Hi Berkeley, On Mon, Dec 23, 2019 at 08:06:54AM +0200, Berkeley Churchill wrote: > Great, thanks for the feedback! > > One of my first tasks will be to support llvm/clang builds. I've seen some > prior discussion on what's needed for that, but if you have any extra tips > I'll take them. I'll be sure to create a build target for the fuzzers so > they can be run standalone.
clang is slightly inconvenient because it doesn't implement various GNU C extensions. We even have a configure check for them now so it is clear what we require from a C/gnu99 compiler: https://sourceware.org/git/?p=elfutils.git;a=blob;f=configure.ac;hb=HEAD#l98 In theory when clang support that, everything should just compile. There have been some attempts to rewrite some source code to get clang to accept it: https://sourceware.org/git/?p=elfutils.git&a=search&h=HEAD&st=commit&s=clang But there is just too much code clang simply doesn't parse. I don't know how much work there is left to get clang to accept everything. But Matthias (CCed) said he got somewhat further on irc once. Maybe he can share his patches. A simpler approach would be to see if oss-fuzz really needs clang at all. As far as I know the only thing needed is a compiler supporting inserting tracing calls into every basic block and/or comparison operations and linking to some (C++) library that intercepts those. gcc can do that with -fsanitize-coverage=trace-pc and/or -fsanitize-coverage=trace-cmp (which I believe is command line compatible with what clang uses). Cheers, Mark > On Mon, Dec 23, 2019 at 3:12 AM Mark Wielaard <m...@klomp.org> wrote: > > > Hi Berkeley, > > > > On Fri, 2019-12-20 at 17:21 +0200, Berkeley Churchill wrote: > > > Any interest in integrating with oss-fuzz? It's a google project > > > that supports open source projects by fuzzing. It allows Google to > > > find and report bugs, especially security bugs, to the project. > > > I'm willing to work on writing fuzzers and performing the integration, > > > if this would be welcome by the maintainers. Thoughts? > > > > Certainly interested. I have been running afl-fuzz on various utilities > > and test cases. That has found lots of issues. But it isn't very > > structured. And it often needs to go through a completely valid ELF > > file before fuzzing the more interesting data structures inside it. > > > > The only request I would have is that if the fuzzer targets are added > > to elfutils itself then they should also be made to work locally. So > > someone could also use them with e.g. afl-fuzz or some other fuzzing > > framework, or simply as extra testcase. > > > > Please also see: > > https://sourceware.org/git/?p=elfutils.git;f=CONTRIBUTING;hb=HEAD > > > > Cheers, > > > > Mark > >
