<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Aug 24, 2017 at 2:59 PM, Justin Bogner <span dir="ltr"><<a href="mailto:mail@justinbogner.com" target="_blank">mail@justinbogner.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">Kostya Serebryany <<a href="mailto:kcc@google.com">kcc@google.com</a>> writes:<br>
>> I'd like llvm-isel-fuzzer to be added once its committed<br>
><br>
> consider it done (once it's there)<br>
><br>
>> (which should be as soon as LLVM fuzzers work in release builds<br>
>> again). One potential issue is that llvm-isel-fuzzer is more of a<br>
>> collection of fuzzers, and it needs some arguments to run (ie, to<br>
>> choose the backend).<br>
><br>
> I have the same problem with clang-proto-fuzzer, which uses the same<br>
> approach with flags as llvm-isel-fuzzer.<br>
><br>
> The solution I was thinking about is (drum roll!) to encode the flags in<br>
> the binary name, e.g.<br>
> "./llvm-isel-fuzzer,-flag1,-<wbr>flag2" and then read these flags from argv[0]<br>
> in LLVMFuzzerInitialize()<br>
<br>
</span>This is just horrible enough that it might work.<br></blockquote><div><br></div><div>This is not unheard of, right? </div><div>clang++ is a link to clang, but they actually behave in different ways</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<span class=""><br>
> Then in oss-fuzz build.sh we will just do this:<br>
> for flags in -flag1a,-flag1b -flag2a,-flag2b; do<br>
> cp llvm-isel-fuzzer $OUT/llvm-isel-fuzzer,$flags<br>
> done<br>
<br>
</span>Would it work to just create a simple shell script that forwards to the<br>
"real" fuzzer binary? Ie,<br>
<br>
echo 'llvm-isel-fuzzer "$@" --ignore-remaining-flags=1 -mtriple=aarch64-apple-ios -global-isel -O0' > llvm-isel-fuzzer-aarch64-gisel<br>
<br>
Then we could just tell OSS-Fuzz that llvm-isel-fuzzer-aarch64-gisel is<br>
what we want to run. Depending on what OSS-Fuzz does with the binary I<br>
could see this failing, of course.<br></blockquote><div><br></div><div>This is unlikely to work with AFL and may complicate things for us in future. </div><div>I am reluctant to support this in case we have some other fuzzing mechanisms that won't not support this. </div><div> </div></div>--kcc </div></div>