<div dir="ltr">Thanks Justin and George. Your answers are helpful. I took a look at the tests (also uploaded a little change: <a href="https://reviews.llvm.org/D37721">https://reviews.llvm.org/D37721</a>).<div><br></div><div>It looks like everything works fine on mac when using `-fsanitize=fuzzer`. If I switch to manual linking against libFuzzer, `-Wl,-dead_strip` is a culprit indeed. However, removing `-Wl,-dead_strip` from compilation flags would be a regression rather than an improvement.</div><div><br></div><div>As for `__attribute__((__used__))`, that also works, but doesn't scale. If I have hundreds of fuzz targets, I should go through all of them and append that attribute. Also, I have to make sure that every new fuzz target has the attribute specified.</div><div><br></div><div>Anyway, it feels like the best way now is to migrate to `-fsanitize=fuzzer`, as it works well and simplifies other things as well. Thanks for the help!</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 6, 2017 at 1:43 PM, George Karpenkov <span dir="ltr"><<a href="mailto:ekarpenkov@apple.com" target="_blank">ekarpenkov@apple.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5"><br>
> On Sep 6, 2017, at 1:40 PM, Justin Bogner <<a href="mailto:mail@justinbogner.com">mail@justinbogner.com</a>> wrote:<br>
><br>
> Max Moroz via llvm-dev <<a href="mailto:llvm-dev@lists.llvm.org">llvm-dev@lists.llvm.org</a>> writes:<br>
>> I'd like to discuss the following change: <a href="https://reviews.llvm.org/D37526" rel="noreferrer" target="_blank">https://reviews.llvm.org/<wbr>D37526</a><br>
>><br>
>> For the context, there is a comment<br>
>> in compiler-rt/lib/fuzzer/<wbr>FuzzerExtFunctionsWeak.cpp:<br>
>><br>
>> // Implementation for Linux. This relies on the linker's support for weak<br>
>> // symbols. We don't use this approach on Apple platforms because it<br>
>> requires<br>
>> // clients of LibFuzzer to pass ``-U _<symbol_name>`` to the linker to allow<br>
>> // weak symbols to be undefined. That is a complication we don't want to<br>
>> expose<br>
>> // to clients right now.<br>
>><br>
>> That makes sense, but with current implementation, you cannot use<br>
>> libFuzzer's interface functions other than LLVMFuzzerTestOneInput. Below is<br>
>> a small example to verify that LLVMFuzzerInitialize is not being called on<br>
>> Mac:<br>
>><br>
>> #include <stddef.h><br>
>> #include <stdint.h><br>
>> #include <stdio.h><br>
>><br>
>> extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) {<br>
>> printf("Hello from LLVMFuzzerInitialize, argc: %i\n", *argc);<br>
>> return *argc;<br>
>> }<br>
>><br>
>> extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {<br>
>> printf("Hello from LLVMFuzzerTestOneInput, size: %zu\n", size);<br>
>> if (size) {<br>
>> return data[0];<br>
>> }<br>
>> return size;<br>
>> }<br>
><br>
> I suspect you might be mistaken about the problem, and what's actually<br>
> happening is that the linker is dead stripping your hook functions. At<br>
> least, I've had plenty of success with fuzzers on macOS with<br>
> LLVMFuzzerInitialize and LLVMFuzzerCustomMutator.<br>
><br>
> Try adding __attribute__((__used__)) to LLVMFuzzerInitialize and see if<br>
> that fixes the problem for you:<br>
><br>
</div></div>> extern "C" __attribute__((__used__)) int LLVMFuzzerInitialize(…)<br>
<br>
Moreover, libFuzzer tests do run on Mac,<br>
and they do use other interface functions.<br>
<br>
Another way to avoid that is simply not to request dead stripping.<br>
<div class="HOEnZb"><div class="h5"><br>
><br>
>> Assuming that there are libFuzzer customers who don't mind to specify<br>
>> "-U,_%function_name%" explicitly (e.g.<br>
>> <a href="https://chromium-review.googlesource.com/c/chromium/src/+/653846/1/testing/libfuzzer/BUILD.gn" rel="noreferrer" target="_blank">https://chromium-review.<wbr>googlesource.com/c/chromium/<wbr>src/+/653846/1/testing/<wbr>libfuzzer/BUILD.gn</a>),<br>
>> we need to have a way to use FuzzerExtFunctionsWeak.cpp instead<br>
>> of FuzzerExtFunctionsDlsym.cpp on Mac.<br>
><br>
> All of this seems unnecessarily awkward - the correct way to use weak<br>
> symbols on macOS is just to provide a default implementation that does<br>
> nothing. The function call overhead isn't that much worse than the<br>
> branch overhead to avoid calling it.<br>
><br>
>> The CL I've uploaded feels a bit hacky to me, but I don't see any less<br>
>> intrusive solution that would still comply with existing implementation and<br>
>> would also support weak symbols to be explicitly allowed if needed.<br>
>><br>
>> Thanks!<br>
>><br>
>> --<br>
>> Max<br>
>> ______________________________<wbr>_________________<br>
>> LLVM Developers mailing list<br>
>> <a href="mailto:llvm-dev@lists.llvm.org">llvm-dev@lists.llvm.org</a><br>
>> <a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/<wbr>mailman/listinfo/llvm-dev</a><br>
<br>
</div></div></blockquote></div><br></div>