Skip to content
This repository has been archived by the owner on Nov 1, 2023. It is now read-only.

Fix MSVC Libfuzzer coverage reporting #324

Merged
5 commits merged into from
Nov 19, 2020
Merged

Fix MSVC Libfuzzer coverage reporting #324

5 commits merged into from
Nov 19, 2020

Conversation

jopletchMSFT
Copy link
Contributor

@jopletchMSFT jopletchMSFT commented Nov 18, 2020
edited by bmc-msft
Loading

This PR fixes two issues:

  • First, in MSVC compiled binaries both the LLVM and MSVC symbols are
    present, but only the MSVC symbols have correct values. For example:
0:000> cdb: Reading initial command '.scriptload DumpCountersOld.js ; !dumpcounters "cov" ; q'
JavaScript script successfully loaded from 'DumpCountersOld.js'
[+] not disabling sympath
INFO: Seed: 58715679
INFO: Loaded 1 modules   (3968 inline 8-bit counters): 3968 [00007FF70DB4B000, 00007FF70DB4BF80), # XXX Note
xxx.exe: Running 1 inputs 1 time(s) each.
Running: inp
[+] processing xxx.exe
[+] using LLVM 10 symbols - 0x7ff70db72b00:0x7ff70db72b08 # XXX These are wrong

This means the order we search for the coverage symbols is important.

  • Secondly, this enables support for MSVC 8bit counter coverage.

Validation Steps Performed

Running any recent MSVC compiled libfuzzer target should fail to actually collect coverage, instead just returning the 8 null bytes described in the linked issue.

jopletchMSFT and others added 2 commits November 18, 2020 00:25
@jopletchMSFT
Fix MSVC Libfuzzer coverage reporting
d36020f 
This PR fixes two issues:
- First, in MSVC compiled binaries both the LLVM _and_ MSVC symbols are
present, but only the MSVC symbols have correct values. For example:

```
0:000> cdb: Reading initial command '.scriptload DumpCountersOld.js ; !dumpcounters "cov" ; q'
JavaScript script successfully loaded from 'DumpCountersOld.js'
[+] not disabling sympath
INFO: Seed: 58715679
INFO: Loaded 1 modules   (3968 inline 8-bit counters): 3968 [00007FF70DB4B000, 00007FF70DB4BF80), # XXX Note
xxx.exe: Running 1 inputs 1 time(s) each.
Running: inp
[+] processing xxx.exe
[+] using LLVM 10 symbols - 0x7ff70db72b00:0x7ff70db72b08 # XXX These are wrong
```

This means the order we search for the coverage symbols is important.

- Secondly, this enables support for MSVC 8bit counter coverage.
@jopletchMSFT
Merge branch 'main' into msvc-coverage
dea59b4
@jopletchMSFT jopletchMSFT marked this pull request as ready for review November 18, 2020 18:53
@bmc-msft
Copy link
Contributor

Performing integration tests with existing samples.

@ghost
Copy link

ghost commented Nov 18, 2020

Hello @bmc-msft!

Because this pull request has the auto-merge label, I will be glad to assist with helping to merge this pull request once all check-in policies pass.

Do note that I've been instructed to only help merge pull requests of this repository that have been opened for at least 18 hours, a condition that will be fulfilled in about 5 hours 20 minutes. No worries though, I will be back when the time is right! 😉

p.s. you can customize the way I help with merging this pull request, such as holding this pull request until a specific person approves. Simply @mention me (@msftbot) and give me an instruction to get started! Learn more here.

@bmc-msft bmc-msft linked an issue Nov 18, 2020 that may be closed by this pull request
Cannot collect MSVC compiled libfuzzer coverage #323
Closed
@ghost ghost merged commit bb2b18a into microsoft:main Nov 19, 2020
@ghost ghost locked as resolved and limited conversation to collaborators Apr 17, 2021
This pull request was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bmc-msft bmc-msft bmc-msft approved these changes

Assignees
No one assigned
Labels
auto-merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Cannot collect MSVC compiled libfuzzer coverage
2 participants
@jopletchMSFT @bmc-msft