Open Bug 1483907 Opened 2 years ago Updated 2 years ago

libFuzzer builds not instrumented for coverage

Categories

(Firefox Build System :: General, defect)

defect
Not set
normal

Tracking

(Not tracked)

People

(Reporter: truber, Assigned: truber)

References

Details

From: https://bugzilla.mozilla.org/show_bug.cgi?id=1466021#c22

> libFuzzer stopped working in the past few days. Both on oss-fuzz and locally. All targets.
> 
> $ MOZ_RUN_GTEST=1 LIBFUZZER=1 FUZZER=SdpParser obj-fuzz/dist/bin/firefox
> Running Fuzzer tests...
> INFO: Seed: 3954647428
> INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
> INFO: A corpus is not provided, starting from an empty corpus
> #2	INITED lim: 4 exec/s: 0 rss: 313Mb
> ERROR: no interesting inputs were found. Is the code instrumented for coverage? > Exiting.

This was bisected to d602a2f69ff8, but that change can't be easily backed out anymore. Instead, I am going to make the mozbuild changes conditional on Android, so that the builds still succeed, and libFuzzer will work again until I can figure out why this happened.
I'm also seeing this, and I'm very confused by it; `nm <relevant .o file>` shows calls into the expected sanitizer coverage libraries (and looking at the CLI invocations shows clang++ being passed -fsanitize=fuzz-no-link).

Is it possible two different copies of sancov are both ending up in the binary, and libFuzzer is using a different one from where the coverage is actually being recorded?
Blocks: 1475573
See Also: 1475573
You need to log in before you can comment on or make changes to this bug.