C/C++ code doesn't get sancov or ASAN

[alex]

I originally filed https://github.com/servo/rust-mozjs/issues/378, however after more looking at this, I think it's a more general problem: if the project your fuzzing has a dependency which pulls in non-rust code, the sanitizer and coverage flags are not passed to the C/C++ compiler compiler.

This prevents doing things like using Rust as a harness to test C++ code, or fuzzing projects that are mixed Rust/C++ (e.g. because they are porting!)

[nagisa]

As long as instrumentation is the same or done the same way, I don’t see any reason for it to not work. This is usually compiler-specific. So if the C/C++ is compiled with gcc, there’s no guarantee that the instrumentation is compatible.

Of course the care should be taken to only link one copy of the ASAN. (This could also be compiler-specific and provided by the compiler)

Furthermore, it is really not up to us, but up to the bindings’ build scripts to figure out if the FFI code needs to be instrumented. Perhaps a plain environment variable instructing the build script to do so is a good idea. CC=clang-with-instrumentation where clang-with-instrumentation is a wrapper shell script invoking clang -fsanitize=address "$@" or somesuch could work, for example.

[alex]

I think basically no build scripts handle this case, so IMO the right thing to do is figure out some way to make it possible for cargo-fuzz to do the right thing automatically for them.

[vorner]

I also think it might be nice if cargo fuzz provided some amount of support out of the box. What crosses my mind:

• Add --pass-c-flags that would set the CC, CFLAGS, etc accordingly, and then hope the build scripts catch that (most do).
• Have a flag that at least suggests what flags to use, leaving it up to the user to make sure they are passed along correctly.
• Include it in the documentation somewhere.