New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 850742 link

Starred by 1 user
Status: Fixed
Owner:
mmoroz@chromium.org
Closed: Jun 2018
Cc:
robert...@chromium.org
liaoyuke@chromium.org
mmoroz@chromium.org
infe...@chromium.org
st...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug

Blocking:
issue 764514



Sign in to add a comment

Build: implement new "use_libfuzzer" GN flag that will not enable sanitizer coverage

Project Member Reported by mmoroz@chromium.org, Jun 7 2018 
We should roll libFuzzer in order to pick up my change https://reviews.llvm.org/rL333116

After that, we will be able to run fuzz targets without sanitizer coverage instrumentation.

I think it's going to be a good improvement, as it will speed up both building and running. Plus, apparently sancov may affect stability of some large tests we're running.

Comment 1 by mmoroz@chromium.org, Jun 7 2018

Owner: mmoroz@chromium.org
Status: Assigned (was: Untriaged)
Tentatively assigning to myself. Feel free to steal.

Comment 2 by mmoroz@chromium.org, Jun 7 2018

Blockedon: -845798
Actually, it shouldn't depend on the clang roll.

Comment 3 by mmoroz@chromium.org, Jun 7 2018

Blocking: 764514
Might be a good idea to implement this before migrating to fuzzer-no-link, as that would enable even more instrumentation.

Comment 4 by mmoroz@chromium.org, Jun 8 2018

Status: Started (was: Assigned)

Comment 5 by mmoroz@chromium.org, Jun 8 2018 

Actually, use_sanitizer_coverage = false seems to be sufficient for now. I should keep it that way when migrating to fuzzer-no-link as well.
Project Member

Comment 6 by bugdroid1@chromium.org, Jun 8 2018 

The following revision refers to this bug:
  https://chrome-internal.googlesource.com/chrome/tools/code-coverage/+/83ce2c5375af92de2845e984f615ea168d915af7

commit 83ce2c5375af92de2845e984f615ea168d915af7
Author: Max Moroz <mmoroz@google.com>
Date: Fri Jun 08 19:41:54 2018

Comment 7 by mmoroz@chromium.org, Jun 8 2018 

Copied time from a couple bots so we can compare how did it change after a day or two:

mmoroz@code-coverage-linux-0001:~$ cat ../coverage-bot/bot.log | egrep '###.*.bash' | egrep 'Start|End'
+ echo '### Start /home/coverage-bot/scripts/code_coverage_loop.bash at Wed Jun  6 14:28:28 UTC 2018'
### Start /home/coverage-bot/scripts/code_coverage_loop.bash at Wed Jun  6 14:28:28 UTC 2018
+ echo '### Start /home/coverage-bot/scripts/build_targets.bash at Wed Jun  6 14:28:51 UTC 2018'
### Start /home/coverage-bot/scripts/build_targets.bash at Wed Jun  6 14:28:51 UTC 2018
+ echo '### End /home/coverage-bot/scripts/build_targets.bash at Wed Jun  6 18:47:21 UTC 2018'
### End /home/coverage-bot/scripts/build_targets.bash at Wed Jun  6 18:47:21 UTC 2018
+ echo '### Start /home/coverage-bot/scripts/run_test_targets.bash at Wed Jun  6 18:47:22 UTC 2018'
### Start /home/coverage-bot/scripts/run_test_targets.bash at Wed Jun  6 18:47:22 UTC 2018
+ echo '### End /home/coverage-bot/scripts/run_test_targets.bash at Wed Jun  6 21:30:22 UTC 2018'
### End /home/coverage-bot/scripts/run_test_targets.bash at Wed Jun  6 21:30:22 UTC 2018
+ echo '### Start /home/coverage-bot/scripts/run_fuzz_targets.bash at Wed Jun  6 21:30:22 UTC 2018'
### Start /home/coverage-bot/scripts/run_fuzz_targets.bash at Wed Jun  6 21:30:22 UTC 2018
+ echo '### End /home/coverage-bot/scripts/run_fuzz_targets.bash at Thu Jun  7 01:14:07 UTC 2018'
### End /home/coverage-bot/scripts/run_fuzz_targets.bash at Thu Jun  7 01:14:07 UTC 2018
+ echo '### Start /home/coverage-bot/scripts/run_layout_tests.bash at Thu Jun  7 01:14:07 UTC 2018'
### Start /home/coverage-bot/scripts/run_layout_tests.bash at Thu Jun  7 01:14:07 UTC 2018
+ echo '### End /home/coverage-bot/scripts/run_layout_tests.bash at Thu Jun  7 04:45:16 UTC 2018'
### End /home/coverage-bot/scripts/run_layout_tests.bash at Thu Jun  7 04:45:16 UTC 2018
+ echo '### End /home/coverage-bot/scripts/code_coverage_loop.bash at Thu Jun  7 08:20:32 UTC 2018'
### End /home/coverage-bot/scripts/code_coverage_loop.bash at Thu Jun  7 08:20:32 UTC 2018
+ echo '### Start /home/coverage-bot/scripts/code_coverage_loop.bash at Thu Jun  7 08:20:32 UTC 2018'
### Start /home/coverage-bot/scripts/code_coverage_loop.bash at Thu Jun  7 08:20:32 UTC 2018
+ echo '### Start /home/coverage-bot/scripts/build_targets.bash at Thu Jun  7 08:22:36 UTC 2018'
### Start /home/coverage-bot/scripts/build_targets.bash at Thu Jun  7 08:22:36 UTC 2018
+ echo '### End /home/coverage-bot/scripts/build_targets.bash at Thu Jun  7 12:40:34 UTC 2018'
### End /home/coverage-bot/scripts/build_targets.bash at Thu Jun  7 12:40:34 UTC 2018
+ echo '### Start /home/coverage-bot/scripts/run_test_targets.bash at Thu Jun  7 12:40:34 UTC 2018'
### Start /home/coverage-bot/scripts/run_test_targets.bash at Thu Jun  7 12:40:34 UTC 2018
+ echo '### End /home/coverage-bot/scripts/run_test_targets.bash at Thu Jun  7 15:38:36 UTC 2018'
### End /home/coverage-bot/scripts/run_test_targets.bash at Thu Jun  7 15:38:36 UTC 2018
+ echo '### Start /home/coverage-bot/scripts/run_fuzz_targets.bash at Thu Jun  7 15:38:36 UTC 2018'
### Start /home/coverage-bot/scripts/run_fuzz_targets.bash at Thu Jun  7 15:38:36 UTC 2018
+ echo '### End /home/coverage-bot/scripts/run_fuzz_targets.bash at Thu Jun  7 19:34:01 UTC 2018'
### End /home/coverage-bot/scripts/run_fuzz_targets.bash at Thu Jun  7 19:34:01 UTC 2018
+ echo '### Start /home/coverage-bot/scripts/run_layout_tests.bash at Thu Jun  7 19:34:01 UTC 2018'
### Start /home/coverage-bot/scripts/run_layout_tests.bash at Thu Jun  7 19:34:01 UTC 2018
+ echo '### End /home/coverage-bot/scripts/run_layout_tests.bash at Thu Jun  7 23:02:54 UTC 2018'
### End /home/coverage-bot/scripts/run_layout_tests.bash at Thu Jun  7 23:02:54 UTC 2018
+ echo '### End /home/coverage-bot/scripts/code_coverage_loop.bash at Fri Jun  8 02:47:04 UTC 2018'
### End /home/coverage-bot/scripts/code_coverage_loop.bash at Fri Jun  8 02:47:04 UTC 2018





mmoroz@code-coverage-linux-0002:~$ cat ../coverage-bot/bot.log | egrep '###.*.bash' | egrep 'Start|End'
+ echo '### Start /home/coverage-bot/scripts/code_coverage_loop.bash at Thu Jun  7 03:30:50 UTC 2018'
### Start /home/coverage-bot/scripts/code_coverage_loop.bash at Thu Jun  7 03:30:50 UTC 2018
+ echo '### Start /home/coverage-bot/scripts/build_targets.bash at Thu Jun  7 03:31:22 UTC 2018'
### Start /home/coverage-bot/scripts/build_targets.bash at Thu Jun  7 03:31:22 UTC 2018
+ echo '### End /home/coverage-bot/scripts/build_targets.bash at Thu Jun  7 07:43:38 UTC 2018'
### End /home/coverage-bot/scripts/build_targets.bash at Thu Jun  7 07:43:38 UTC 2018
+ echo '### Start /home/coverage-bot/scripts/run_test_targets.bash at Thu Jun  7 07:43:39 UTC 2018'
### Start /home/coverage-bot/scripts/run_test_targets.bash at Thu Jun  7 07:43:39 UTC 2018
+ echo '### End /home/coverage-bot/scripts/run_test_targets.bash at Thu Jun  7 10:31:53 UTC 2018'
### End /home/coverage-bot/scripts/run_test_targets.bash at Thu Jun  7 10:31:53 UTC 2018
+ echo '### Start /home/coverage-bot/scripts/run_fuzz_targets.bash at Thu Jun  7 10:31:53 UTC 2018'
### Start /home/coverage-bot/scripts/run_fuzz_targets.bash at Thu Jun  7 10:31:53 UTC 2018
+ echo '### End /home/coverage-bot/scripts/run_fuzz_targets.bash at Thu Jun  7 14:17:46 UTC 2018'
### End /home/coverage-bot/scripts/run_fuzz_targets.bash at Thu Jun  7 14:17:46 UTC 2018
+ echo '### Start /home/coverage-bot/scripts/run_layout_tests.bash at Thu Jun  7 14:17:46 UTC 2018'
### Start /home/coverage-bot/scripts/run_layout_tests.bash at Thu Jun  7 14:17:46 UTC 2018
+ echo '### End /home/coverage-bot/scripts/run_layout_tests.bash at Thu Jun  7 17:44:07 UTC 2018'
### End /home/coverage-bot/scripts/run_layout_tests.bash at Thu Jun  7 17:44:07 UTC 2018
+ echo '### End /home/coverage-bot/scripts/code_coverage_loop.bash at Thu Jun  7 21:19:48 UTC 2018'
### End /home/coverage-bot/scripts/code_coverage_loop.bash at Thu Jun  7 21:19:48 UTC 2018
+ echo '### Start /home/coverage-bot/scripts/code_coverage_loop.bash at Thu Jun  7 21:19:48 UTC 2018'
### Start /home/coverage-bot/scripts/code_coverage_loop.bash at Thu Jun  7 21:19:48 UTC 2018
+ echo '### Start /home/coverage-bot/scripts/build_targets.bash at Thu Jun  7 21:21:59 UTC 2018'
### Start /home/coverage-bot/scripts/build_targets.bash at Thu Jun  7 21:21:59 UTC 2018
+ echo '### End /home/coverage-bot/scripts/build_targets.bash at Fri Jun  8 01:41:01 UTC 2018'
### End /home/coverage-bot/scripts/build_targets.bash at Fri Jun  8 01:41:01 UTC 2018
+ echo '### Start /home/coverage-bot/scripts/run_test_targets.bash at Fri Jun  8 01:41:01 UTC 2018'
### Start /home/coverage-bot/scripts/run_test_targets.bash at Fri Jun  8 01:41:01 UTC 2018
+ echo '### End /home/coverage-bot/scripts/run_test_targets.bash at Fri Jun  8 04:31:00 UTC 2018'
### End /home/coverage-bot/scripts/run_test_targets.bash at Fri Jun  8 04:31:00 UTC 2018
+ echo '### Start /home/coverage-bot/scripts/run_fuzz_targets.bash at Fri Jun  8 04:31:00 UTC 2018'
### Start /home/coverage-bot/scripts/run_fuzz_targets.bash at Fri Jun  8 04:31:00 UTC 2018
+ echo '### End /home/coverage-bot/scripts/run_fuzz_targets.bash at Fri Jun  8 08:19:24 UTC 2018'
### End /home/coverage-bot/scripts/run_fuzz_targets.bash at Fri Jun  8 08:19:24 UTC 2018
+ echo '### Start /home/coverage-bot/scripts/run_layout_tests.bash at Fri Jun  8 08:19:24 UTC 2018'
### Start /home/coverage-bot/scripts/run_layout_tests.bash at Fri Jun  8 08:19:24 UTC 2018
+ echo '### End /home/coverage-bot/scripts/run_layout_tests.bash at Fri Jun  8 11:46:50 UTC 2018'
### End /home/coverage-bot/scripts/run_layout_tests.bash at Fri Jun  8 11:46:50 UTC 2018
+ echo '### End /home/coverage-bot/scripts/code_coverage_loop.bash at Fri Jun  8 15:20:37 UTC 2018'
### End /home/coverage-bot/scripts/code_coverage_loop.bash at Fri Jun  8 15:20:37 UTC 2018
Project Member

Comment 8 by bugdroid1@chromium.org, Jun 8 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5e09a6b738f26174417dc579249f126b5b2e1f8e

commit 5e09a6b738f26174417dc579249f126b5b2e1f8e
Author: Max Moroz <mmoroz@chromium.org>
Date: Fri Jun 08 22:04:47 2018

Roll src/third_party/libFuzzer/src/ fda403cf9..873dc11d9 (29 commits)

https://chromium.googlesource.com/chromium/llvm-project/compiler-rt/lib/fuzzer.git/+log/fda403cf93ec..873dc11d9a52

$ git log fda403cf9..873dc11d9 --date=short --no-merges --format='%ad %ae %s'
2018-06-07 kcc [libFuzzer] When printing NEW_FUNC, use 1-base indexing.
2018-06-07 phosek [Fuzzer] Update the header path for fdio/spawn.h on Fuchsia
2018-06-07 kcc [libFuzzer] make the corpus elements aware of their data flow traces
2018-06-06 kcc [libFuzzer] remove an experimental flag -use_feature_frequency
2018-06-06 phosek [Fuzzer] Use private libc++ even for Fuchsia
2018-06-06 phosek [CMake] Passthrough additional flags to custom libcxx CMake build
2018-06-06 ibiryukov Fix compile error with libstdc++.
2018-06-06 kcc [libFuzzer] initial implementation of -data_flow_trace. It parses the data flow trace and prints the summary, but doesn't use the information in any other way yet
2018-06-02 phosek [Fuzzer] Migrate Fuchsia port from launchpad to fdio_spawn
2018-05-31 kcc [libFuzzer] add collect_data_flow.py that allows to run the data-flow tracer several times on subsets of inputs bytes, to overcome DFSan out-of-label failures
2018-05-26 phosek [Fuzzer] Update _zx_port_wait function use in Fuchsia port
2018-05-24 george.karpenkov [libFuzzer] Run libFuzzer unit tests only on host architecture.
2018-05-24 kcc [libFuzzer] DataFlow tracer now tags a subset of the input. A separate script merges traces from the subsets
2018-05-23 kcc [libFuzzer] fix two off-by-ones (!!) in the data flow tracer
2018-05-23 kcc [libFuzzer] change the output format for the DataFlow tracer
2018-05-23 dor1s [libFuzzer] Don't complain about lack of interesting inputs when -runs=0.
2018-05-23 kcc [libFuzzer] modify -print_corpus_stats to print whether the input reaches the focus function
2018-05-21 kcc [libFuzzer] reinstate -dump_coverage, which is still in use (reverts r332036)
2018-05-16 kcc [libFuzzer] add an experimental flag -focus_function: libFuzzer will try to focus on inputs that trigger that function
2018-05-15 kcc [libFuzzer] deprecate equivalence_server
2018-05-11 kcc [libFuzzer] refactor the implementation of -print_coverage
2018-05-10 kcc [libFuzzer] remove the dump_coverage flag, it hasn't been working with the inline sanitizer coverage anyway
2018-05-10 kcc [libFuzzer] remove the experimental support for clang coverage instrumentation. This mode has not been used and our experiments with https://github.com/google/fuzzer-test-suite show that this signal is weaker than the SanitizerCoverage
2018-05-10 kcc [libFuzzer] Experimental data flow tracer for fuzz targets.
2018-05-10 kamil wrong usages of sem_open in the libFuzzer
2018-05-08 morehouse [libFuzzer] Guard symbolization with try-lock.
2018-05-02 morehouse [libFuzzer] Don't short-circuit from CrashCallback.
2018-05-01 morehouse [libFuzzer] Report at most one crash per input.
2018-04-24 delcypher [LibFuzzer] Tweak `MutationDispatcher::Mutate_CopyPart` mutation.

Created with:
  roll-dep src/third_party/libFuzzer/src

R=metzman@chromium.org

Bug:  850742 
Change-Id: I5f438e8d92f2021d61cdaab87de05d1a3784c22e
Reviewed-on: https://chromium-review.googlesource.com/1092876
Reviewed-by: Jonathan Metzman <metzman@chromium.org>
Commit-Queue: Max Moroz <mmoroz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#565754}
[modify] https://crrev.com/5e09a6b738f26174417dc579249f126b5b2e1f8e/DEPS
[modify] https://crrev.com/5e09a6b738f26174417dc579249f126b5b2e1f8e/third_party/libFuzzer/BUILD.gn

Comment 9 by mmoroz@chromium.org, Jun 11 2018

Status: Fixed (was: Started)
A new flag wasn't necessary, libFuzzer roll was enough. There is a problem though ( issue 851337 ), but this one is done.

Sign in to add a comment