testing/libfuzzer/reproducing.md - Issue 2288753002: [libfuzzer] Add "Symbolization" and "Debugging" sections to reproducing.md page.

Side by Side Diff: testing/libfuzzer/reproducing.md

Issue 2288753002: [libfuzzer] Add "Symbolization" and "Debugging" sections to reproducing.md page. (Closed)

Patch Set: Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 # Reproducing ClusterFuzz bugs locally	1 # Reproducing ClusterFuzz bugs locally

2	2

3 ClusterFuzz will report bugs in the bug tracker in the following form:	3 ClusterFuzz will report bugs in the bug tracker in the following form:

4	4

5 ```	5 ```

6 Detailed report: https://cluster-fuzz.appspot.com/testcase?key=...	6 Detailed report: https://cluster-fuzz.appspot.com/testcase?key=...

7	7

8 Fuzzer: libfuzzer_media_pipeline_integration_fuzzer	8 Fuzzer: libfuzzer_media_pipeline_integration_fuzzer

9 Job Type: libfuzzer_chrome_asan	9 Job Type: libfuzzer_chrome_asan

10 Platform Id: linux	10 Platform Id: linux

(...skipping 68 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
79	79

80 ### Reproducing LibFuzzer + UBSan bugs	80 ### Reproducing LibFuzzer + UBSan bugs

81	81

82 ```bash	82 ```bash

83 $ gn gen out/libfuzzer '--args=is_debug=false use_libfuzzer=true is_ubsan_securi ty=true enable_nacl=false proprietary_codecs=true ffmpeg_branding="ChromeOS"'	83 $ gn gen out/libfuzzer '--args=is_debug=false use_libfuzzer=true is_ubsan_securi ty=true enable_nacl=false proprietary_codecs=true ffmpeg_branding="ChromeOS"'

84 $ ninja -C out/libfuzzer $FUZZER_NAME	84 $ ninja -C out/libfuzzer $FUZZER_NAME

85 $ export UBSAN_OPTIONS=halt_on_error=1:print_stacktrace=1	85 $ export UBSAN_OPTIONS=halt_on_error=1:print_stacktrace=1

86 $ out/libfuzzer/$FUZZER_NAME /path/to/repro	86 $ out/libfuzzer/$FUZZER_NAME /path/to/repro

87 ```	87 ```

88	88

	89 ### Symbolization

	90

	91 Memory tools (ASan, MSan, UBSan) use [llvm-symbolizer] binary from the Clang

	92 distribution to symbolize the stack traces. To get a symbolized crash report,

	93 make sure `llvm-symbolizer` is in `PATH` or provide it in separate
	Nico 2016/08/29 12:04:13 Mention that llvm-symbolizer is in third_party/llv Mention that llvm-symbolizer is in third_party/llvm-build/Release+Asserts/bin and/or that it's copied to the build dir at build time (and make the example point there) mmoroz 2016/08/29 12:40:00 Done. Show quoted text On 2016/08/29 12:04:13, Nico wrote: > Mention that llvm-symbolizer is in third_party/llvm-build/Release+Asserts/bin > and/or that it's copied to the build dir at build time (and make the example > point there) Done.
	94 `ASAN_SYMBOLIZER_PATH` environment variable:

	95

	96 ```bash

	97 $ export ASAN_SYMBOLIZER_PATH=/path/to/llvm_build/bin/llvm-symbolizer

	98 $ out/libfuzzer/$FUZZER_NAME /path/to/repro

	99 ```

	100

	101 The same approach works for `MSAN_SYMBOLIZER_PATH` and `UBSAN_SYMBOLIZER_PATH`.

	102

	103 Additional information regarding symbolization is available in sanitizers

	104 documentation: [AddressSanitizerCallStack].

	105

	106

	107 ### Debugging

	108

	109 Please checkout [AddressSanitizerAndDebugger] page for some tips on debugging of
	Nico 2016/08/29 12:04:13 s/checkout/look at/ since "checkout" sounds like ` s/checkout/look at/ since "checkout" sounds like `svn checkout`. (Also, "checkout" is the noun, while the verb is "check out" with a space). Doesn't abort_on_error work in ASAN_OPTIONS as well? mmoroz 2016/08/29 12:40:00 Thanks for the explanation! My bad. abort_on_erro Show quoted text On 2016/08/29 12:04:13, Nico wrote: > s/checkout/look at/ since "checkout" sounds like `svn checkout`. (Also, > "checkout" is the noun, while the verb is "check out" with a space). > > Doesn't abort_on_error work in ASAN_OPTIONS as well? Thanks for the explanation! My bad. abort_on_error works for ASan too. My intention was to do not write about that, since the link contains that information. But probably it's worth to be mentioned here. Done.
	110 binaries built with ASan. For binaries built with MSan,

	111 `MSAN_OPTIONS=abort_on_error=1` makes gdb to stop after the report.

	112

	113

	114 [AddressSanitizerAndDebugger]: https://github.com/google/sanitizers/wiki/Address SanitizerAndDebugger

	115 [AddressSanitizerCallStack]: https://github.com/google/sanitizers/wiki/AddressSa nitizerCallStack

	116 [llvm-symbolizer]: http://llvm.org/docs/CommandGuide/llvm-symbolizer.html

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »