clang-6.0: error: linker command failed with exit code 1

[aheroine]

I used the afl-clang-fast version for llvm-6.0.1 and encountered the linker problem at runtime. The command is macke --use-fuzzer=1 --ignore-swap --fuzz-bc=examples/sanatized_afl.bc examples/sanatized.bc And the sanatized_afl.bc is compiled with afl-clang-fast.sanatized.bc is compiled with clang(version 3.4.2)

But report the following error jl@jl-VirtualBox:~/klee_deploy/macke$ macke --use-fuzzer=1 --ignore-swap --fuzz-bc=examples/sanatized_afl.bc examples/sanatized.bc Compiling helper functions for fuzzer... Instrument bc file with fuzzer drivers... Adding asan for reproducer... linking fuzz-target... Error code 1: /tmp/target_with_drivers-3a319b.o: In function c4': sanatized.bc:(.text+0x7): undefined reference to __afl_prev_loc.2' sanatized.bc:(.text+0x12): undefined reference to __afl_area_ptr.1' /tmp/target_with_drivers-3a319b.o: In function c3': sanatized.bc:(.text+0x57): undefined reference to __afl_prev_loc.2' sanatized.bc:(.text+0x62): undefined reference to __afl_area_ptr.1' ...... /tmp/target_with_drivers-3a319b.o: In function LLVMFuzzerTestOneInput': sanatized.bc:(.text+0x1a3): undefined reference to __afl_prev_loc.2' sanatized.bc:(.text+0x1ae): undefined reference to __afl_area_ptr.1' /tmp/target_with_drivers-3a319b.o: In function macke_fuzzer_driver_c4': sanatized.bc:(.text+0x1d3): undefined reference to __afl_prev_loc.2' sanatized.bc:(.text+0x1de): undefined reference to __afl_area_ptr.1' /tmp/target_with_drivers-3a319b.o: In function macke_fuzzer_generator_t': sanatized.bc:(.text+0x204): undefined reference to __afl_prev_loc.2' sanatized.bc:(.text+0x20f): undefined reference to __afl_area_ptr.1' /tmp/target_with_drivers-3a319b.o: In function macke_fuzzer_driver_c3': sanatized.bc:(.text+0x253): undefined reference to __afl_prev_loc.2' sanatized.bc:(.text+0x25e): undefined reference to __afl_area_ptr.1' clang-6.0: error: linker command failed with exit code 1 (use -v to see invocation)

afl is

[saahil]

As we mention in the Readme, you need two different compiled versions of your program in order to use the fuzzer mode of macke. This means that the bitcode provided with the --fuzz-bc argument should have been compiled with Clang 6.0 and the bitcode provided at the end should have been compiled with Clang 3.4 . You cannot, unfortunately, use the same sanatized_afl.bc in both places.

[aheroine]

I just compiled the program undertest with version 6.0 and version 3.4 of Clang. But there are still errors when executing line 287 in Fuzzer.py: _run_checked_silent_subprocess([AFLCC, "-O3"] + self.lflags + ["-o", self.afltarget, buffer_extract_afl_instrumented, initializer_afl_instrumented, target_with_drivers])

And this is my config.ini libmackeopt: /home/jl/klee_deploy/macke-opt-llvm/bin/libMackeOpt.so llvmopt: /home/jl/klee_deploy/llvm-3.4.2/Release/bin/opt klee: /home/jl/klee_deploy/klee22/Release+Asserts/bin/klee #llvm-config 6.0.1 llvm-config: /usr/local/bin/llvm-config libmackefuzzopt: /home/jl/klee_deploy/macke-fuzzer-opt-llvm/ afl-bin: /home/jl/klee_deploy/afl-2.42b afl-lib: /home/jl/klee_deploy/afl-2.42b

Can you please verify the config file to see if there is any problem?

[saahil]

Could you paste the actual error instead of just the line number? You do need llvm-config though and it seems like you have commented that line. Same with afl-lib, which seems commented.