Closed Bug 1581158 Opened 9 months ago Closed 8 months ago

Add support for fuzzing rust modules from fuzzing interfaces

Categories

(Core :: Fuzzing, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla71
Tracking Status
firefox71 --- fixed

People

(Reporter: truber, Assigned: truber)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

This adds support for writing a libFuzzer target in rust for rust code. I used dkeeler's rkv-fuzz as an example -- the fuzzing function is unmodified.

This has failures in try I don't understand yet: https://treeherder.mozilla.org/#/jobs?repo=try&revision=60008b6e964c4c3562f4df03dea2dae07a3630b0

Linux x64 asan fuzzing builds ok for me locally.

What can I/we do about those failures? It'd be good to start fuzzing rkv sooner rather than later.

Flags: needinfo?(jschwartzentruber)
Flags: needinfo?(choller)

decoder and I figured out the macos problem. I had the sancov Rust flags set for host targets which shouldn't be. Linux is still broken but only in TC, I haven't been able to repro locally.

https://treeherder.mozilla.org/#/jobs?repo=try&revision=a451ee49d6e88ea05121eab9ac10454bdaf8ac69

Emilio knows everything, maybe he can spot the problem here?

Flags: needinfo?(emilio)

If it happens locally it should be easy to see what if anything is calling them, but...

I bet those calls come from the rust standard library. But usually if you don't call them they get optimized away by LTO, and thus they don't appear in gkrust.

I wouldn't be surprised if the instrumentation that you're adding makes the linker not remove them, or something of that sort...

I think you should be able to repro locally, if you have a release build with LTO enabled.

This check is only enabled if -Clto is passed to rust: https://searchfox.org/mozilla-central/rev/4218cb868d8deed13e902718ba2595d85e12b86b/config/makefiles/rust.mk#258

Note that to verify that this is passing locally you may need to change this to not look at MOZ_AUTOMATION: https://searchfox.org/mozilla-central/rev/4218cb868d8deed13e902718ba2595d85e12b86b/python/mozbuild/mozbuild/action/check_binary.py#284

So that you can see TEST-PASS | check_networking...

So tldr I think that the instrumentation the sancov flags are adding are disabling lto, effectively, or something of that sort.

So probably extending the check in rust.mk to avoid doing this when passes=sancov is included, or something like that, may be the best option. But this is just a guess, so verifying that locally would be useful.

Flags: needinfo?(emilio)

@emilio, thanks! I had commented out the MOZ_AUTOMATION check in check_binary.py so it would print in either case, but I saw nothing. I was missing --enable-release in my mozconfig, so now it fails locally. I'll disable the check for this case.

Flags: needinfo?(choller)
Flags: needinfo?(jschwartzentruber)
Keywords: checkin-needed
Keywords: checkin-needed
Status: NEW → RESOLVED
Closed: 8 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
Depends on: 1617186
You need to log in before you can comment on or make changes to this bug.