Add support for fuzzing rust modules from fuzzing interfaces
Categories
(Core :: Fuzzing, enhancement)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox71 | --- | fixed |
People
(Reporter: truber, Assigned: truber)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
This adds support for writing a libFuzzer target in rust for rust code. I used dkeeler's rkv-fuzz as an example -- the fuzzing function is unmodified.
|
Assignee | |
Comment 1•5 years ago
|
||
|
|
Assignee | |
Comment 2•5 years ago
|
||
This has failures in try I don't understand yet: https://treeherder.mozilla.org/#/jobs?repo=try&revision=60008b6e964c4c3562f4df03dea2dae07a3630b0
Linux x64 asan fuzzing builds ok for me locally.
|
||
Comment 3•5 years ago
|
||
What can I/we do about those failures? It'd be good to start fuzzing rkv sooner rather than later.
|
|
||
Updated•5 years ago
|
|
|
Assignee | |
Comment 4•5 years ago
|
||
decoder and I figured out the macos problem. I had the sancov Rust flags set for host targets which shouldn't be. Linux is still broken but only in TC, I haven't been able to repro locally.
https://treeherder.mozilla.org/#/jobs?repo=try&revision=a451ee49d6e88ea05121eab9ac10454bdaf8ac69
|
|
||
Comment 5•5 years ago
|
||
Emilio knows everything, maybe he can spot the problem here?
|
||
Comment 6•5 years ago
|
||
If it happens locally it should be easy to see what if anything is calling them, but...
I bet those calls come from the rust standard library. But usually if you don't call them they get optimized away by LTO, and thus they don't appear in gkrust.
I wouldn't be surprised if the instrumentation that you're adding makes the linker not remove them, or something of that sort...
I think you should be able to repro locally, if you have a release build with LTO enabled.
This check is only enabled if -Clto is passed to rust: https://searchfox.org/mozilla-central/rev/4218cb868d8deed13e902718ba2595d85e12b86b/config/makefiles/rust.mk#258
Note that to verify that this is passing locally you may need to change this to not look at MOZ_AUTOMATION: https://searchfox.org/mozilla-central/rev/4218cb868d8deed13e902718ba2595d85e12b86b/python/mozbuild/mozbuild/action/check_binary.py#284
So that you can see TEST-PASS | check_networking...
So tldr I think that the instrumentation the sancov flags are adding are disabling lto, effectively, or something of that sort.
So probably extending the check in rust.mk to avoid doing this when passes=sancov is included, or something like that, may be the best option. But this is just a guess, so verifying that locally would be useful.
|
|
Assignee | |
Comment 7•5 years ago
|
||
@emilio, thanks! I had commented out the MOZ_AUTOMATION check in check_binary.py so it would print in either case, but I saw nothing. I was missing --enable-release in my mozconfig, so now it fails locally. I'll disable the check for this case.
|
|
Assignee | |
Updated•5 years ago
|
|
|
Assignee | |
Updated•5 years ago
|
Pushed by nerli@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b55c4b05eb3f
Add fuzzing target for rkv r=froydnj
|
||
Comment 9•5 years ago
|
||
| bugherder | ||
Description
•