-fsanitize=fuzzer support

[jamii]

To use libfuzzer in C is as simple as:

clang -g -O1 -fsanitize=fuzzer mytarget.c

I was vaguely hoping that this would work out in zig:

jamie@machine:~/imp$ zig build-exe --main-pkg-path ./ -mllvm -fsanitize=fuzzer test/fuzz.zig
zig (LLVM option parsing): Unknown command line argument '-fsanitize=fuzzer'.  Try: 'zig (LLVM option parsing) --help'
zig (LLVM option parsing): Did you mean '--filetype=fuzzer'?

Am I just mangling the option syntax or is this something that would need specific support? I don't really understand at what level libfuzzer is plumbed into the clang pipeline.

[meme]

This requires support on Zig's end. You can link against the ASan runtime libraries and expose an extern "C"-style LLVMFuzzerTestOneInput BUT there will be no instrumentation of the LLVM bitcode. The asan pass needs to be enabled to emit all the appropriate __sanitizer_* symbols which allow libFuzzer to understand code coverage of the fuzzed test cases.

See relevant PR for adding sanitizer support into Rust: rust-lang/rust#38699.

[meme]

I am interested in this, and have started work on it. First, we need to get all the sanitizers into Zig, then I will begin implementing fuzzer instrumentation and coverage. Afterwards, we can make fuzzing a first-class citizen by adding, e.g. a fuzzing-specific entrypoint, like in libFuzzer. This means that users will be able to:

1. Make stand-alone fuzzed programs
2. Write fuzzing test cases for their Zig programs in an idiomatic way

PR is here.

---

Not to entirely hijack this issue, but I think the title should be changed to a feature request @jamii 😄