From: Matt Morehouse Date: Thu, 19 Jul 2018 17:59:11 +0000 (+0000) Subject: [libFuzzer] Update documentation regarding MSan. X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5b81b48075a69e9beda4eb869dc8eb0e9d09a156;p=llvm [libFuzzer] Update documentation regarding MSan. Summary: -fsanitize=fuzzer,memory now works out-of-the-box. Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D49441 git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@337476 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/docs/LibFuzzer.rst b/docs/LibFuzzer.rst index b546dec4be7..0737fbbcd93 100644 --- a/docs/LibFuzzer.rst +++ b/docs/LibFuzzer.rst @@ -75,11 +75,13 @@ Recent versions of Clang (starting from 6.0) include libFuzzer, and no extra ins In order to build your fuzzer binary, use the `-fsanitize=fuzzer` flag during the compilation and linking. In most cases you may want to combine libFuzzer with -AddressSanitizer_ (ASAN), UndefinedBehaviorSanitizer_ (UBSAN), or both:: +AddressSanitizer_ (ASAN), UndefinedBehaviorSanitizer_ (UBSAN), or both. You can +also build with MemorySanitizer_ (MSAN), but support is experimental:: clang -g -O1 -fsanitize=fuzzer mytarget.c # Builds the fuzz target w/o sanitizers clang -g -O1 -fsanitize=fuzzer,address mytarget.c # Builds the fuzz target with ASAN clang -g -O1 -fsanitize=fuzzer,signed-integer-overflow mytarget.c # Builds the fuzz target with a part of UBSAN + clang -g -O1 -fsanitize=fuzzer,memory mytarget.c # Builds the fuzz target with MSAN This will perform the necessary instrumentation, as well as linking with the libFuzzer library. Note that ``-fsanitize=fuzzer`` links in the libFuzzer's ``main()`` symbol. @@ -93,10 +95,6 @@ instrumentation without linking:: Then libFuzzer can be linked to the desired driver by passing in ``-fsanitize=fuzzer`` during the linking stage. -Using MemorySanitizer_ (MSAN) with libFuzzer is possible too, but tricky. -The exact details are out of scope, we expect to simplify this in future -versions. - .. _libfuzzer-corpus: Corpus