https://bugs.llvm.org/show_bug.cgi?id=34314
Bug ID: 34314
Summary: improve support for fuzz targets in LLVM
Product: new-bugs
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: new bugs
Assignee: masc...@google.com
Reporter: k...@google.com
CC: ekarpen...@apple.com, llvm-b...@justinbogner.com,
llvm-bugs@lists.llvm.org
Currently, we have only one way to build fuzz targets (e.g. clang-fuzzer) in
LLVM: specify -DLLVM_USE_SANITIZE_COVERAGE=On and -DLLVM_USE_SANITIZER=Address
I would like to have this be more flexible.
1. Fuzz targets should be built in the default configuration (no asan, no
coverage). They won't be suitable for fuzzing this way, but this will ensure
that the code still builds (fuzz targets need to be build during check-all)
2. [stretch] each fuzz target foo-fuzz needs to have a build rule
check-foo-fuzz that will execute the fuzz target on a fixed set of inputs (from
the same repo) as a way of regression testing. This will ensure that the fuzz
target not only builds, but runs. This is also a great regression test.
3. Fuzz targets should work with any of the sanitizers, or with none at all
(-DLLVM_USE_SANITIZER=Address should not be mandatory)
4. There should be a way to specify the compile-time coverage instrumentation
flags and link-time fuzzing engine flag. In particular, I'd like to support the
env. vars. defined by OSS-Fuzz: CC, CXX, CFLAGS, CXXFLAGS, LIB_FUZZING_ENGINE
(by passing these flags to cmake variables). This way we'll be able to build
the fuzz targets with e.g. AFL, hoggfuzz, and with Clang Coverage (for coverage
visualization)
--
You are receiving this mail because:
You are on the CC list for the bug._______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
