Using LLVM based fuzzing tools (KLEE) on IR produced by gollvm

[Mircea Preoteasa]

Hello, I have recently started fiddling around with the gollvm compiler with the end goal of being able to fuzz test Go programs with LLVM based tools such as KLEE [1]. Here's what I did:

1.)  Compiled gollvm and installed KLEE from the official repositories under the Fedora 37 official docker image

2.) Used llvm-goc to emit llvm IR for a sample Go program (attached below) (adapted from KLEE's get sign example), then llvm-as to convert that to bitcode

Running KLEE on the resulting bitcode, it seems that it can't find any of the Go runtime symbols (see screenshot attached). My supposition is that I might need to recompile the Go runtime to LLVM bitcode in order to get this working. Is this correct? If yes, how would I go about doing that?

[1]: https://klee.github.io/

[Than McIntosh]

Hello,

I assume that the fuzzing works by running the LLVM bitcode through the interpreter? If so then these threads here are related:

https://groups.google.com/g/golang-nuts/c/raheTfR_Syk/m/-9FaVnKqAwAJ
https://groups.google.com/g/golang-nuts/c/9lSni3jhXhA/m/KQzlRJtoBAAJ

As you can see from https://go-review.googlesource.com/c/gofrontend/+/140917, running gollvm programs via the interpreter is kind of a research project at the moment, requires a lot of hacks. This is a use case that we haven't really fully fleshed out.

Regards, Than

--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/83933628-8cf9-4927-afab-ead514702ba8n%40googlegroups.com.