[lld] r308809 - Don't crash on an empty section with an ALIGN.

[Davide Italiano via llvm-commits]

On Mon, Jul 24, 2017 at 8:35 AM, George Rimar <grimar at accesssoftek.com> wrote:
>><llvm-commits at lists.llvm.org> wrote:
>>> I noticed that during last weeks we had several fixes committed to fix LLD crashes
>>> because of uncommon scripts. Like this one or discarding synthetic sections earlier.
>>>
>>> About a year ago we used AFL (http://lcamtuf.coredump.cx/afl/) for fuzzing LLD.
>>> That time we fuzzed input objects (binaries).
>>> As far I know it is possible to teach AFL about some syntax and provide a dictionary of keywords,
>>> and as a result it probably should be able to generate and test linkerscripts.
>>> Which probably can reveal more uncommon cases leading to crashes/hangs may be.
>>>
>>
>>It shouldn't be particularly hard to do mutation based on the linker
>>script grammar.
>>Maybe you can use `libFuzzer`, but I havne't looked into it (IIRC Peter did).
>>
>>You can also try something like what's described in
>>"Skeletal Program Enumeration for Rigorous Compiler Testing"
>>https://arxiv.org/abs/1610.03148 . For your first run(s), you can
>>probably ignore scoping, and just swap, e.g. directives.
>>
>>Thanks,
>>
>>--
>>Davide
>
> Yep, I do not expect mutation be hard to do. Never tried this before though.
> Also never used libFuzzer, will take a look on it and that link tomorrow.
> Then probably try to do dome trivial mutation to check how it works in general.
>

Please note that this is a completely different kind of work compared
to what we did last year.
In fact, while in the linker input case you can just "tolerate"
crashes, because the output of the compiler is the input to the linker
(garbage-in garbage-out), here you have human input (i.e. the linker
script tests).
We could try to never crash on invalid linker scripts and emit a sane
diagnostic instead, if possible.

Thanks,

--
DAvide