[llvm-dev] Building LLVM's fuzzers

[Justin Bogner via llvm-dev]

(kcc, george: sorry for the re-send, the first was from a non-list email
address)

My configuration for building the fuzzers in the LLVM tree doesn't seem to
work any more (possibly as of moving libFuzzer to compiler-rt, but there
have been a few other changes in the last week or so that may be related).

I'm building with a fresh top-of-tree clang and setting
-DLLVM_USE_SANITIZER=Address and -DLLVM_USE_SANITIZE_COVERAGE=On, which
was working before:

  % cmake -GNinja \
          -DCMAKE_BUILD_TYPE=Release -DLLVM_ENABLE_ASSERTIONS=On \
          -DLLVM_ENABLE_WERROR=On \
          -DLLVM_USE_SANITIZER=Address -DLLVM_USE_SANITIZE_COVERAGE=On \
          -DCMAKE_C_COMPILER=$HOME/llvm-lkgc/bin/clang \
          $HOME/code/llvm-src

But when I run any of the fuzzers, it looks like the sanitizer coverage
hasn't been set up correctly:

  % ./bin/llvm-as-fuzzer                                                                                   2017-08-24 11:14:33
  INFO: Seed: 4089166883
  INFO: Loaded 1 modules   (50607 guards): 50607 [0x10e14ef80, 0x10e18063c),
  INFO: Loaded 1 PC tables (0 PCs): 0 [0x10e2870a8,0x10e2870a8),
  ERROR: The size of coverage PC tables does not match the number of instrumented PCs. This might be a bug in the compiler, please contact the libFuzzer developers.

>From the build logs, it looks like we're now building objects with these
sanitizer flags:

  -fsanitize=address
  -fsanitize-address-use-after-scope
  -fsanitize=fuzzer-no-link

We're then linking the fuzzer binaries with these:

  -fsanitize=address
  -fsanitize-address-use-after-scope
  -fsanitize=fuzzer-no-link
  -fsanitize=fuzzer

Any idea what's wrong or where to start looking?