<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Yeah, at least on mac basically nothing works:<div class=""><br class=""></div><div class=""><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(0, 197, 199); background-color: rgb(0, 0, 0);" class=""><span style="color: #ca30c7" class="">george</span><span style="color: #c7c7c7" class="">@</span><span style="color: #00c200" class="">/Volumes/Transcend/code/llvm</span><span style="color: #c7c7c7" class=""> (</span><span style="color: #00c200" class="">✱</span><span style="color: #c91b00" class="">✖</span><span style="color: #ff77ff" class="">master</span><span style="color: #c7c7c7" class="">)</span><span style="color: #c91b00" class="">✘</span><span style="color: #c7c7c7" class="">≻ </span><span style="color: #ffffff" class="">./release-build/bin/clang</span><span style="color: #c7c7c7" class=""> </span>-O3<span style="color: #c7c7c7" class=""> </span>-isysroot<span style="color: #c7c7c7" class=""> </span><span style="color: #fffc67" class="">(</span><span style="color: #ffffff" class="">xcrun</span><span style="color: #c7c7c7" class=""> </span>--show-sdk-path<span style="color: #fffc67" class="">)</span><span style="color: #c7c7c7" class=""> </span>-fsanitize=fuzzer,address<span style="color: #c7c7c7" class=""> </span>-Wl,-dead_strip<span style="color: #c7c7c7" class=""> </span>projects/compiler-rt/test/fuzzer/StrcmpTest.cpp</div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(0, 194, 0); background-color: rgb(0, 0, 0);" class=""><span style="color: #ca30c7" class="">george</span><span style="color: #c7c7c7" class="">@</span>/Volumes/Transcend/code/llvm<span style="color: #c7c7c7" class=""> (</span>✱<span style="color: #c91b00" class="">✖</span><span style="color: #ff77ff" class="">master</span><span style="color: #c7c7c7" class="">)≻ </span><span style="color: #ffffff" class="">./a.out</span></div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(199, 199, 199); background-color: rgb(0, 0, 0);" class="">INFO: Seed: 3036650336</div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(199, 199, 199); background-color: rgb(0, 0, 0);" class="">INFO: Loaded 1 modules (8 guards): 8 [0x106c2a440, 0x106c2a460),</div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(199, 199, 199); background-color: rgb(0, 0, 0);" class="">INFO: Loaded 1 PC tables (0 PCs): 0 [0x106c2a5d0,0x106c2a5d0),</div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(199, 199, 199); background-color: rgb(0, 0, 0);" class="">ERROR: The size of coverage PC tables does not match the number of instrumented PCs. This might be a bug in the compiler, please contact the libFuzzer developers.</div><div style="margin: 0px; line-height: normal; font-family: Monaco; color: rgb(199, 199, 199); background-color: rgb(0, 0, 0);" class="">numguards=8, NumPCsInPCTables=0, NumInline8bitCounters=0</div><div><blockquote type="cite" class=""><div class="">On Aug 24, 2017, at 2:40 PM, Kostya Serebryany <<a href="mailto:kcc@google.com" class="">kcc@google.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">This is quite unexpected. <div class="">Do you have a minimized example of dead stripping eliminating the coverage instrumentation? </div><div class=""><br class=""></div><div class="">--kcc </div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">On Thu, Aug 24, 2017 at 2:37 PM, George Karpenkov <span dir="ltr" class=""><<a href="mailto:ekarpenkov@apple.com" target="_blank" class="">ekarpenkov@apple.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">OK so with Kuba’s help I’ve found the error: with optimization, dead stripping of produced libraries is enabled,<br class="">
which removes coverage instrumentation.<br class="">
<br class="">
However, this has nothing to do with the move to compiler-rt, so I’m quite skeptical on whether it has worked<br class="">
beforehand.<br class="">
<br class="">
A trivial fix is to do:<br class="">
<br class="">
diff --git a/cmake/modules/<wbr class="">HandleLLVMOptions.cmake b/cmake/modules/<wbr class="">HandleLLVMOptions.cmake<br class="">
index 04596a6ff63..5465d8d95ba 100644<br class="">
--- a/cmake/modules/<wbr class="">HandleLLVMOptions.cmake<br class="">
+++ b/cmake/modules/<wbr class="">HandleLLVMOptions.cmake<br class="">
@@ -665,6 +665,9 @@ if(LLVM_USE_SANITIZER)<br class="">
endif()<br class="">
if (LLVM_USE_SANITIZE_COVERAGE)<br class="">
append("-fsanitize=fuzzer-no-<wbr class="">link" CMAKE_C_FLAGS CMAKE_CXX_FLAGS)<br class="">
+<br class="">
+ # Dead stripping messes up coverage instrumentation.<br class="">
+ set(LLVM_NO_DEAD_STRIP ON)<br class="">
endif()<br class="">
endif()<br class="">
<br class="">
Any arguments against that?<br class="">
<br class="">
Apparently, a better way is to follow ASAN instrumentation pass,<br class="">
which uses some magic to protect against dead-stripping.<br class="">
<span class="im HOEnZb"><br class="">
> On Aug 24, 2017, at 11:29 AM, Justin Bogner <<a href="mailto:mail@justinbogner.com" class="">mail@justinbogner.com</a>> wrote:<br class="">
><br class="">
</span><div class="HOEnZb"><div class="h5">> (kcc, george: sorry for the re-send, the first was from a non-list email<br class="">
> address)<br class="">
><br class="">
> My configuration for building the fuzzers in the LLVM tree doesn't seem to<br class="">
> work any more (possibly as of moving libFuzzer to compiler-rt, but there<br class="">
> have been a few other changes in the last week or so that may be related).<br class="">
><br class="">
> I'm building with a fresh top-of-tree clang and setting<br class="">
> -DLLVM_USE_SANITIZER=Address and -DLLVM_USE_SANITIZE_COVERAGE=<wbr class="">On, which<br class="">
> was working before:<br class="">
><br class="">
> % cmake -GNinja \<br class="">
> -DCMAKE_BUILD_TYPE=Release -DLLVM_ENABLE_ASSERTIONS=On \<br class="">
> -DLLVM_ENABLE_WERROR=On \<br class="">
> -DLLVM_USE_SANITIZER=Address -DLLVM_USE_SANITIZE_COVERAGE=<wbr class="">On \<br class="">
> -DCMAKE_C_COMPILER=$HOME/llvm-<wbr class="">lkgc/bin/clang \<br class="">
> $HOME/code/llvm-src<br class="">
><br class="">
> But when I run any of the fuzzers, it looks like the sanitizer coverage<br class="">
> hasn't been set up correctly:<br class="">
><br class="">
> % ./bin/llvm-as-fuzzer 2017-08-24 11:14:33<br class="">
> INFO: Seed: 4089166883<br class="">
> INFO: Loaded 1 modules (50607 guards): 50607 [0x10e14ef80, 0x10e18063c),<br class="">
> INFO: Loaded 1 PC tables (0 PCs): 0 [0x10e2870a8,0x10e2870a8),<br class="">
> ERROR: The size of coverage PC tables does not match the number of instrumented PCs. This might be a bug in the compiler, please contact the libFuzzer developers.<br class="">
><br class="">
> From the build logs, it looks like we're now building objects with these<br class="">
> sanitizer flags:<br class="">
><br class="">
> -fsanitize=address<br class="">
> -fsanitize-address-use-after-<wbr class="">scope<br class="">
> -fsanitize=fuzzer-no-link<br class="">
><br class="">
> We're then linking the fuzzer binaries with these:<br class="">
><br class="">
> -fsanitize=address<br class="">
> -fsanitize-address-use-after-<wbr class="">scope<br class="">
> -fsanitize=fuzzer-no-link<br class="">
> -fsanitize=fuzzer<br class="">
><br class="">
> Any idea what's wrong or where to start looking?<br class="">
<br class="">
</div></div></blockquote></div><br class=""></div>
</div></blockquote></div><br class=""></div></body></html>