cargo-fuzz
cargo-fuzz copied to clipboard
rust-fuzz
`careful` option doesn't work
git clone [email protected]:qarmin/Automated-Fuzzer.git
cd Automated-Fuzzer
and
cargo +nightly fuzz run lopdf --release --features "lopdf_f" -- -rss_limit_mb=20000
works fine, but
cargo +nightly fuzz run lopdf --release --features "lopdf_f" -c -- -rss_limit_mb=20000
produces this compilation errors
error: `compiler_builtins` cannot call functions through upstream monomorphizations; encountered invalid call from `<&T as core::fmt::Debug>::fmt` to `<str as core::fmt::Debug>::fmt`
--> /home/rafal/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/fmt/mod.rs:2668:1
|
2668 | fmt_refs! { Debug, Display, Octal, Binary, LowerHex, UpperHex, LowerExp, UpperExp }
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
= note: this error originates in the macro `fmt_refs` (in Nightly builds, run with -Z macro-backtrace for more info)
error: `compiler_builtins` cannot call functions through upstream monomorphizations; encountered invalid call from `<&T as core::fmt::Display>::fmt` to `<str as core::fmt::Display>::fmt`
--> /home/rafal/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/fmt/mod.rs:2668:1
|
2668 | fmt_refs! { Debug, Display, Octal, Binary, LowerHex, UpperHex, LowerExp, UpperExp }
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Error: failed to build fuzz script: ASAN_OPTIONS="detect_odr_violation=0" RUSTFLAGS="-Cpasses=sancov-module -Cllvm-args=-sanitizer-coverage-level=4 -Cllvm-args=-sanitizer-coverage-inline-8bit-counters -Cllvm-args=-sanitizer-coverage-pc-table -Cllvm-args=-sanitizer-coverage-trace-compares --cfg fuzzing -Clink-dead-code -Zsanitizer=address -Zextra-const-ub-checks -Zstrict-init-checks --cfg careful -Cllvm-args=-sanitizer-coverage-stack-depth -Cdebug-assertions -C codegen-units=1" "cargo" "build" "--manifest-path" "/home/rafal/test/Automated-Fuzzer/fuzz/Cargo.toml" "--target" "x86_64-unknown-linux-gnu" "--release" "--config" "profile.release.debug=true" "--features" "lopdf_f" "-Z" "build-std" "--bin" "lopdf"
Compilation proceed with --strip-dead-code, but fails later with info
Compiling automated_fuzzer-fuzz v0.0.0 (/home/rafal/test/Automated-Fuzzer/fuzz)
error[E0152]: duplicate lang item in crate `core`: `sized`
|
= note: the lang item is first defined in crate `core` (which `std` depends on)
= note: first definition in `core` loaded from /home/rafal/test/Automated-Fuzzer/fuzz/target/x86_64-unknown-linux-gnu/release/deps/libcore-69a3199cd1315669.rlib, /home/rafal/test/Automated-Fuzzer/fuzz/target/x86_64-unknown-linux-gnu/release/deps/libcore-69a3199cd1315669.rmeta
= note: second definition in `core` loaded from /home/rafal/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/x86_64-unknown-linux-gnu/lib/libcore-28a6d102916cede1.rlib
For more information about this error, try `rustc --explain E0152`.
error: could not compile `automated_fuzzer-fuzz` (bin "lopdf") due to 1 previous error
Error: failed to build fuzz script: ASAN_OPTIONS="detect_odr_violation=0" RUSTFLAGS="-Cpasses=sancov-module -Cllvm-args=-sanitizer-coverage-level=4 -Cllvm-args=-sanitizer-coverage-inline-8bit-counters -Cllvm-args=-sanitizer-coverage-pc-table -Cllvm-args=-sanitizer-coverage-trace-compares --cfg fuzzing -Zsanitizer=address -Zextra-const-ub-checks -Zstrict-init-checks --cfg careful -Cllvm-args=-sanitizer-coverage-stack-depth -Cdebug-assertions -C codegen-units=1" "cargo" "build" "--manifest-path" "/home/rafal/test/Automated-Fuzzer/fuzz/Cargo.toml" "--target" "x86_64-unknown-linux-gnu" "--release" "--config" "profile.release.debug=true" "--features" "lopdf_f" "-Z" "build-std" "--bin" "lopdf"
Manually messing with flags(removed build-std and removing dead code) fixes problem
ASAN_OPTIONS="detect_odr_violation=0" RUSTFLAGS="-Cpasses=sancov-module -Cllvm-args=-sanitizer-coverage-level=4 -Cllvm-args=-sanitizer-coverage-inline-8bit-counters -Cllvm-args=-sanitizer-coverage-pc-table -Cllvm-args=-sanitizer-coverage-trace-compares --cfg fuzzing -Clink-dead-code=no -Zsanitizer=address -Zextra-const-ub-checks -Zstrict-init-checks --cfg careful -Cllvm-args=-sanitizer-coverage-stack-depth -Cdebug-assertions -C codegen-units=1 " "cargo" +nightly "run" "--manifest-path" "/home/rafal/test/Automated-Fuzzer/fuzz/Cargo.toml" "--target" "x86_64-unknown-linux-gnu" "--release" "--config" "profile.release.debug=true" "--features" "lopdf_f" "--bin" "lopdf"
but I think that this should work out of box
cc @f0rki: you added the careful mode, do you by chance have any idea why the above could be failing?
Seems it's also a problem with --build-std and therefore also with memory sanitizer. Some conflict between the custom built libcore and the one provided by the toolchain. Not sure what is the reason though. Maybe check what cargo careful is doing.
