-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make Centipede a default engine #9427
Conversation
/gcbrun trial_build.py all --sanitizer none --fuzzing-engine centipede |
f623023
to
be42b22
Compare
/gcbrun trial_build.py all --sanitizer none --fuzzing-engine centipede |
Looks like until google#9427 is merged it should be specified explicitly.
To judge from https://github.com/google/oss-fuzz/actions/runs/3928694793/jobs/6716605398 |
Just to clarify I enabled it explicitly in #9428. It doesn't fail anywhere else yet. |
Before I forget other projects using |
Thanks, @evverx!
Would you happen to know how to fix it? Thanks! By the way, we plan to make |
/gcbrun trial_build.py all --sanitizer none --fuzzing-engine centipede |
/gcbrun trial_build.py all --sanitizer none --fuzzing-engine centipede |
Looks like |
Yep, the same as in this commit Use -Wl for linker flags. |
I rebuilt the base-builder image with those flags and reproduced the build failure. The good news is that
I'm not sure what to do about it yet. I don't think I can fix it in the systemd OSS-Fuzz build script because it's somewhere between |
|
My experience is that errors like However, I am not sure what is the best way to make use of it in |
Ideally OSS-Fuzz should pass linker flags via With |
FWIW I think in theory it could work if OSS-Fuzz passed those flags via LDFLAGS as well. It didn't work out with FI because it needed to switch linkers and some projects didn't expect it so CFLAGS was the way to go there but with centipede the linker is intact as far as I can tell. |
I see... Yeah adding it to I will try to think of ways to do it in one place : ) |
Mirrors [the fixes from OSS-Fuzz](google/oss-fuzz#9427): 1. Use [`-Wl` on the linker flags](google/oss-fuzz#9427 (comment)). 2. Use [`LDFLAGS`](google/oss-fuzz#9427 (comment)).
/gcbrun trial_build.py all --sanitizer none --fuzzing-engine centipede |
Related: #9299 |
/gcbrun trial_build.py all --sanitizer none --fuzzing-engine centipede |
/gcbrun trial_build.py all --sanitizer none --fuzzing-engine centipede |
/gcbrun trial_build.py all --sanitizer none --fuzzing-engine centipede |
@jonathanmetzman, 334aff6 compiles |
This reverts commit 334aff6.
/gcbrun trial_build.py all --sanitizer none --fuzzing-engine centipede |
What is LIB_FUZZING_ENGINE compiled with? Also clang++? |
I think this doesn't happen with AFL(++) because I'm pretty sure they only use C for the part that gets linked to user code. |
In #9427, some projects [failed on `bad_build_check`](https://pantheon.corp.google.com/cloud-build/builds;region=us-central1/31a7e835-32aa-49c8-81f1-f8d2eab9e3c1;step=20?project=oss-fuzz) (e.g., [`matio`](https://github.com/google/oss-fuzz/tree/master/projects/matio) has seed corpus) without explicit reason. This is because `Centipede` [does not skip seed corpus in `run_fuzzer`](https://github.com/google/oss-fuzz/blob/a5ee351ed1cfb97b73eab96787c0a86434cfd99e/infra/base-images/base-runner/run_fuzzer#L89) like [other fuzzers](https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-runner/bad_build_check#L147). This PR sets the environment variable so that `Centipede` also skips seeds and pass the `bad_build_check`.
# For Meson. | ||
export LDFLAGS='/src/centipede/weak.o' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm still not clear why centipede is so unique that we need to support LDFLAGS after six years of not needing it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Which projects does this help? Most meson projects seem broken still.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I will test removing it here.
I've added weak.o
to ld
wrapper, not sure if that works for meson
.
# For Meson. | ||
export LDFLAGS='/src/centipede/weak.o' | ||
|
||
# For Centipede's ld |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
end with period.
|
||
# For Centipede's ld | ||
export CENTIPEDE_BIN="$SRC/centipede/bin" | ||
export PATH="$CENTIPEDE_BIN":$PATH |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Put ending quote on the end of this line.
It's extremely hard for me to test anything today because archive.ubuntu.com is down. But you can see here that a project that is having issues with libc++ not being linked in, is doing something incorrect. They are using CC to link fuzz targets despite our rule requiring use of CXX for this purpose |
/gcbrun trial_build.py all --sanitizer none --fuzzing-engine centipede |
Related: #9299 |
Looks like this hunch was correct #9599 |
/gcbrun trial_build.py all --sanitizer none --fuzzing-engine centipede |
1 similar comment
/gcbrun trial_build.py all --sanitizer none --fuzzing-engine centipede |
/gcbrun trial_build.py skcms systemd --sanitizer none address --fuzzing-engine libfuzzer afl honggfuzz |
How do we confirm the exact build ID of this command? (It's the second one above this.) There is a third one on the top, 827d915c. I presume that is the last one ( |
I think youre right. But you have to look at what gets built to figure this out. |
Both 4edf647e and 827d915c only tested Only 4285852f tested |
#!/bin/bash | ||
/usr/bin/ld \$@ -ldl -lrt -lpthread -lc++ /src/centipede/weak.o | ||
EOF | ||
chmod 777 ${CENTIPEDE_BIN}/ld |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are we setting this to be the linker somewhere?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah got it. Do you mind giving me an hour to test #9300? I have a hunch most of the major fixes have been pushed and I think this PR has some unecessary complexity. I suspect this LD wrapper isn't necessary
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, I am working on google/fuzzbench#1632 now.
In google#9427, some projects [failed on `bad_build_check`](https://pantheon.corp.google.com/cloud-build/builds;region=us-central1/31a7e835-32aa-49c8-81f1-f8d2eab9e3c1;step=20?project=oss-fuzz) (e.g., [`matio`](https://github.com/google/oss-fuzz/tree/master/projects/matio) has seed corpus) without explicit reason. This is because `Centipede` [does not skip seed corpus in `run_fuzzer`](https://github.com/google/oss-fuzz/blob/a5ee351ed1cfb97b73eab96787c0a86434cfd99e/infra/base-images/base-runner/run_fuzzer#L89) like [other fuzzers](https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-runner/bad_build_check#L147). This PR sets the environment variable so that `Centipede` also skips seeds and pass the `bad_build_check`.
Make
Centipede
a default fuzzing engine and apply it to more projects:expected_build_steps.json
.test_get_centipede_build_steps
, given it has been covered intest_get_build_steps
now?