honggfuzz icon indicating copy to clipboard operation
honggfuzz copied to clipboard
verified publisher icon google

no coverage info on Android(build target with -fsanitize=address)

Open Jack7ove opened this issue 5 years ago • 3 comments

I got same situation as https://github.com/google/honggfuzz/issues/342

I try to add -fsanitize-coverage=trace-pc-guard,trace-cmp,trace-div,indirect-calls, but I got many warnings:

WARNING: found 1 unrecognized flag(s):
    detect_odr_violation

I checked google's doc : in Application.mk :

APP_STL := c++_shared # Or system, or none.
APP_CFLAGS := -fsanitize=address -fno-omit-frame-pointer
APP_LDFLAGS := -fsanitize=address

For each module in your Android.mk:

LOCAL_ARM_MODE := arm

so I modified my demo as follow:

LOCAL_PATH:= $(call my-dir)


include $(CLEAR_VARS)
LOCAL_PATH = .
LOCAL_MODULE := hfuzz
LOCAL_EXPORT_C_INCLUDES := $HOME/honggfuzz/includes
LOCAL_SRC_FILES := /home/user/honggfuzz/libs/arm64-v8a/libhfuzz.a
LOCAL_ARM_MODE := arm
include $(PREBUILT_STATIC_LIBRARY)

include $(CLEAR_VARS)
LOCAL_PATH = .
LOCAL_MODULE := hfuzzcommon
LOCAL_EXPORT_C_INCLUDES := $HOME/honggfuzz/includes
LOCAL_SRC_FILES := /home/user/honggfuzz/obj/local/arm64-v8a/libcommon.a
LOCAL_ARM_MODE := arm
include $(PREBUILT_STATIC_LIBRARY)


include $(CLEAR_VARS)
LOCAL_STATIC_LIBRARIES := hfuzz hfuzzcommon
LOCAL_SRC_FILES := fuzz_test.c
LOCAL_MODULE := fuzz_test
LOCAL_ARM_MODE := arm

include $(BUILD_EXECUTABLE)

cat Application.mk 
APP_BUILD_SCRIPT := ./Android.mk
APP_STL := c++_shared # Or system, or none.
APP_CFLAGS := -fsanitize=address  -fno-omit-frame-pointer
APP_LDFLAGS := -fsanitize=address

After ndk-build, I test it on my pixel2 :

image It seems ASAN works fine.

But when I try to fuzzing fuzz_test with honggfuzz, I find I cannot get any coverage infomation :

./honggfuzz -i in -o out -z -- fuzz_test ___FILE___

image

What I did wrong? Could you suggest something, please?

Jack7ove avatar Apr 09 '21 06:04 Jack7ove

First of all, I never fuzzed on Android - the Android port is work of other people (both inside and inside my company) and I have little knowledge on how it works (should work).

You said that you get warnings about detect_odr_violation if you add . Is this the only problem? Because if so, you can simply remove it from sanitizers.c

robertswiecki avatar Apr 13 '21 12:04 robertswiecki

First of all, I never fuzzed on Android - the Android port is work of other people (both inside and inside my company) and I have little knowledge on how it works (should work).

You said that you get warnings about detect_odr_violation if you add . Is this the only problem? Because if so, you can simply remove it from sanitizers.c

Thanks for your reply, fix detect_odr_violation is easy. But I still cannot get any coverage info :( Is there any doc about building harness on Android?

Jack7ove avatar Apr 15 '21 07:04 Jack7ove

First of all, I never fuzzed on Android - the Android port is work of other people (both inside and inside my company) and I have little knowledge on how it works (should work). You said that you get warnings about detect_odr_violation if you add . Is this the only problem? Because if so, you can simply remove it from sanitizers.c

Thanks for your reply, fix detect_odr_violation is easy. But I still cannot get any coverage info :( Is there any doc about building harness on Android?

Hi, I have the same problem, did you solve it ?

vivi50 avatar May 11 '23 03:05 vivi50