[PATCH] D21049: [LibFuzzer] Fix some unit test crashes on OSX.

Dan Liew via llvm-commits llvm-commits at lists.llvm.org
Mon Jun 6 21:23:30 PDT 2016 

delcypher added a comment.

@kcc: What I showed is not particularly illuminating (at least to me) but the important things I noticed are that

- In the other failing unit test (`lib/Fuzzer/test/LLVMFuzzer-Unittest --gtest_filter=FuzzerDictionary.ParseDictionaryFile`) in that test also the crash is different and the `this` pointer inside the `AssertionResult` constructor inside GTest has become `0x0` for some reason.

  Note: Google Test filter = FuzzerDictionary.ParseDictionaryFile
  [==========] Running 1 test from 1 test case.
  [----------] Global test environment set-up.
  [----------] 1 test from FuzzerDictionary
  [ RUN      ] FuzzerDictionary.ParseDictionaryFile
  ParseDictionaryFile: error in line 1
                  zzz
  ParseDictionaryFile: file does not exist or is empty
  ParseDictionaryFile: error in line 4
                  abc="abc"
  ASAN:DEADLYSIGNAL
  =================================================================
  ==41539==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000107cc5631 bp 0x7fff57f952e0 sp 0x7fff57f952b0 T0)
  ==41539==The signal is caused by a WRITE memory access.
  ==41539==Hint: address points to the zero page.
      #0 0x107cc5630 in testing::AssertionResult::AssertionResult(bool) gtest.h:271
      #1 0x107ca17a3 in testing::AssertionResult::AssertionResult(bool) gtest.h:271
      #2 0x107ca75f4 in FuzzerDictionary_ParseDictionaryFile_Test::TestBody() FuzzerUnittest.cpp:388
      #3 0x107d36a82 in testing::Test::Run() gtest.cc:2161
      #4 0x107d381ab in testing::TestInfo::Run() gtest.cc:2309
      #5 0x107d39968 in testing::TestCase::Run() gtest.cc:2416
      #6 0x107d46658 in testing::internal::UnitTestImpl::RunAllTests() gtest.cc:4207
      #7 0x107d45ef0 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) gtest.cc:2142
      #8 0x107d45def in testing::UnitTest::Run() gtest.cc:3841
      #9 0x107d7dc36 in main TestMain.cpp:47
      #10 0x7fff8ce7a5ac in start (libdyld.dylib+0x35ac)
      #11 0x1  (<unknown module>)
  
  AddressSanitizer can not provide additional info.
  SUMMARY: AddressSanitizer: SEGV gtest.h:271 in testing::AssertionResult::AssertionResult(bool)
  ==41539==ABORTING
  Abort trap: 6



- If I changed the CMake code to also build LibFuzzer with ASan the crash disappears

- If I build the unit test with `-D_LIBCPP_HAS_NO_ASAN` the issue disappears. This makes me think the issue is likely related to different definitions (@zaks.anna tells me that libcxx has a ASan and non-ASan version `std:vector<>`) of `std::vector<>` (and maybe other libcxx data structures) being used inside and outside LibFuzzer.

- If I force LibFuzzer to be built at `-O0` (it's `-O1` normally because the CMake code forces `-O1` even when the build type is set to `Debug`) the crash disappears but the tests still fail with garbage data.

  Note: Google Test filter = FuzzerDictionary.ParseOneDictionaryEntry
  [==========] Running 1 test from 1 test case.
  [----------] Global test environment set-up.
  [----------] 1 test from FuzzerDictionary
  [ RUN      ] FuzzerDictionary.ParseOneDictionaryEntry
  /Volumes/data/dev/libfuzzer/src/lib/Fuzzer/test/FuzzerUnittest.cpp:358: Failure
  Value of: Unit({'a', 'b', 'c'})
    Actual: { 'a' (97, 0x61), 'b' (98, 0x62), 'c' (99, 0x63) }
  Expected: U
  Which is: { '\x90' (144), 'b' (98, 0x62), 'c' (99, 0x63) }
  /Volumes/data/dev/libfuzzer/src/lib/Fuzzer/test/FuzzerUnittest.cpp:360: Failure
  Value of: Unit({'a', 'b', 'c'})
    Actual: { 'a' (97, 0x61), 'b' (98, 0x62), 'c' (99, 0x63) }
  Expected: U
  Which is: { '0' (48, 0x30), '0' (48, 0x30), '0' (48, 0x30) }
  /Volumes/data/dev/libfuzzer/src/lib/Fuzzer/test/FuzzerUnittest.cpp:363: Failure
  Value of: Unit({'\\'})
    Actual: { '\\' (92, 0x5C) }
  Expected: U
  Which is: { '0' (48, 0x30) }
  /Volumes/data/dev/libfuzzer/src/lib/Fuzzer/test/FuzzerUnittest.cpp:365: Failure
  Value of: Unit({0xAB})
    Actual: { '\xAB' (171) }
  Expected: U
  Which is: { '0' (48, 0x30) }
  /Volumes/data/dev/libfuzzer/src/lib/Fuzzer/test/FuzzerUnittest.cpp:367: Failure
  Value of: Unit({0xAB, 'z', 0xDE})
    Actual: { '\xAB' (171), 'z' (122, 0x7A), '\xDE' (222) }
  Expected: U
  Which is: { '0' (48, 0x30), '0' (48, 0x30), '0' (48, 0x30) }
  /Volumes/data/dev/libfuzzer/src/lib/Fuzzer/test/FuzzerUnittest.cpp:369: Failure
  Value of: Unit({'#'})
    Actual: { '#' (35, 0x23) }
  Expected: U
  Which is: { '0' (48, 0x30) }
  /Volumes/data/dev/libfuzzer/src/lib/Fuzzer/test/FuzzerUnittest.cpp:371: Failure
  Value of: Unit({'"'})
    Actual: { '"' (34, 0x22) }
  Expected: U
  Which is: { '0' (48, 0x30) }
  [  FAILED  ] FuzzerDictionary.ParseOneDictionaryEntry (3 ms)
  [----------] 1 test from FuzzerDictionary (3 ms total)
  
  [----------] Global test environment tear-down
  [==========] 1 test from 1 test case ran. (3 ms total)
  [  PASSED  ] 0 tests.
  [  FAILED  ] 1 test, listed below:
  [  FAILED  ] FuzzerDictionary.ParseOneDictionaryEntry
  
   1 FAILED TEST


http://reviews.llvm.org/D21049

More information about the llvm-commits mailing list