Reproduce:
$ cd testsuite/libra-fuzzer
$ cargo run fuzz vm_value
# ..
Running `testsuite/libra-fuzzer fuzz vm_value`
Using default corpus directory: "testsuite/libra-fuzzer/fuzz/corpus/vm_value"
Using default artifacts directory: "testsuite/libra-fuzzer/fuzz/artifacts/vm_value"
error: failed to run `rustc` to learn about target-specific information
Caused by:
process didn't exit successfully:
rustc -
--crate-name ___ --print=file-names --cfg fuzzing -Cpasses=sancov
-Cllvm-args=-sanitizer-coverage-level=4
-Cllvm-args=-sanitizer-coverage-trace-compares
-Cllvm-args=-sanitizer-coverage-trace-divs
-Cllvm-args=-sanitizer-coverage-trace-geps
-Cllvm-args=-sanitizer-coverage-prune-blocks=0
-Zsanitizer=thread <~~~~~~ here ~~~~~
-Cpanic=abort --target x86_64-apple-darwin
--crate-type bin --crate-type rlib --crate-type dylib --crate-type cdylib
--crate-type staticlib --crate-type proc-macro --print=sysroot --print=cfg
error: the option `Z` is only accepted on the nightly compiler
# ..
The relevant code in cargo-fuzz: https://github.com/rust-fuzz/cargo-fuzz/blob/master/src/main.rs#L310
After some investigation, it appears compiling with sanitizers is far from stabilization:
https://github.com/rust-lang/rust/issues/47174
https://github.com/rust-lang/rust/issues/39699
Do we then have to always run fuzzers with a nightly compiler version?
cc @mimoo @bmwill
The immediate solution for me was to run:
$ rustup run nightly cargo run fuzz vm_value
instead of just:
$ cargo run fuzz vm_value
I think you can do RUSTC_BOOTSTRAP=1 cargo run fuzz vm_value
There's a few ways you can do this, but yes since it relies on nightly features you have to either explicitly allow them while fuzzing (with RUSTC_BOOTSTRAP) or use a nightly compiler cargo +nightly run.