Diem: [libra-fuzzer] rustc does not support sanitizers in stable/beta channel

Created on 5 Oct 2019  路  3Comments  路  Source: diem/diem

馃悰 Bug

Reproduce:

  • checkout a rev after beta migration #1072
  • try to run a fuzzer after updating rustc to beta:
$ cd testsuite/libra-fuzzer
$ cargo run fuzz vm_value

# ..

     Running `testsuite/libra-fuzzer fuzz vm_value`
Using default corpus directory: "testsuite/libra-fuzzer/fuzz/corpus/vm_value"
Using default artifacts directory: "testsuite/libra-fuzzer/fuzz/artifacts/vm_value"
error: failed to run `rustc` to learn about target-specific information

Caused by:
  process didn't exit successfully: 

rustc -
    --crate-name ___ --print=file-names --cfg fuzzing -Cpasses=sancov
    -Cllvm-args=-sanitizer-coverage-level=4
    -Cllvm-args=-sanitizer-coverage-trace-compares
    -Cllvm-args=-sanitizer-coverage-trace-divs
    -Cllvm-args=-sanitizer-coverage-trace-geps
    -Cllvm-args=-sanitizer-coverage-prune-blocks=0
    -Zsanitizer=thread                                        <~~~~~~ here ~~~~~
    -Cpanic=abort --target x86_64-apple-darwin
    --crate-type bin --crate-type rlib --crate-type dylib --crate-type cdylib
    --crate-type staticlib --crate-type proc-macro --print=sysroot --print=cfg

error: the option `Z` is only accepted on the nightly compiler

# ..

The relevant code in cargo-fuzz: https://github.com/rust-fuzz/cargo-fuzz/blob/master/src/main.rs#L310

After some investigation, it appears compiling with sanitizers is far from stabilization:

https://github.com/rust-lang/rust/issues/47174

https://github.com/rust-lang/rust/issues/39699

Do we then have to always run fuzzers with a nightly compiler version?

cc @mimoo @bmwill

bug security testsuite

All 3 comments

The immediate solution for me was to run:

$ rustup run nightly cargo run fuzz vm_value

instead of just:

$ cargo run fuzz vm_value

I think you can do RUSTC_BOOTSTRAP=1 cargo run fuzz vm_value

There's a few ways you can do this, but yes since it relies on nightly features you have to either explicitly allow them while fuzzing (with RUSTC_BOOTSTRAP) or use a nightly compiler cargo +nightly run.

Was this page helpful?
0 / 5 - 0 ratings