[Question] Is it possible to use fuzzilli with ASAN

[zuypt]

I tried to compile Spidermonkey and add -fsanitizer=address but the jsshell crashes immediately after start.

[saelo]

Yeah in general there is no reason why it wouldn't work with an ASAN build of the JS engine. I can't tell you why the jsshell crashes in your case though. If it's due to Fuzzilli support code (e.g. REPRL stuff) then that's a bug in our code that should be fixed. Feel free to file an issue or update this one in that case.

[shouc]

On my system (Ubuntu 20.04) with the default setup, ASAN would overwrite the exit code to 1 and cause no crash (even with handle_segv set as 0). Fuzzilli uses WIFEXITED to determine whether the binary crashes so the crash-check would end up being wrong. (Not sure whether this is due to system-specific reasons)

[VigiZhang]

On my system (Ubuntu 20.04) with the default setup, ASAN would overwrite the exit code to 1 and cause no crash (even with handle_segv set as 0). Fuzzilli uses WIFEXITED to determine whether the binary crashes so the crash-check would end up being wrong. (Not sure whether this is due to system-specific reasons)

Same here. I use ASAN_OPTIONS=abort_on_error=1 to bypass this issue which AFL is enabled by default. Not sure if this is a preferred way.

[saelo]

On my system (Ubuntu 20.04) with the default setup, ASAN would overwrite the exit code to 1 and cause no crash (even with handle_segv set as 0). Fuzzilli uses WIFEXITED to determine whether the binary crashes so the crash-check would end up being wrong. (Not sure whether this is due to system-specific reasons)

Same here. I use ASAN_OPTIONS=abort_on_error=1 to bypass this issue which AFL is enabled by default. Not sure if this is a preferred way.

Cool, I assume ASAN_OPTIONS=abort_on_error=1 has no effect if ASAN is disabled (i.e. in the current default JS engine build configurations)? If so, feel free to send a PR to add this flag to the JS engine profiles :)