feat: replace the --release flag with a generic --profile flag #163
Conversation
Also make the default profile "fuzz", and document that it should probably have codegen-units set to 1, in replacement to the semi-fix that had been implemented only when the release mode was set.
|
Seeing the usual afl ci failures, AFAICT they’re unrelated, as 1.64 / ubuntu / afl / NONE in particular did pass and the failing ones were just other rustc versions with also ubuntu / afl / NONE |
| /// Build artifacts in release mode, with optimizations [default: "fuzz"] | ||
| /// | ||
| /// Note that if you do not have `codegen-units = 1` in the profile, there are known compilation bugs | ||
| #[structopt(long, default_value = "fuzz")] |
There was a problem hiding this comment.
Should we default to a profile that is there by default? My worry is this will make the UI worse and just complain about a missing profile with no actions on how to fix it for bolero.
There was a problem hiding this comment.
So my thinking was, it’s better to fail loudly than to fail silently.
If we default to release, then we open ourselves up to the LTO issue you mentioned above, and there won’t be debug-assertions. If we default to debug, then the fuzzer will be way too slow for reasonable running.
Right now, the error message for people who didn’t read through the book would be:
error: profile `fuzz` is not defined
I think it’s reasonable that the user would search the internet with this error message, and fall on the library-installation.md page (to which I just added this error message, to make sure it’s easy to find).
We could also add a log message at the beginning of each cargo-bolero invocation, reminding to read the book if it fails with this error message, but that’d feel overkill to me.
WDYT?
There was a problem hiding this comment.
Ideally the user wouldn't have to search to figure out what's wrong. Like, rustc's error messages usually provide all of the information you need to fix it inline. That being said, I do think profiles are a better way to go, especially considering the issues with LTO.
Can you open an issue to track possible solutions to improve the UX for this?
There was a problem hiding this comment.
Just did it! See #168 :)
(in the CI failures) I guess now’s a good time to revisit bumping the MSRV, as this PR doesn’t even change cargo.toml, so I guess one of bolero’s dependencies indirectly bumped its MSRV since the first version of this PR? |
Makefile
Outdated
| @@ -51,15 +51,15 @@ libfuzzer honggfuzz: | |||
| --manifest-path examples/basic/Cargo.toml \ | |||
| --runs 100000 \ | |||
| --engine $@ \ | |||
| --release \ | |||
| --profile release \ | |||
There was a problem hiding this comment.
Can you update the examples to include a fuzz profile, instead? The bolero workspace should probably also include one as well.
There was a problem hiding this comment.
Done, thank you for the idea :)
There was a problem hiding this comment.
All of the tests should be updated to use the fuzz profile. And then we're good to merge :)
There was a problem hiding this comment.
Oh right, thank you! I just pushed a commit removing the --profile argument altogether, as bolero defaults to the fuzz profile :)
Also just in case, for #161, I’m waiting for your feedback on whether the BOLERO_LIBTEST_HARNESS environment variable is a red herring or not, and on whether sometimes libfuzzer should be able to run the binary without going through the libtest harness :)
|
Seems like Also, for CI, unpinned dependencies are failing pre-rust-1.65, hence a lot of the tests failing. I’d suggest either bumping the MSRV, or committing a Cargo.lock so that at least CI will pass (but users won’t be able to get things to pass anyway, I personally won’t believe in MSRV until rust-lang/cargo#9930 gets done) |
|
Yeah I think we'll need to bump, unfortunately. We can merge this PR as is. |
Also make the default profile "fuzz", and document that it should probably have codegen-units set to 1, in replacement to the semi-fix that had been implemented only when the release mode was set.
The drawback of this change is it forces people to have a
fuzzprofile by default, and to addcodegen-units = 1themselves. I think it is a good thing that said, because of rust’s philosophy of "better explicit than implicit" and the fact that 3 lines per crate are not too much boilerplate:The big advantage is, it makes it much easier to eg. turn debug assertions on or off, and people can always use
--profile releaseif they want to build in regular release mode (though then they’ll probably hit thecodegen-unitsissue).WDYT?