Closed Bug 1592250 Opened 5 years ago Closed 5 years ago

Disable libFuzzer instrumentation in TSan builds

Categories

(Firefox Build System :: Toolchains, defect)

Product:
Firefox Build System
Component:
Toolchains
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(firefox72 fixed)

Status:
RESOLVED FIXED
Milestone:
mozilla72
Tracking Flags:
Tracking Status
firefox72 --- fixed

People

(Reporter: decoder, Assigned: decoder)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Bug 1592250 - Disable libFuzzer instrumentation in TSan builds. r?dmajor
(deleted), text/x-phabricator-request
Details

According to :kcc, the libFuzzer instrumentation (in particular the sanitizer coverage part) is not compatible with TSan. I reached out to him because I was seeing races on global counters (including unknown locations) and he confirmed that the current approach taken by Google here is to run fuzzing without TSan and then periodically run the resulting corpus through the TSan fuzzing build (without instrumentation).

We can do the same by disabling the sanitizer coverage flags when building with the combination of --enable-fuzzing and --enable-threadsanitizer. For the Rust code, we add the flags directly so we have to ifdef them out.

In the future, there might be work coming to make the instrumentation compatible with TSan, but it is not a priority for them right now.

Patch coming up which gives me (finally) a green fuzzing build for bug 1590162.

Pushed by choller@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/86790a64732d Disable libFuzzer instrumentation in TSan builds. r=dmajor

https://hg.mozilla.org/mozilla-central/rev/86790a64732d

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox72: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla72
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: