With the release of the open-source release of ClusterFuzz in February I figured I could solve one of the key problems of the bughunt project – getting enough CPU time – by deploying a ClusterFuzz setup and scaling up as funds allowed. ClusterFuzz promises a convenient build pipeline which would allow me to do regular fuzzes of nightly; even better.
Well, getting ClusterFuzz set up was pretty straightforward thanks to their instructions and, as of this writing, I have a relatively stock cluster running. There's work in the bughunt project to get travis to feed in builds, seen here.
I have hit one key snag, however. ClusterFuzz is unable to recognize a fuzz binary which doesn't have
-fsanitize=fuzzer sent to it, per this issue. Now, so far as I'm aware, rustc can't set this flag. There's discussion on cargo-fuzz about making
fuzzer the default over
address but the
sanitizer flag on
rustc doesn't admit
error: incorrect value fuzzer for debugging option sanitizer - one of: address, leak, memory or thread was expected
and tying to pass the flag directly as
-C llvm-args=-fsanitize=fuzzer results in
--- stderr rustc: Unknown command line argument '-fsanitize=fuzzer'. Try: 'rustc -help' rustc: Did you mean '-asan-stack=fuzzer'?
so that's tough. I think the
fuzzer flag has been around for a while in LLVM but only sparsely documented, appearing incidentally in code build examples. For instance, this section. Anyway, clearly, next steps are to modify change cargo-fuzz and possibly rustc itself to support the changes to cargo-fuzz.
Should be fun.