-coverage=pc-tables, which is now a part of -fsanitize=fuzzer). </div><div>The tests worked (did they? On Mac?) so I thought everything is ok. </div></div></div></blockquote><div><br></div></span><div>For tests we never compile the tested target with -O3 (and that wouldn’t be sufficient),</div><div>and for testing fuzzers I was always building them in debug </div><span><br><blockquote type="cite"><div><div dir="ltr"><div>Yea, we need to make sure the pc-tables are not stripped (this is a separate section with globals). </div><div>(I still haven't documented pc-tables, will do soon)</div></div></div></blockquote><br><blockquote type="cite"><div><div dir="ltr">Do you know what's the analog of Wl,-dead_strip on Linux?</div></div></blockquote><div><br></div></span>Apparently -Wl,—gc-sections.</div><div>For some reason LLVM does not do it for gold, even though it seems to support this flag as well.</div><div>(that could be another reason why you don’t see the failure on Linux)</div><div><div><br></div><div><div style="margin:0px;line-height:normal;font-family:Courier;color:rgb(255,135,0);background-color:rgb(18,18,18)"><span style="color:rgb(188,188,188);background-color:rgb(48,48,48)"> 1 </span><span style="color:rgb(215,0,95)"><b>if</b></span><span style="font-kerning:none">(</span><span style="color:rgb(215,0,95)">NOT</span><span style="font-kerning:none"> LLVM_NO_DEAD_STRIP)</span></div><div style="margin:0px;line-height:normal;font-family:Courier;color:rgb(95,215,255);background-color:rgb(18,18,18)"><span style="color:rgb(188,188,188);background-color:rgb(48,48,48)"> 2 </span><span style="color:rgb(208,208,208)"> </span><span style="color:rgb(215,0,95)"><b>if</b></span><span style="color:rgb(255,135,0)">(</span><span style="font-kerning:none">${CMAKE_SYSTEM_NAME}</span><span style="color:rgb(255,135,0)"> </span><span style="color:rgb(215,0,95)">MATCHES</span><span style="color:rgb(255,135,0)"> </span><span style="color:rgb(175,175,135)">"Darwin"</span><span style="color:rgb(255,135,0)">)</span></div><div style="margin:0px;line-height:normal;font-family:Courier;color:rgb(95,95,95);background-color:rgb(18,18,18)"><span style="color:rgb(188,188,188);background-color:rgb(48,48,48)"> 3 </span><span style="color:rgb(208,208,208)"> </span><span style="font-kerning:none"># ld64's implementation of -dead_strip breaks tools that use plugins.</span></div><div style="margin:0px;line-height:normal;font-family:Courier;color:rgb(255,135,0);background-color:rgb(18,18,18)"><span style="color:rgb(188,188,188);background-color:rgb(48,48,48)"> 4 </span><span style="color:rgb(208,208,208)"> set_property</span><span style="font-kerning:none">(TARGET </span><span style="color:rgb(95,215,255)">${target_name}</span><span style="font-kerning:none"> APPEND_STRING PROPERTY</span></div><div style="margin:0px;line-height:normal;font-family:Courier;color:rgb(255,135,0);background-color:rgb(18,18,18)"><span style="color:rgb(188,188,188);background-color:rgb(48,48,48)"> 5 </span><span style="font-kerning:none"> LINK_FLAGS </span><span style="color:rgb(175,175,135)">" -Wl,-dead_strip"</span><span style="font-kerning:none">)</span></div><div style="margin:0px;line-height:normal;font-family:Courier;color:rgb(95,215,255);background-color:rgb(18,18,18)"><span style="color:rgb(188,188,188);background-color:rgb(48,48,48)"> 6 </span><span style="color:rgb(208,208,208)"> </span><span style="color:rgb(215,0,95)"><b>elseif</b></span><span style="color:rgb(255,135,0)">(</span><span style="font-kerning:none">${CMAKE_SYSTEM_NAME}</span><span style="color:rgb(255,135,0)"> </span><span style="color:rgb(215,0,95)">MATCHES</span><span style="color:rgb(255,135,0)"> </span><span style="color:rgb(175,175,135)">"SunOS"</span><span style="color:rgb(255,135,0)">)</span></div><div style="margin:0px;line-height:normal;font-family:Courier;color:rgb(255,135,0);background-color:rgb(18,18,18)"><span style="color:rgb(188,188,188);background-color:rgb(48,48,48)"> 7 </span><span style="color:rgb(208,208,208)"> set_property</span><span style="font-kerning:none">(TARGET </span><span style="color:rgb(95,215,255)">${target_name}</span><span style="font-kerning:none"> APPEND_STRING PROPERTY</span></div><div style="margin:0px;line-height:normal;font-family:Courier;color:rgb(175,175,135);background-color:rgb(18,18,18)"><span style="color:rgb(188,188,188);background-color:rgb(48,48,48)"> 8 </span><span style="color:rgb(255,135,0)"> LINK_FLAGS </span><span style="font-kerning:none">" -Wl,-z -Wl,discard-unused=sections"</span><span style="color:rgb(255,135,0)">)</span></div><div style="margin:0px;line-height:normal;font-family:Courier;color:rgb(255,135,0);background-color:rgb(18,18,18)"><span style="color:rgb(188,188,188);background-color:rgb(48,48,48)"> 9 </span><span style="color:rgb(208,208,208)"> </span><span style="color:rgb(215,0,95)"><b>elseif</b></span><span style="font-kerning:none">(</span><span style="color:rgb(215,0,95)">NOT</span><span style="font-kerning:none"> </span><span style="color:rgb(208,208,208)">WIN32</span><span style="font-kerning:none"> </span><span style="color:rgb(215,0,95)">AND</span><span style="font-kerning:none"> </span><span style="color:rgb(215,0,95)">NOT</span><span style="font-kerning:none"> LLVM_LINKER_IS_GOLD)</span></div><div style="margin:0px;line-height:normal;font-family:Courier;color:rgb(95,95,95);background-color:rgb(18,18,18)"><span style="color:rgb(188,188,188);background-color:rgb(48,48,48)">10 </span><span style="color:rgb(208,208,208)"> </span><span style="font-kerning:none"># Object files are compiled with -ffunction-data-sections.</span></div><div style="margin:0px;line-height:normal;font-family:Courier;color:rgb(95,95,95);background-color:rgb(18,18,18)"><span style="color:rgb(188,188,188);background-color:rgb(48,48,48)">11 </span><span style="color:rgb(208,208,208)"> </span><span style="font-kerning:none"># Versions of bfd ld < 2.23.1 have a bug in --gc-sections that breaks</span></div><div style="margin:0px;line-height:normal;font-family:Courier;color:rgb(95,95,95);background-color:rgb(18,18,18)"><span style="color:rgb(188,188,188);background-color:rgb(48,48,48)">12 </span><span style="color:rgb(208,208,208)"> </span><span style="font-kerning:none"># tools that use plugins. Always pass --gc-sections once we require</span></div><div style="margin:0px;line-height:normal;font-family:Courier;color:rgb(95,95,95);background-color:rgb(18,18,18)"><span style="color:rgb(188,188,188);background-color:rgb(48,48,48)">13 </span><span style="color:rgb(208,208,208)"> </span><span style="font-kerning:none"># a newer linker.</span></div><div style="margin:0px;line-height:normal;font-family:Courier;color:rgb(255,135,0);background-color:rgb(18,18,18)"><span style="color:rgb(188,188,188);background-color:rgb(48,48,48)">14 </span><span style="color:rgb(208,208,208)"> set_property</span><span style="font-kerning:none">(TARGET </span><span style="color:rgb(95,215,255)">${target_name}</span><span style="font-kerning:none"> APPEND_STRING PROPERTY</span></div><div style="margin:0px;line-height:normal;font-family:Courier;color:rgb(255,135,0);background-color:rgb(18,18,18)"><span style="color:rgb(188,188,188);background-color:rgb(48,48,48)">15 </span><span style="font-kerning:none"> LINK_FLAGS </span><span style="color:rgb(175,175,135)">" -Wl,--gc-sections"</span><span style="font-kerning:none">)</span></div><div style="margin:0px;line-height:normal;font-family:Courier;color:rgb(215,0,95);background-color:rgb(18,18,18)"><span style="color:rgb(188,188,188);background-color:rgb(48,48,48)">16 </span><span style="color:rgb(208,208,208)"> </span><span style="font-kerning:none"><b>endif</b></span><span style="color:rgb(255,135,0)">()</span></div><div style="margin:0px;line-height:normal;font-family:Courier;color:rgb(215,0,95);background-color:rgb(18,18,18)"><span style="color:rgb(188,188,188);background-color:rgb(48,48,48)">17 </span><span style="font-kerning:none"><b>endif</b></span><span style="color:rgb(255,135,0)">()</span></div><div><span style="color:rgb(255,135,0)"><br></span></div></div><div><div class="m_-661722199526222090h5"><br><blockquote type="cite"><div><div dir="ltr"><div><br></div><div>--kcc <br> <div><br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Aug 24, 2017 at 2:49 PM, Justin Bogner <span dir="ltr"><<a href="mailto:mail@justinbogner.com" target="_blank">mail@justinbogner.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>George Karpenkov <<a href="mailto:ekarpenkov@apple.com" target="_blank">ekarpenkov@apple.com</a>> writes:<br>
> OK so with Kuba’s help I’ve found the error: with optimization, dead<br>
> stripping of produced libraries is enabled,<br>
> which removes coverage instrumentation.<br>
><br>
> However, this has nothing to do with the move to compiler-rt, so I’m<br>
> quite skeptical on whether it has worked<br>
> beforehand.<br>
><br>
> A trivial fix is to do:<br>
><br>
> diff --git a/cmake/modules/HandleLLVMOpti<wbr>ons.cmake b/cmake/modules/HandleLLVMOpti<wbr>ons.cmake<br>
> index 04596a6ff63..5465d8d95ba 100644<br>
> --- a/cmake/modules/HandleLLVMOpti<wbr>ons.cmake<br>
> +++ b/cmake/modules/HandleLLVMOpti<wbr>ons.cmake<br>
> @@ -665,6 +665,9 @@ if(LLVM_USE_SANITIZER)<br>
> endif()<br>
> if (LLVM_USE_SANITIZE_COVERAGE)<br>
> append("-fsanitize=fuzzer-no-l<wbr>ink" CMAKE_C_FLAGS CMAKE_CXX_FLAGS)<br>
> +<br>
> + # Dead stripping messes up coverage instrumentation.<br>
> + set(LLVM_NO_DEAD_STRIP ON)<br>
> endif()<br>
> endif()<br>
><br>
> Any arguments against that?<br>
<br>
</span>We shouldn't do this. We really only want to prevent dead stripping of<br>
the counters themselves - disabling it completely isn't very nice.<br>
<span><br>
> Apparently, a better way is to follow ASAN instrumentation pass,<br>
> which uses some magic to protect against dead-stripping.<br>
<br>
</span>I thought this was already being done - how else did it work before?<br>
<div class="m_-661722199526222090m_-5514399190065812133HOEnZb"><div class="m_-661722199526222090m_-5514399190065812133h5"><br>
>> On Aug 24, 2017, at 11:29 AM, Justin Bogner <<a href="mailto:mail@justinbogner.com" target="_blank">mail@justinbogner.com</a>> wrote:<br>
>><br>
>> (kcc, george: sorry for the re-send, the first was from a non-list email<br>
>> address)<br>
>><br>
>> My configuration for building the fuzzers in the LLVM tree doesn't seem to<br>
>> work any more (possibly as of moving libFuzzer to compiler-rt, but there<br>
>> have been a few other changes in the last week or so that may be related).<br>
>><br>
>> I'm building with a fresh top-of-tree clang and setting<br>
>> -DLLVM_USE_SANITIZER=Address and -DLLVM_USE_SANITIZE_COVERAGE=O<wbr>n, which<br>
>> was working before:<br>
>><br>
>> % cmake -GNinja \<br>
>> -DCMAKE_BUILD_TYPE=Release -DLLVM_ENABLE_ASSERTIONS=On \<br>
>> -DLLVM_ENABLE_WERROR=On \<br>
>> -DLLVM_USE_SANITIZER=Address -DLLVM_USE_SANITIZE_COVERAGE=O<wbr>n \<br>
>> -DCMAKE_C_COMPILER=$HOME/llvm-<wbr>lkgc/bin/clang \<br>
>> $HOME/code/llvm-src<br>
>><br>
>> But when I run any of the fuzzers, it looks like the sanitizer coverage<br>
>> hasn't been set up correctly:<br>
>><br>
>> % ./bin/llvm-as-fuzzer 2017-08-24 11:14:33<br>
>> INFO: Seed: 4089166883<br>
>> INFO: Loaded 1 modules (50607 guards): 50607 [0x10e14ef80, 0x10e18063c),<br>
>> INFO: Loaded 1 PC tables (0 PCs): 0 [0x10e2870a8,0x10e2870a8),<br>
>> ERROR: The size of coverage PC tables does not match the number of instrumented PCs. This might be a bug in the compiler, please contact the libFuzzer developers.<br>
>><br>
>> From the build logs, it looks like we're now building objects with these<br>
>> sanitizer flags:<br>
>><br>
>> -fsanitize=address<br>
>> -fsanitize-address-use-after-s<wbr>cope<br>
>> -fsanitize=fuzzer-no-link<br>
>><br>
>> We're then linking the fuzzer binaries with these:<br>
>><br>
>> -fsanitize=address<br>
>> -fsanitize-address-use-after-s<wbr>cope<br>
>> -fsanitize=fuzzer-no-link<br>
>> -fsanitize=fuzzer<br>
>><br>
>> Any idea what's wrong or where to start looking?<br>
</div></div></blockquote></div><br></div>
</div></blockquote></div></div></div><br></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div></div>