[llvm-dev] Building LLVM's fuzzers

George Karpenkov via llvm-dev llvm-dev at lists.llvm.org
Thu Aug 24 11:47:24 PDT 2017 

Indeed, I can reproduce in release build. Looking into it.
As a workaround, for now you could try to use debug build of fuzzers.
> On Aug 24, 2017, at 11:39 AM, Justin Bogner <mail at justinbogner.com> wrote:
> 
> George Karpenkov <ekarpenkov at apple.com> writes:
>> Should -DCMAKE_CXX_COMPILER be also specified?
> 
> CMake is smart enough to infer that from C_COMPILER:
> 
>  % grep CMAKE_CXX_COMPILER CMakeCache.txt
>  CMAKE_CXX_COMPILER:FILEPATH=/Users/bogner/llvm-lkgc/bin/clang++
> 
>>> On Aug 24, 2017, at 11:29 AM, Justin Bogner <mail at justinbogner.com> wrote:
>>> 
>>> (kcc, george: sorry for the re-send, the first was from a non-list email
>>> address)
>>> 
>>> My configuration for building the fuzzers in the LLVM tree doesn't seem to
>>> work any more (possibly as of moving libFuzzer to compiler-rt, but there
>>> have been a few other changes in the last week or so that may be related).
>>> 
>>> I'm building with a fresh top-of-tree clang and setting
>>> -DLLVM_USE_SANITIZER=Address and -DLLVM_USE_SANITIZE_COVERAGE=On, which
>>> was working before:
>>> 
>>> % cmake -GNinja \
>>>         -DCMAKE_BUILD_TYPE=Release -DLLVM_ENABLE_ASSERTIONS=On \
>>>         -DLLVM_ENABLE_WERROR=On \
>>>         -DLLVM_USE_SANITIZER=Address -DLLVM_USE_SANITIZE_COVERAGE=On \
>>>         -DCMAKE_C_COMPILER=$HOME/llvm-lkgc/bin/clang \
>>>         $HOME/code/llvm-src
>>> 
>>> But when I run any of the fuzzers, it looks like the sanitizer coverage
>>> hasn't been set up correctly:
>>> 
>>> % ./bin/llvm-as-fuzzer                                                                                   2017-08-24 11:14:33
>>> INFO: Seed: 4089166883
>>> INFO: Loaded 1 modules   (50607 guards): 50607 [0x10e14ef80, 0x10e18063c),
>>> INFO: Loaded 1 PC tables (0 PCs): 0 [0x10e2870a8,0x10e2870a8),
>>> ERROR: The size of coverage PC tables does not match the number of instrumented PCs. This might be a bug in the compiler, please contact the libFuzzer developers.
>>> 
>>> From the build logs, it looks like we're now building objects with these
>>> sanitizer flags:
>>> 
>>> -fsanitize=address
>>> -fsanitize-address-use-after-scope
>>> -fsanitize=fuzzer-no-link
>>> 
>>> We're then linking the fuzzer binaries with these:
>>> 
>>> -fsanitize=address
>>> -fsanitize-address-use-after-scope
>>> -fsanitize=fuzzer-no-link
>>> -fsanitize=fuzzer
>>> 
>>> Any idea what's wrong or where to start looking?

More information about the llvm-dev mailing list