[PATCH] Update 'make fuzz-all' docs to reflect modern clang

[PATCH] Update 'make fuzz-all' docs to reflect modern clang

[Andrzej Hunt via GitGitGadget]

From: Andrzej Hunt <ajrhunt@google.com>

Clang no longer produces a libFuzzer.a, instead you can include
libFuzzer by using -fsanitize=fuzzer. Therefore we should use
that in the example command for building fuzzers.

I happen to have tested with LLVM 11 - however -fsanitize=fuzzer appears to
work in a wide range of reasonably modern clangs.

(On my system what used to be libFuzzer.a now lives under the following path,
 which is tricky albeit not impossible for a novice such as myself to find:
/usr/lib64/clang/11.0.0/lib/linux/libclang_rt.fuzzer-x86_64.a )

Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
---
    Update 'make fuzz-all' docs to reflect modern clang
    
    I would like to update the examples for 'make fuzz-all' to make it
    easier to build fuzzers locally.
    
    This change should make it easier for the uninitiated to build fuzzers
    locally without first having to figure out what LIB_FUZZING_ENGINE is
    for.
    
    ATB, Andrzej

Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-889%2Fahunt%2Ffuzz-docs-v1
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-889/ahunt/fuzz-docs-v1
Pull-Request: https://github.com/gitgitgadget/git/pull/889

 Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 9b1bde2e0e64..9f8f459f87b4 100644
--- a/Makefile
+++ b/Makefile
@@ -3291,11 +3291,11 @@ cover_db_html: cover_db
 # are not necessarily appropriate for general builds, and that vary greatly
 # depending on the compiler version used.
 #
-# An example command to build against libFuzzer from LLVM 4.0.0:
+# An example command to build against libFuzzer from LLVM 11.0.0:
 #
 # make CC=clang CXX=clang++ \
 #      CFLAGS="-fsanitize-coverage=trace-pc-guard -fsanitize=address" \
-#      LIB_FUZZING_ENGINE=/usr/lib/llvm-4.0/lib/libFuzzer.a \
+#      LIB_FUZZING_ENGINE=-fsanitize=fuzzer \
 #      fuzz-all
 #
 FUZZ_CXXFLAGS ?= $(CFLAGS)

base-commit: 225365fb5195e804274ab569ac3cc4919451dc7f
-- 
gitgitgadget

Re: [PATCH] Update 'make fuzz-all' docs to reflect modern clang

[Josh Steadmon]

On 2021.02.28 12:22, Andrzej Hunt via GitGitGadget wrote:
> From: Andrzej Hunt <ajrhunt@google.com>
> 
> Clang no longer produces a libFuzzer.a, instead you can include
> libFuzzer by using -fsanitize=fuzzer. Therefore we should use
> that in the example command for building fuzzers.
> 
> I happen to have tested with LLVM 11 - however -fsanitize=fuzzer appears to
> work in a wide range of reasonably modern clangs.
> 
> (On my system what used to be libFuzzer.a now lives under the following path,
>  which is tricky albeit not impossible for a novice such as myself to find:
> /usr/lib64/clang/11.0.0/lib/linux/libclang_rt.fuzzer-x86_64.a )
> 
> Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
> ---
>     Update 'make fuzz-all' docs to reflect modern clang
>     
>     I would like to update the examples for 'make fuzz-all' to make it
>     easier to build fuzzers locally.
>     
>     This change should make it easier for the uninitiated to build fuzzers
>     locally without first having to figure out what LIB_FUZZING_ENGINE is
>     for.
>     
>     ATB, Andrzej

Thanks for taking a look at this! This looked correct to me, but when I
tried to run the fuzzers I got an error about
"-fsanitize-coverage=trace-pc-guard" not being supported any longer.
Looking at the LLVM 11.0.0 docs [1], I see that it recommends using
"-fsanitize=fuzzer-no-link" instead (the "-no-link" is because we're
also building executables that have their own main()).

So we'd also want to change CFLAGS to
"-fsanitize=fuzzer-no-link,address".

[1]: https://releases.llvm.org/11.0.0/docs/LibFuzzer.html#fuzzer-usage

Re: [PATCH] Update 'make fuzz-all' docs to reflect modern clang

[Andrzej Hunt]

On 01/03/2021 23:39, Josh Steadmon wrote:
> Thanks for taking a look at this! This looked correct to me, but when I
> tried to run the fuzzers I got an error about
> "-fsanitize-coverage=trace-pc-guard" not being supported any longer.

Oops, I realised I was accidentally using clang 7 (instead of 11) 
locally. I can reproduce the same error with my copy of clang-11. Thanks 
for catching this!

> Looking at the LLVM 11.0.0 docs [1], I see that it recommends using
> "-fsanitize=fuzzer-no-link" instead (the "-no-link" is because we're
> also building executables that have their own main()).
> 
> So we'd also want to change CFLAGS to
> "-fsanitize=fuzzer-no-link,address".

I will fix this too!

I suspect that when I built without fuzzer-no-link, the fuzzer binaries 
included libFuzzer, but were missing whatever fuzzing-related
instrumentation clang should have added. (Fortunately oss-fuzz seems to
be adding this to the CFLAGS automatically [1].)

[1] 
https://oss-fuzz-build-logs.storage.googleapis.com/log-74f40f33-f384-475b-b141-0e44afb272f5.txt

[PATCH v2] Update 'make fuzz-all' docs to reflect modern clang

[Andrzej Hunt via GitGitGadget]

From: Andrzej Hunt <ajrhunt@google.com>

Clang no longer produces a libFuzzer.a, instead you can include
libFuzzer by using -fsanitize=fuzzer. Therefore we should use
that in the example command for building fuzzers.

We also add -fsanitize=fuzzer-no-link to ensure that all the required
instrumentation is added when compiling git [1], and remove
 -fsanitize-coverage=trace-pc-guard as it is deprecated.

I happen to have tested with LLVM 11 - however -fsanitize=fuzzer appears to
work in a wide range of reasonably modern clangs.

(On my system: what used to be libFuzzer.a now lives under the following path,
 which is tricky albeit not impossible for a novice such as myself to find:
/usr/lib64/clang/11.0.0/lib/linux/libclang_rt.fuzzer-x86_64.a )

[1] https://releases.llvm.org/11.0.0/docs/LibFuzzer.html#fuzzer-usage

Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
---
    Update 'make fuzz-all' docs to reflect modern clang
    
    I have updated my patch to:
    
     * Remove -fsanitize-coverage=trace-pc-guard as it is deprecated.
     * Add -fsanitize=fuzzer-no-link as per Josh's suggestion.

Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-889%2Fahunt%2Ffuzz-docs-v2
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-889/ahunt/fuzz-docs-v2
Pull-Request: https://github.com/gitgitgadget/git/pull/889

Range-diff vs v1:

 1:  d804b24907fd ! 1:  f5b5a11966ca Update 'make fuzz-all' docs to reflect modern clang
     @@ Commit message
          libFuzzer by using -fsanitize=fuzzer. Therefore we should use
          that in the example command for building fuzzers.
      
     +    We also add -fsanitize=fuzzer-no-link to ensure that all the required
     +    instrumentation is added when compiling git [1], and remove
     +     -fsanitize-coverage=trace-pc-guard as it is deprecated.
     +
          I happen to have tested with LLVM 11 - however -fsanitize=fuzzer appears to
          work in a wide range of reasonably modern clangs.
      
     -    (On my system what used to be libFuzzer.a now lives under the following path,
     +    (On my system: what used to be libFuzzer.a now lives under the following path,
           which is tricky albeit not impossible for a novice such as myself to find:
          /usr/lib64/clang/11.0.0/lib/linux/libclang_rt.fuzzer-x86_64.a )
      
     +    [1] https://releases.llvm.org/11.0.0/docs/LibFuzzer.html#fuzzer-usage
     +
          Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
      
       ## Makefile ##
     @@ Makefile: cover_db_html: cover_db
      +# An example command to build against libFuzzer from LLVM 11.0.0:
       #
       # make CC=clang CXX=clang++ \
     - #      CFLAGS="-fsanitize-coverage=trace-pc-guard -fsanitize=address" \
     +-#      CFLAGS="-fsanitize-coverage=trace-pc-guard -fsanitize=address" \
      -#      LIB_FUZZING_ENGINE=/usr/lib/llvm-4.0/lib/libFuzzer.a \
     -+#      LIB_FUZZING_ENGINE=-fsanitize=fuzzer \
     ++#      CFLAGS="-fsanitize=fuzzer-no-link,address" \
     ++#      LIB_FUZZING_ENGINE="-fsanitize=fuzzer" \
       #      fuzz-all
       #
       FUZZ_CXXFLAGS ?= $(CFLAGS)


 Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index dd08b4ced01c..c7248ac6057b 100644
--- a/Makefile
+++ b/Makefile
@@ -3292,11 +3292,11 @@ cover_db_html: cover_db
 # are not necessarily appropriate for general builds, and that vary greatly
 # depending on the compiler version used.
 #
-# An example command to build against libFuzzer from LLVM 4.0.0:
+# An example command to build against libFuzzer from LLVM 11.0.0:
 #
 # make CC=clang CXX=clang++ \
-#      CFLAGS="-fsanitize-coverage=trace-pc-guard -fsanitize=address" \
-#      LIB_FUZZING_ENGINE=/usr/lib/llvm-4.0/lib/libFuzzer.a \
+#      CFLAGS="-fsanitize=fuzzer-no-link,address" \
+#      LIB_FUZZING_ENGINE="-fsanitize=fuzzer" \
 #      fuzz-all
 #
 FUZZ_CXXFLAGS ?= $(CFLAGS)

base-commit: f01623b2c9d14207e497b21ebc6b3ec4afaf4b46
-- 
gitgitgadget

Re: [PATCH v2] Update 'make fuzz-all' docs to reflect modern clang

[Junio C Hamano]

"Andrzej Hunt via GitGitGadget" <gitgitgadget@gmail.com> writes:

> From: Andrzej Hunt <ajrhunt@google.com>

> Subject: Re: [PATCH v2] Update 'make fuzz-all' docs to reflect modern clang

I'd retitte it to

    Makefile: update 'make fuzz-all' docs to reflect modern clang

> Clang no longer produces a libFuzzer.a, instead you can include
> libFuzzer by using -fsanitize=fuzzer.

Do we see two sentences here?  IOW, s/, instead/. Instead/ is needed?

> Therefore we should use
> that in the example command for building fuzzers.
>
> We also add -fsanitize=fuzzer-no-link to ensure that all the required
> instrumentation is added when compiling git [1], and remove
>  -fsanitize-coverage=trace-pc-guard as it is deprecated.

Without something like s/add/add to CFLAGS/, I found this a bit
cryptic and failed to read what it wanted to do without looking at
the patch text itself.

> I happen to have tested with LLVM 11 - however -fsanitize=fuzzer appears to
> work in a wide range of reasonably modern clangs.
>
> (On my system: what used to be libFuzzer.a now lives under the following path,
>  which is tricky albeit not impossible for a novice such as myself to find:
> /usr/lib64/clang/11.0.0/lib/linux/libclang_rt.fuzzer-x86_64.a )

All nice things to have in the log message.

>  Makefile | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/Makefile b/Makefile
> index dd08b4ced01c..c7248ac6057b 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -3292,11 +3292,11 @@ cover_db_html: cover_db
>  # are not necessarily appropriate for general builds, and that vary greatly
>  # depending on the compiler version used.
>  #
> -# An example command to build against libFuzzer from LLVM 4.0.0:
> +# An example command to build against libFuzzer from LLVM 11.0.0:
>  #
>  # make CC=clang CXX=clang++ \
> -#      CFLAGS="-fsanitize-coverage=trace-pc-guard -fsanitize=address" \
> -#      LIB_FUZZING_ENGINE=/usr/lib/llvm-4.0/lib/libFuzzer.a \
> +#      CFLAGS="-fsanitize=fuzzer-no-link,address" \
> +#      LIB_FUZZING_ENGINE="-fsanitize=fuzzer" \
>  #      fuzz-all
>  #
>  FUZZ_CXXFLAGS ?= $(CFLAGS)

LIB_FUZZING_ENGINE is used this way in the Makefile:

    $(FUZZ_PROGRAMS): all
            $(QUIET_LINK)$(CXX) $(FUZZ_CXXFLAGS) $(LIB_OBJS) $(BUILTIN_OBJS) \
                    $(XDIFF_OBJS) $(EXTLIBS) git.o $@.o $(LIB_FUZZING_ENGINE) -o $@

and it is somewhat annoying to see a compiler/linker option that
late on the command line, where readers would expect an object file
or a library archive would appear.  It makes me wonder if we should
instead be doing something along the following line:

 - empty LIB_FUZZING_ENGINE by default
 - add -fsanitize=fuzzer names to FUZZ_CXXFLAGS

i.e.

diff --git c/Makefile w/Makefile
index 4128b457e1..b5df76b33b 100644
--- c/Makefile
+++ w/Makefile
@@ -3306,14 +3306,15 @@ cover_db_html: cover_db
 # are not necessarily appropriate for general builds, and that vary greatly
 # depending on the compiler version used.
 #
-# An example command to build against libFuzzer from LLVM 4.0.0:
+# An example command to build against libFuzzer from LLVM 11.0.0:
 #
 # make CC=clang CXX=clang++ \
-#      CFLAGS="-fsanitize-coverage=trace-pc-guard -fsanitize=address" \
-#      LIB_FUZZING_ENGINE=/usr/lib/llvm-4.0/lib/libFuzzer.a \
+#      CFLAGS="-fsanitize=fuzzer-no-link,address" \
 #      fuzz-all
 #
 FUZZ_CXXFLAGS ?= $(CFLAGS)
+FUZZ_CXXFLAGS += -fsanitize=fuzzer
+LIB_FUZZING_ENGINE =
 
 .PHONY: fuzz-all
 

In the meantime, I'll queue the version you sent as-is (modulo the
retitling).

Thanks.

Re: [PATCH v2] Update 'make fuzz-all' docs to reflect modern clang

[Andrzej Hunt]

On 04/03/2021 23:48, Junio C Hamano wrote:>
> LIB_FUZZING_ENGINE is used this way in the Makefile:
> 
>      $(FUZZ_PROGRAMS): all
>              $(QUIET_LINK)$(CXX) $(FUZZ_CXXFLAGS) $(LIB_OBJS) $(BUILTIN_OBJS) \
>                      $(XDIFF_OBJS) $(EXTLIBS) git.o $@.o $(LIB_FUZZING_ENGINE) -o $@
> 
> and it is somewhat annoying to see a compiler/linker option that
> late on the command line, where readers would expect an object file
> or a library archive would appear.  It makes me wonder if we should
> instead be doing something along the following line:
> 
>   - empty LIB_FUZZING_ENGINE by default
>   - add -fsanitize=fuzzer names to FUZZ_CXXFLAGS

This sounds sensible to me, and will certainly simplify the use of
"make fuzz-all" by beginners - although I'm not sure just how useful the 
change would be since my understanding is that this target is almost 
exclusively used by oss-fuzz.

However I would prefer to wait for Josh's feedback before making such a 
change, as he is the owner of oss-fuzz's git integration [1], and as 
such is most likely to be affected by any changes to this target.

In the meantime I'll prepare an updated patch with a fixed commit message!

[1] 
https://github.com/google/oss-fuzz/blob/c41e46ffc8bc409bdfde0c0d2c97e1305f0c4106/projects/git/project.yaml#L3

[PATCH v3] Makefile: update 'make fuzz-all' docs to reflect modern clang

[Andrzej Hunt via GitGitGadget]

From: Andrzej Hunt <ajrhunt@google.com>

Clang no longer produces a libFuzzer.a. Instead, you can include
libFuzzer by using -fsanitize=fuzzer. Therefore we should use that in
the example command for building fuzzers.

We also add -fsanitize=fuzzer-no-link to the CFLAGS to ensure that all
the required instrumentation is added when compiling git [1], and remove
 -fsanitize-coverage=trace-pc-guard as it is deprecated.

I happen to have tested with LLVM 11 - however -fsanitize=fuzzer appears
to work in a wide range of reasonably modern clangs.

(On my system: what used to be libFuzzer.a now lives under the following
 path, which is tricky albeit not impossible for a novice such as myself
 to find:
/usr/lib64/clang/11.0.0/lib/linux/libclang_rt.fuzzer-x86_64.a )

[1] https://releases.llvm.org/11.0.0/docs/LibFuzzer.html#fuzzer-usage

Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
---
    Update 'make fuzz-all' docs to reflect modern clang
    
    This version of the patch fixes the commit message as per Junio's
    feedback. Thank you!

Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-889%2Fahunt%2Ffuzz-docs-v3
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-889/ahunt/fuzz-docs-v3
Pull-Request: https://github.com/gitgitgadget/git/pull/889

Range-diff vs v2:

 1:  f5b5a11966ca ! 1:  bc0d8b615410 Update 'make fuzz-all' docs to reflect modern clang
     @@ Metadata
      Author: Andrzej Hunt <ajrhunt@google.com>
      
       ## Commit message ##
     -    Update 'make fuzz-all' docs to reflect modern clang
     +    Makefile: update 'make fuzz-all' docs to reflect modern clang
      
     -    Clang no longer produces a libFuzzer.a, instead you can include
     -    libFuzzer by using -fsanitize=fuzzer. Therefore we should use
     -    that in the example command for building fuzzers.
     +    Clang no longer produces a libFuzzer.a. Instead, you can include
     +    libFuzzer by using -fsanitize=fuzzer. Therefore we should use that in
     +    the example command for building fuzzers.
      
     -    We also add -fsanitize=fuzzer-no-link to ensure that all the required
     -    instrumentation is added when compiling git [1], and remove
     +    We also add -fsanitize=fuzzer-no-link to the CFLAGS to ensure that all
     +    the required instrumentation is added when compiling git [1], and remove
           -fsanitize-coverage=trace-pc-guard as it is deprecated.
      
     -    I happen to have tested with LLVM 11 - however -fsanitize=fuzzer appears to
     -    work in a wide range of reasonably modern clangs.
     +    I happen to have tested with LLVM 11 - however -fsanitize=fuzzer appears
     +    to work in a wide range of reasonably modern clangs.
      
     -    (On my system: what used to be libFuzzer.a now lives under the following path,
     -     which is tricky albeit not impossible for a novice such as myself to find:
     +    (On my system: what used to be libFuzzer.a now lives under the following
     +     path, which is tricky albeit not impossible for a novice such as myself
     +     to find:
          /usr/lib64/clang/11.0.0/lib/linux/libclang_rt.fuzzer-x86_64.a )
      
          [1] https://releases.llvm.org/11.0.0/docs/LibFuzzer.html#fuzzer-usage


 Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index dfb0f1000fa3..f3dc2178324e 100644
--- a/Makefile
+++ b/Makefile
@@ -3299,11 +3299,11 @@ cover_db_html: cover_db
 # are not necessarily appropriate for general builds, and that vary greatly
 # depending on the compiler version used.
 #
-# An example command to build against libFuzzer from LLVM 4.0.0:
+# An example command to build against libFuzzer from LLVM 11.0.0:
 #
 # make CC=clang CXX=clang++ \
-#      CFLAGS="-fsanitize-coverage=trace-pc-guard -fsanitize=address" \
-#      LIB_FUZZING_ENGINE=/usr/lib/llvm-4.0/lib/libFuzzer.a \
+#      CFLAGS="-fsanitize=fuzzer-no-link,address" \
+#      LIB_FUZZING_ENGINE="-fsanitize=fuzzer" \
 #      fuzz-all
 #
 FUZZ_CXXFLAGS ?= $(CFLAGS)

base-commit: be7935ed8bff19f481b033d0d242c5d5f239ed50
-- 
gitgitgadget

Re: [PATCH v2] Update 'make fuzz-all' docs to reflect modern clang

[Junio C Hamano]

Andrzej Hunt <andrzej@ahunt.org> writes:

> However I would prefer to wait for Josh's feedback before making such
> a change, as he is the owner of oss-fuzz's git integration [1], and as 
> such is most likely to be affected by any changes to this target.
>
>
> In the meantime I'll prepare an updated patch with a fixed commit message!

Makes sense.  Let's wait and see what Josh says before going forward.

Re: [PATCH v2] Update 'make fuzz-all' docs to reflect modern clang

[Josh Steadmon]

On 2021.03.04 14:48, Junio C Hamano wrote:
> "Andrzej Hunt via GitGitGadget" <gitgitgadget@gmail.com> writes:
> 
> > From: Andrzej Hunt <ajrhunt@google.com>
> 
> > Subject: Re: [PATCH v2] Update 'make fuzz-all' docs to reflect modern clang
> 
> I'd retitte it to
> 
>     Makefile: update 'make fuzz-all' docs to reflect modern clang
> 
> > Clang no longer produces a libFuzzer.a, instead you can include
> > libFuzzer by using -fsanitize=fuzzer.
> 
> Do we see two sentences here?  IOW, s/, instead/. Instead/ is needed?
> 
> > Therefore we should use
> > that in the example command for building fuzzers.
> >
> > We also add -fsanitize=fuzzer-no-link to ensure that all the required
> > instrumentation is added when compiling git [1], and remove
> >  -fsanitize-coverage=trace-pc-guard as it is deprecated.
> 
> Without something like s/add/add to CFLAGS/, I found this a bit
> cryptic and failed to read what it wanted to do without looking at
> the patch text itself.
> 
> > I happen to have tested with LLVM 11 - however -fsanitize=fuzzer appears to
> > work in a wide range of reasonably modern clangs.
> >
> > (On my system: what used to be libFuzzer.a now lives under the following path,
> >  which is tricky albeit not impossible for a novice such as myself to find:
> > /usr/lib64/clang/11.0.0/lib/linux/libclang_rt.fuzzer-x86_64.a )
> 
> All nice things to have in the log message.
> 
> >  Makefile | 6 +++---
> >  1 file changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/Makefile b/Makefile
> > index dd08b4ced01c..c7248ac6057b 100644
> > --- a/Makefile
> > +++ b/Makefile
> > @@ -3292,11 +3292,11 @@ cover_db_html: cover_db
> >  # are not necessarily appropriate for general builds, and that vary greatly
> >  # depending on the compiler version used.
> >  #
> > -# An example command to build against libFuzzer from LLVM 4.0.0:
> > +# An example command to build against libFuzzer from LLVM 11.0.0:
> >  #
> >  # make CC=clang CXX=clang++ \
> > -#      CFLAGS="-fsanitize-coverage=trace-pc-guard -fsanitize=address" \
> > -#      LIB_FUZZING_ENGINE=/usr/lib/llvm-4.0/lib/libFuzzer.a \
> > +#      CFLAGS="-fsanitize=fuzzer-no-link,address" \
> > +#      LIB_FUZZING_ENGINE="-fsanitize=fuzzer" \
> >  #      fuzz-all
> >  #
> >  FUZZ_CXXFLAGS ?= $(CFLAGS)
> 
> LIB_FUZZING_ENGINE is used this way in the Makefile:
> 
>     $(FUZZ_PROGRAMS): all
>             $(QUIET_LINK)$(CXX) $(FUZZ_CXXFLAGS) $(LIB_OBJS) $(BUILTIN_OBJS) \
>                     $(XDIFF_OBJS) $(EXTLIBS) git.o $@.o $(LIB_FUZZING_ENGINE) -o $@
> 
> and it is somewhat annoying to see a compiler/linker option that
> late on the command line, where readers would expect an object file
> or a library archive would appear.

Yes, it appears that clang has changed how the fuzzing engine is
selected, as this used to be just a library path (as you see in the
diff). We might as well move this option up with the rest of the flags.

> It makes me wonder if we should
> instead be doing something along the following line:
> 
>  - empty LIB_FUZZING_ENGINE by default
>  - add -fsanitize=fuzzer names to FUZZ_CXXFLAGS
> 
> i.e.
> 
> diff --git c/Makefile w/Makefile
> index 4128b457e1..b5df76b33b 100644
> --- c/Makefile
> +++ w/Makefile
> @@ -3306,14 +3306,15 @@ cover_db_html: cover_db
>  # are not necessarily appropriate for general builds, and that vary greatly
>  # depending on the compiler version used.
>  #
> -# An example command to build against libFuzzer from LLVM 4.0.0:
> +# An example command to build against libFuzzer from LLVM 11.0.0:
>  #
>  # make CC=clang CXX=clang++ \
> -#      CFLAGS="-fsanitize-coverage=trace-pc-guard -fsanitize=address" \
> -#      LIB_FUZZING_ENGINE=/usr/lib/llvm-4.0/lib/libFuzzer.a \
> +#      CFLAGS="-fsanitize=fuzzer-no-link,address" \
>  #      fuzz-all
>  #
>  FUZZ_CXXFLAGS ?= $(CFLAGS)
> +FUZZ_CXXFLAGS += -fsanitize=fuzzer
> +LIB_FUZZING_ENGINE =

I don't think we want to mess with FUZZ_CXXFLAGS, as oss-fuzz may be
adding conflicting -fsanitize args here. Having LIB_FUZZING_ENGINE
default to empty should be fine though.

>  
>  .PHONY: fuzz-all
>  
> 
> In the meantime, I'll queue the version you sent as-is (modulo the
> retitling).
> 
> Thanks.
> 
> 

Re: [PATCH v3] Makefile: update 'make fuzz-all' docs to reflect modern clang

[Josh Steadmon]

On 2021.03.08 17:14, Andrzej Hunt via GitGitGadget wrote:
> From: Andrzej Hunt <ajrhunt@google.com>
> 
> Clang no longer produces a libFuzzer.a. Instead, you can include
> libFuzzer by using -fsanitize=fuzzer. Therefore we should use that in
> the example command for building fuzzers.
> 
> We also add -fsanitize=fuzzer-no-link to the CFLAGS to ensure that all
> the required instrumentation is added when compiling git [1], and remove
>  -fsanitize-coverage=trace-pc-guard as it is deprecated.
> 
> I happen to have tested with LLVM 11 - however -fsanitize=fuzzer appears
> to work in a wide range of reasonably modern clangs.
> 
> (On my system: what used to be libFuzzer.a now lives under the following
>  path, which is tricky albeit not impossible for a novice such as myself
>  to find:
> /usr/lib64/clang/11.0.0/lib/linux/libclang_rt.fuzzer-x86_64.a )
> 
> [1] https://releases.llvm.org/11.0.0/docs/LibFuzzer.html#fuzzer-usage
> 
> Signed-off-by: Andrzej Hunt <ajrhunt@google.com>
> ---
>     Update 'make fuzz-all' docs to reflect modern clang
>     
>     This version of the patch fixes the commit message as per Junio's
>     feedback. Thank you!
> 
> Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-889%2Fahunt%2Ffuzz-docs-v3
> Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-889/ahunt/fuzz-docs-v3
> Pull-Request: https://github.com/gitgitgadget/git/pull/889
> 
> Range-diff vs v2:
> 
>  1:  f5b5a11966ca ! 1:  bc0d8b615410 Update 'make fuzz-all' docs to reflect modern clang
>      @@ Metadata
>       Author: Andrzej Hunt <ajrhunt@google.com>
>       
>        ## Commit message ##
>      -    Update 'make fuzz-all' docs to reflect modern clang
>      +    Makefile: update 'make fuzz-all' docs to reflect modern clang
>       
>      -    Clang no longer produces a libFuzzer.a, instead you can include
>      -    libFuzzer by using -fsanitize=fuzzer. Therefore we should use
>      -    that in the example command for building fuzzers.
>      +    Clang no longer produces a libFuzzer.a. Instead, you can include
>      +    libFuzzer by using -fsanitize=fuzzer. Therefore we should use that in
>      +    the example command for building fuzzers.
>       
>      -    We also add -fsanitize=fuzzer-no-link to ensure that all the required
>      -    instrumentation is added when compiling git [1], and remove
>      +    We also add -fsanitize=fuzzer-no-link to the CFLAGS to ensure that all
>      +    the required instrumentation is added when compiling git [1], and remove
>            -fsanitize-coverage=trace-pc-guard as it is deprecated.
>       
>      -    I happen to have tested with LLVM 11 - however -fsanitize=fuzzer appears to
>      -    work in a wide range of reasonably modern clangs.
>      +    I happen to have tested with LLVM 11 - however -fsanitize=fuzzer appears
>      +    to work in a wide range of reasonably modern clangs.
>       
>      -    (On my system: what used to be libFuzzer.a now lives under the following path,
>      -     which is tricky albeit not impossible for a novice such as myself to find:
>      +    (On my system: what used to be libFuzzer.a now lives under the following
>      +     path, which is tricky albeit not impossible for a novice such as myself
>      +     to find:
>           /usr/lib64/clang/11.0.0/lib/linux/libclang_rt.fuzzer-x86_64.a )
>       
>           [1] https://releases.llvm.org/11.0.0/docs/LibFuzzer.html#fuzzer-usage
> 
> 
>  Makefile | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/Makefile b/Makefile
> index dfb0f1000fa3..f3dc2178324e 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -3299,11 +3299,11 @@ cover_db_html: cover_db
>  # are not necessarily appropriate for general builds, and that vary greatly
>  # depending on the compiler version used.
>  #
> -# An example command to build against libFuzzer from LLVM 4.0.0:
> +# An example command to build against libFuzzer from LLVM 11.0.0:
>  #
>  # make CC=clang CXX=clang++ \
> -#      CFLAGS="-fsanitize-coverage=trace-pc-guard -fsanitize=address" \
> -#      LIB_FUZZING_ENGINE=/usr/lib/llvm-4.0/lib/libFuzzer.a \
> +#      CFLAGS="-fsanitize=fuzzer-no-link,address" \
> +#      LIB_FUZZING_ENGINE="-fsanitize=fuzzer" \
>  #      fuzz-all
>  #
>  FUZZ_CXXFLAGS ?= $(CFLAGS)
> 
> base-commit: be7935ed8bff19f481b033d0d242c5d5f239ed50
> -- 
> gitgitgadget

This version looks good to me, although you may also want to make the
changes Junio suggested regarding LIB_FUZZING_ENGINE.

Thanks!