build: Allow to configure --with-sanitizers=fuzzer

MarcoFalke · MarcoFalke · commit fad058a79fe6 · 2019-01-05T19:06:03.000+01:00
diff --git a/configure.ac b/configure.ac
@@ -295,7 +295,14 @@ if test x$use_sanitizers != x; then
   AX_CHECK_LINK_FLAG(
     [[-fsanitize=$use_sanitizers]],
     [[SANITIZER_LDFLAGS=-fsanitize=$use_sanitizers]],
-    [AC_MSG_ERROR([linker did not accept requested flags, you are missing required libraries])])
+    [AC_MSG_ERROR([linker did not accept requested flags, you are missing required libraries])],
+    [],
+    [AC_LANG_PROGRAM([[
+    #include <cstdint>
+    #include <cstddef>
+    extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { return 0; }
+    __attribute__((weak)) // allow for libFuzzer linking
+    ]],[[]])])
 fi
 
 ERROR_CXXFLAGS=
diff --git a/doc/fuzzing.md b/doc/fuzzing.md
@@ -3,10 +3,11 @@ Fuzz-testing Bitcoin Core
 
 A special test harness `test_bitcoin_fuzzy` is provided to provide an easy
 entry point for fuzzers and the like. In this document we'll describe how to
-use it with AFL.
+use it with AFL and libFuzzer.
 
-Building AFL
--------------
+## AFL
+
+### Building AFL
 
 It is recommended to always use the latest version of afl:
 ```
@@ -17,8 +18,7 @@ make
 export AFLPATH=$PWD
 ```
 
-Instrumentation
-----------------
+### Instrumentation
 
 To build Bitcoin Core using AFL instrumentation (this assumes that the
 `AFLPATH` was set as above):
@@ -39,8 +39,7 @@ compiling using `afl-clang-fast`/`afl-clang-fast++` the resulting
 features "persistent mode" and "deferred forkserver" can be used. See
 https://github.com/mcarpenter/afl/tree/master/llvm_mode for details.
 
-Preparing fuzzing
-------------------
+### Preparing fuzzing
 
 AFL needs an input directory with examples, and an output directory where it
 will place examples that it found. These can be anywhere in the file system,
@@ -60,8 +59,7 @@ Example inputs are available from:
 
 Extract these (or other starting inputs) into the `inputs` directory before starting fuzzing.
 
-Fuzzing
---------
+### Fuzzing
 
 To start the actual fuzzing use:
 ```
@@ -70,3 +68,21 @@ $AFLPATH/afl-fuzz -i ${AFLIN} -o ${AFLOUT} -m52 -- test/test_bitcoin_fuzzy
 
 You may have to change a few kernel parameters to test optimally - `afl-fuzz`
 will print an error and suggestion if so.
+
+## libFuzzer
+
+A recent version of `clang`, the address sanitizer and libFuzzer is needed (all
+found in the `compiler-rt` runtime libraries package).
+
+To build the `test/test_bitcoin_fuzzy` executable run
+
+```
+./configure --disable-ccache --with-sanitizers=fuzzer,address CC=clang CXX=clang++
+make
+```
+
+The fuzzer needs some inputs to work on, but the inputs or seeds can be used
+interchangably between libFuzzer and AFL.
+
+See https://llvm.org/docs/LibFuzzer.html#running on how to run the libFuzzer
+instrumented executable.
