fuzz-introspector icon indicating copy to clipboard operation
fuzz-introspector copied to clipboard
verified publisher icon ossf

Enable analyses that do not require LTO

Open DavidKorczynski opened this issue 3 years ago • 0 comments

LTO can be incompatible with certain projects, in particular larger projects. Both in terms of resource exhaustion and pure compatibility (i.e. breaking builds).

An option is to enable a mode of fuzz-introspector that does not rely on LTO, but provides analyses based on data that is not extracted with LTO. In essence, LTO is used to extract program-wide data, so, analyses without LTO should simply be based on data that is non-program-wide. This is e.g.

  • function-level data
  • runtime coverage data
  • partial cfgs, e.g. (module) level data.

Ref https://github.com/google/oss-fuzz/pull/7573#issuecomment-1100133302

DavidKorczynski avatar Apr 15 '22 14:04 DavidKorczynski