libFuzzer on Mac PC Table Mismatch |
||||||
Issue descriptionSince 9/30 (at latest) all Mac runs of libFuzzer have quit early with this error: ERROR: The size of coverage PC tables does not match the number of instrumented PCs. This might be a compiler bug, please contact the libFuzzer developers. Also check https://bugs.llvm.org/show_bug.cgi?id=34636 for possible workarounds (tl;dr: don't use the old GNU ld) See gs://clusterfuzz-libfuzzer-logs/libFuzzer_safe_browsing_dmg_fuzzer/mac_libfuzzer_chrome_asan/ for proof. It seems likely to me that this has happened ever since the switch to -fsanitize=fuzzer, since (I think) this bug can only occur with the new instrumentation. I'm not reverting the patch because it's only affected Mac. Assigning to Max as he made the switch and (more importantly) because no one else has a Mac.
,
Oct 4
ccing dynamic-tools folks who may know more about this breakage.
,
Oct 4
Matt, was your fix for issue 856239 (similar problem on Linux) platform specific? Maybe we can just do the same thing in Mac-specific code, if this is the case?
,
Oct 4
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f892900930eeb0fe9a235330441166bbe61edc6c commit f892900930eeb0fe9a235330441166bbe61edc6c Author: Jonathan Metzman <metzman@chromium.org> Date: Thu Oct 04 18:25:29 2018 [libFuzzer][Mac] Speculative fix for PC Table Mismatch Use old instrumentation on Mac because of PC Table mismatch with 8-bit counters. Also fix comment misstating default value of sanitizer_coverage_flags. TBR=mmoroz@chromium.org Bug: 892167 Change-Id: I8c69911dd88630dcb382891b4b7e7ed885fced4b Reviewed-on: https://chromium-review.googlesource.com/c/1262077 Commit-Queue: Jonathan Metzman <metzman@chromium.org> Reviewed-by: Max Moroz <mmoroz@chromium.org> Reviewed-by: Abhishek Arya <inferno@chromium.org> Cr-Commit-Position: refs/heads/master@{#596766} [modify] https://crrev.com/f892900930eeb0fe9a235330441166bbe61edc6c/build/config/sanitizers/BUILD.gn [modify] https://crrev.com/f892900930eeb0fe9a235330441166bbe61edc6c/build/config/sanitizers/sanitizers.gni
,
Oct 4
I suspect we may need to add the inline 8-bit counters and PC tables to the "Used" set on Mac. We already do this with PC guards on Mac. Not sure exactly why we have to do this, or if there's a better way (that doesn't prevent dead stripping)... I believe Kostya did some investigation in the past.
,
Oct 5
,
Oct 9
I'm removing Tools>Stability>ClusterFuzz component to get rid of RVG restriction and share this with George from Apple.
,
Oct 10
,
Oct 10
Confirmed that disabling dead stripping (like in issue 856239) "fixes" the problem, but it is not something we should do. Looking more.
,
Oct 10
Thanks a lot to Matt's advice, I've uploaded https://reviews.llvm.org/D53113 and https://reviews.llvm.org/D53114.
,
Oct 12
,
Nov 13
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a6986c17e678c3a36b024dacb3e61e71a658f26b commit a6986c17e678c3a36b024dacb3e61e71a658f26b Author: Max Moroz <mmoroz@chromium.org> Date: Tue Nov 13 17:38:17 2018 [libFuzzer] Switch back to -fsanitize=fuzzer-no-link instrumentation on Mac. This reverts the speculative fix landed in https://crrev.com/c/1262077. Bug: 892167 Change-Id: I1eb3c8c9cb2615cfd33681554fad7e4234a4a497 Reviewed-on: https://chromium-review.googlesource.com/c/1332428 Reviewed-by: Jonathan Metzman <metzman@chromium.org> Commit-Queue: Max Moroz <mmoroz@chromium.org> Cr-Commit-Position: refs/heads/master@{#607636} [modify] https://crrev.com/a6986c17e678c3a36b024dacb3e61e71a658f26b/build/config/sanitizers/BUILD.gn [modify] https://crrev.com/a6986c17e678c3a36b024dacb3e61e71a658f26b/build/config/sanitizers/sanitizers.gni
,
Nov 14
|
||||||
►
Sign in to add a comment |
||||||
Comment 1 by metzman@chromium.org
, Oct 4