Open Bug 1483907 Opened 7 years ago Updated 2 years ago

libFuzzer builds not instrumented for coverage

Categories

(Firefox Build System :: General, defect)

Product:
Firefox Build System
Component:
General
Type:
defect

Tracking

(Not tracked)

People

(Reporter: truber, Assigned: truber)

References

Details

From: https://bugzilla.mozilla.org/show_bug.cgi?id=1466021#c22 > libFuzzer stopped working in the past few days. Both on oss-fuzz and locally. All targets. > > $ MOZ_RUN_GTEST=1 LIBFUZZER=1 FUZZER=SdpParser obj-fuzz/dist/bin/firefox > Running Fuzzer tests... > INFO: Seed: 3954647428 > INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes > INFO: A corpus is not provided, starting from an empty corpus > #2 INITED lim: 4 exec/s: 0 rss: 313Mb > ERROR: no interesting inputs were found. Is the code instrumented for coverage? > Exiting. This was bisected to d602a2f69ff8, but that change can't be easily backed out anymore. Instead, I am going to make the mozbuild changes conditional on Android, so that the builds still succeed, and libFuzzer will work again until I can figure out why this happened.
I'm also seeing this, and I'm very confused by it; `nm <relevant .o file>` shows calls into the expected sanitizer coverage libraries (and looking at the CLI invocations shows clang++ being passed -fsanitize=fuzz-no-link). Is it possible two different copies of sancov are both ending up in the binary, and libFuzzer is using a different one from where the coverage is actually being recorded?
Blocks: 1475573
See Also: 1475573
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.