Trouble compiling with afl-clang-fast
3,364 views
Skip to first unread message
Pedro Côrte-Real
Feb 13, 2016, 5:06:42 PM2/13/16
to afl-...@googlegroups.com
Hi,
I'm using afl-fuzz to find bugs in rawspeed[1], a raw loading library.
I wrote a small program[2] to exercise the library and have been
fuzzing that with great success (quite a few issues already fixed). To
make the fuzzing faster I wanted to be able to compile with
afl-clang-fast as rawspeed needs to load a large XML with camera
definitions in the beginning so being able to place __AFL_INIT() after
that should make for a nice speedup. Unfortunately it seems
afl-clang-fast breaks our cmake build (afl-gcc and afl-clang both work
fine).
The cmake run seems to break when trying to compile things. For
example the ABI detection fails with linking issues:
"/usr/bin/ld" -export-dynamic -z relro --hash-style=gnu --build-id
--eh-frame-hdr -m elf_x86_64 -dynamic-linker
/lib64/ld-linux-x86-64.so.2 -o cmTryCompileExec1174673255
/usr/bin/../lib/gcc/x86_64-linux-gnu/4.8/../../../x86_64-linux-gnu/crt1.o
/usr/bin/../lib/gcc/x86_64-linux-gnu/4.8/../../../x86_64-linux-gnu/crti.o
/usr/bin/../lib/gcc/x86_64-linux-gnu/4.8/crtbegin.o
-L/usr/bin/../lib/gcc/x86_64-linux-gnu/4.8
-L/usr/bin/../lib/gcc/x86_64-linux-gnu/4.8/../../../x86_64-linux-gnu
-L/lib/x86_64-linux-gnu -L/lib/../lib64 -L/usr/lib/x86_64-linux-gnu
-L/usr/bin/../lib/gcc/x86_64-linux-gnu/4.8/../../..
-L/usr/lib/llvm-3.6/bin/../lib -L/lib -L/usr/lib
CMakeFiles/cmTryCompileExec1174673255.dir/CMakeCXXCompilerABI.cpp.o
-lstdc++ -lm -lgcc_s -lgcc -lc -lgcc_s -lgcc
/usr/bin/../lib/gcc/x86_64-linux-gnu/4.8/crtend.o
/usr/bin/../lib/gcc/x86_64-linux-gnu/4.8/../../../x86_64-linux-gnu/crtn.o
CMakeFiles/cmTryCompileExec1174673255.dir/CMakeCXXCompilerABI.cpp.o:
In function `main':
/usr/share/cmake-2.8/Modules/CMakeCXXCompilerABI.cpp:11: undefined
reference to `__afl_prev_loc'
/usr/share/cmake-2.8/Modules/CMakeCXXCompilerABI.cpp:11: undefined
reference to `__afl_area_ptr'
/usr/share/cmake-2.8/Modules/CMakeCXXCompilerABI.cpp:11: undefined
reference to `__afl_prev_loc'
clang: error: linker command failed with exit code 1 (use -v to see invocation)
The full log of that error is here:
https://gist.github.com/pedrocr/fda14ef788e673ac6a30
I've googled around for similar issues but couldn't find any. I'm
using Ubuntu 14.04, afl-fuzz 1.96b and have tried this with clang 3.4
and 3.6. Building CMakeCXXCompilerABI.cpp by itself seems to work fine
so I'm guessing there's something strange with the way the compilation
is being run. All those gcc things are also quite strange, so maybe
cmake is misdetecting afl-clang-fast as gcc somehow.
Anyone have any ideas about this?
Cheers,
Pedro
[1] https://github.com/klauspost/rawspeed
[2] https://github.com/darktable-org/darktable/blob/master/src/external/rawspeed/rawspeed-identify.cpp
I'm using afl-fuzz to find bugs in rawspeed[1], a raw loading library.
I wrote a small program[2] to exercise the library and have been
fuzzing that with great success (quite a few issues already fixed). To
make the fuzzing faster I wanted to be able to compile with
afl-clang-fast as rawspeed needs to load a large XML with camera
definitions in the beginning so being able to place __AFL_INIT() after
that should make for a nice speedup. Unfortunately it seems
afl-clang-fast breaks our cmake build (afl-gcc and afl-clang both work
fine).
The cmake run seems to break when trying to compile things. For
example the ABI detection fails with linking issues:
"/usr/bin/ld" -export-dynamic -z relro --hash-style=gnu --build-id
--eh-frame-hdr -m elf_x86_64 -dynamic-linker
/lib64/ld-linux-x86-64.so.2 -o cmTryCompileExec1174673255
/usr/bin/../lib/gcc/x86_64-linux-gnu/4.8/../../../x86_64-linux-gnu/crt1.o
/usr/bin/../lib/gcc/x86_64-linux-gnu/4.8/../../../x86_64-linux-gnu/crti.o
/usr/bin/../lib/gcc/x86_64-linux-gnu/4.8/crtbegin.o
-L/usr/bin/../lib/gcc/x86_64-linux-gnu/4.8
-L/usr/bin/../lib/gcc/x86_64-linux-gnu/4.8/../../../x86_64-linux-gnu
-L/lib/x86_64-linux-gnu -L/lib/../lib64 -L/usr/lib/x86_64-linux-gnu
-L/usr/bin/../lib/gcc/x86_64-linux-gnu/4.8/../../..
-L/usr/lib/llvm-3.6/bin/../lib -L/lib -L/usr/lib
CMakeFiles/cmTryCompileExec1174673255.dir/CMakeCXXCompilerABI.cpp.o
-lstdc++ -lm -lgcc_s -lgcc -lc -lgcc_s -lgcc
/usr/bin/../lib/gcc/x86_64-linux-gnu/4.8/crtend.o
/usr/bin/../lib/gcc/x86_64-linux-gnu/4.8/../../../x86_64-linux-gnu/crtn.o
CMakeFiles/cmTryCompileExec1174673255.dir/CMakeCXXCompilerABI.cpp.o:
In function `main':
/usr/share/cmake-2.8/Modules/CMakeCXXCompilerABI.cpp:11: undefined
reference to `__afl_prev_loc'
/usr/share/cmake-2.8/Modules/CMakeCXXCompilerABI.cpp:11: undefined
reference to `__afl_area_ptr'
/usr/share/cmake-2.8/Modules/CMakeCXXCompilerABI.cpp:11: undefined
reference to `__afl_prev_loc'
clang: error: linker command failed with exit code 1 (use -v to see invocation)
The full log of that error is here:
https://gist.github.com/pedrocr/fda14ef788e673ac6a30
I've googled around for similar issues but couldn't find any. I'm
using Ubuntu 14.04, afl-fuzz 1.96b and have tried this with clang 3.4
and 3.6. Building CMakeCXXCompilerABI.cpp by itself seems to work fine
so I'm guessing there's something strange with the way the compilation
is being run. All those gcc things are also quite strange, so maybe
cmake is misdetecting afl-clang-fast as gcc somehow.
Anyone have any ideas about this?
Cheers,
Pedro
[1] https://github.com/klauspost/rawspeed
[2] https://github.com/darktable-org/darktable/blob/master/src/external/rawspeed/rawspeed-identify.cpp
Hanno Böck
Feb 13, 2016, 5:31:37 PM2/13/16
to afl-...@googlegroups.com
On Sat, 13 Feb 2016 22:06:21 +0000
Pedro Côrte-Real <pe...@pedrocr.net> wrote:
> /usr/share/cmake-2.8/Modules/CMakeCXXCompilerABI.cpp:11: undefined
> reference to `__afl_prev_loc'
> /usr/share/cmake-2.8/Modules/CMakeCXXCompilerABI.cpp:11: undefined
> reference to `__afl_area_ptr'
> /usr/share/cmake-2.8/Modules/CMakeCXXCompilerABI.cpp:11: undefined
> reference to `__afl_prev_loc'
> clang: error: linker command failed with exit code 1 (use -v to see
> invocation)
Most likely your problem is that you're trying to compile with
Pedro Côrte-Real <pe...@pedrocr.net> wrote:
> /usr/share/cmake-2.8/Modules/CMakeCXXCompilerABI.cpp:11: undefined
> reference to `__afl_prev_loc'
> /usr/share/cmake-2.8/Modules/CMakeCXXCompilerABI.cpp:11: undefined
> reference to `__afl_area_ptr'
> /usr/share/cmake-2.8/Modules/CMakeCXXCompilerABI.cpp:11: undefined
> reference to `__afl_prev_loc'
> clang: error: linker command failed with exit code 1 (use -v to see
> invocation)
afl-clang-fast(++), but then try to link with gcc. That probably breaks.
Tell cmake to use afl-clang-fast as the linker command, then it should
work.
--
Hanno Böck
https://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
Pedro Côrte-Real
Feb 13, 2016, 5:44:14 PM2/13/16
to afl-...@googlegroups.com
On Sat, Feb 13, 2016 at 10:32 PM, Hanno Böck <ha...@hboeck.de> wrote:
> Most likely your problem is that you're trying to compile with
> afl-clang-fast(++), but then try to link with gcc. That probably breaks.
>
> Tell cmake to use afl-clang-fast as the linker command, then it should
> work.
Thanks, that works. Unfortunately it seems the gtk detection is still
> Most likely your problem is that you're trying to compile with
> afl-clang-fast(++), but then try to link with gcc. That probably breaks.
>
> Tell cmake to use afl-clang-fast as the linker command, then it should
> work.
failing for some reason. Will have to dig in a bit more.
Cheers,
Pedro
Pedro Côrte-Real
Feb 13, 2016, 6:57:24 PM2/13/16
to afl-...@googlegroups.com
On Sat, Feb 13, 2016 at 10:43 PM, Pedro Côrte-Real <pe...@pedrocr.net> wrote:
> Thanks, that works. Unfortunately it seems the gtk detection is still
> failing for some reason. Will have to dig in a bit more.
I've gotten it to compile with a bit of a hack. I've set clang/clang++
> Thanks, that works. Unfortunately it seems the gtk detection is still
> failing for some reason. Will have to dig in a bit more.
as the compiler for the cmake run but then inside CMakeLists.txt
forced afl-clang-fast/afl-clang-fast++ as the compilers. This works
fine, so it seems for some reason afl-clang-fast breaks the cmake
tests but not the compilation itself. afl-clang works though so
there's something specific to the llvm stuff.
Anyway, this hacked together solution is now happily fuzzing at 4x the
throughput so that's nice.
Cheers,
Pedro
jan.kn...@gmail.com
Jul 28, 2016, 10:34:48 AM7/28/16
to afl-users
I also just ran into the issue.
$ afl-2.21b/afl-clang-fast++ -o CMakeCXXCompilerABI /usr/share/cmake-3.5/Modules/CMakeCXXCompilerABI.cpp -rdynamic
[+] Instrumented 1 locations (non-hardened mode, ratio 100%).
works.
$ afl-2.21b/afl-clang-fast++ -v -o CMakeCXXCompilerABI /usr/share/cmake-3.5/Modules/CMakeCXXCompilerABI.cpp -rdynamic
...
/usr/share/cmake-3.5/Modules/CMakeCXXCompilerABI.cpp:11: undefined reference to `__afl_prev_loc'
/usr/share/cmake-3.5/Modules/CMakeCXXCompilerABI.cpp:11: undefined reference to `__afl_area_ptr'
clang: error: linker command failed with exit code 1 (use -v to see invocation)
No idea why, but the "-v" to get the verbose output makes it fail.
Michal Zalewski
Jul 28, 2016, 10:36:27 AM7/28/16
to afl-users
> No idea why, but the "-v" to get the verbose output makes it fail.
Yeah, that's sort of intentional; do you think that's the problem that
Pedro is running into? We can definitely work around it.
/mz
Jan Kneschke
Jul 30, 2016, 6:05:17 PM7/30/16
to afl-...@googlegroups.com
Ok, confirmed.
afl-2.21b/llvm_mode$ grep -- '-v' *
afl-clang-fast.c: !strcmp(cur, "-v")) maybe_linking = 0;
Removing the check for "-v" makes cmake happy again. Everything
works as expected afterwards. Fuzzing performance went up :)
Jan Kneschke
Jul 30, 2016, 6:05:17 PM7/30/16
to afl-...@googlegroups.com
Cmake run with -v to discover search paths and other internally set options. Making that fail the build, will fail all recent Cmake based projects it seems.
I bet that this was Pedro's problem too.
--
You received this message because you are subscribed to a topic in the Google Groups "afl-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/afl-users/rdyewOQbq4Y/unsubscribe.
To unsubscribe from this group and all its topics, send an email to afl-users+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Michal Zalewski
Jul 30, 2016, 6:11:58 PM7/30/16
to afl-users
Thanks for checking. I think this should be fixed in 2.22b.
> --
> You received this message because you are subscribed to the Google Groups
> "afl-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> You received this message because you are subscribed to the Google Groups
> "afl-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
Reply all
Reply to author
Forward
0 new messages