From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 4096 invoked by alias); 26 Dec 2019 22:51:04 -0000 Mailing-List: contact elfutils-devel-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Subscribe: Sender: elfutils-devel-owner@sourceware.org Received: (qmail 4086 invoked by uid 89); 26 Dec 2019 22:51:04 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.100.3 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-14.4 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.3.1 spammy=Wielaard, wielaard, markklomporg, mark@klomp.org X-Spam-Status: No, score=-14.4 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on sourceware.org X-Spam-Level: X-HELO: gnu.wildebeest.org Received: from wildebeest.demon.nl (HELO gnu.wildebeest.org) (212.238.236.112) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 26 Dec 2019 22:51:02 +0000 Received: from librem (a80-101-194-232.adsl.xs4all.nl [80.101.194.232]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id BF4EA300BC65; Thu, 26 Dec 2019 23:50:58 +0100 (CET) Received: by librem (Postfix, from userid 1000) id 646E8C0410; Thu, 26 Dec 2019 23:50:48 +0100 (CET) Date: Thu, 26 Dec 2019 22:51:00 -0000 From: Mark Wielaard To: Berkeley Churchill Cc: elfutils-devel@sourceware.org, Matthias Maennich Subject: Re: oss-fuzz Message-ID: <20191226225048.GA62099@librem> References: <93e5a9fb876eaa42acb92f259c1efc614c081053.camel@klomp.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Flag: NO X-IsSubscribed: yes X-SW-Source: 2019-q4/txt/msg00285.txt.bz2 Hi Berkeley, On Mon, Dec 23, 2019 at 08:06:54AM +0200, Berkeley Churchill wrote: > Great, thanks for the feedback! > > One of my first tasks will be to support llvm/clang builds. I've seen some > prior discussion on what's needed for that, but if you have any extra tips > I'll take them. I'll be sure to create a build target for the fuzzers so > they can be run standalone. clang is slightly inconvenient because it doesn't implement various GNU C extensions. We even have a configure check for them now so it is clear what we require from a C/gnu99 compiler: https://sourceware.org/git/?p=elfutils.git;a=blob;f=configure.ac;hb=HEAD#l98 In theory when clang support that, everything should just compile. There have been some attempts to rewrite some source code to get clang to accept it: https://sourceware.org/git/?p=elfutils.git&a=search&h=HEAD&st=commit&s=clang But there is just too much code clang simply doesn't parse. I don't know how much work there is left to get clang to accept everything. But Matthias (CCed) said he got somewhat further on irc once. Maybe he can share his patches. A simpler approach would be to see if oss-fuzz really needs clang at all. As far as I know the only thing needed is a compiler supporting inserting tracing calls into every basic block and/or comparison operations and linking to some (C++) library that intercepts those. gcc can do that with -fsanitize-coverage=trace-pc and/or -fsanitize-coverage=trace-cmp (which I believe is command line compatible with what clang uses). Cheers, Mark > On Mon, Dec 23, 2019 at 3:12 AM Mark Wielaard wrote: > > > Hi Berkeley, > > > > On Fri, 2019-12-20 at 17:21 +0200, Berkeley Churchill wrote: > > > Any interest in integrating with oss-fuzz? It's a google project > > > that supports open source projects by fuzzing. It allows Google to > > > find and report bugs, especially security bugs, to the project. > > > I'm willing to work on writing fuzzers and performing the integration, > > > if this would be welcome by the maintainers. Thoughts? > > > > Certainly interested. I have been running afl-fuzz on various utilities > > and test cases. That has found lots of issues. But it isn't very > > structured. And it often needs to go through a completely valid ELF > > file before fuzzing the more interesting data structures inside it. > > > > The only request I would have is that if the fuzzer targets are added > > to elfutils itself then they should also be made to work locally. So > > someone could also use them with e.g. afl-fuzz or some other fuzzing > > framework, or simply as extra testcase. > > > > Please also see: > > https://sourceware.org/git/?p=elfutils.git;f=CONTRIBUTING;hb=HEAD > > > > Cheers, > > > > Mark > >