Fix so libFuzzer works on macOS

2018-12-09 20:59:43 -07:00 · 2018-12-09 20:59:43 -07:00 · 66ef2abc1b
commit 66ef2abc1b
parent 19b606be8e
3 changed files with 15 additions and 6 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -115,7 +115,7 @@ if (BUILD_LIBFUZZER)
       src/lib/Stream.c
    )
    
-    target_compile_options(${PROJECT_NAME}_LF PUBLIC -mno-avx -fsanitize=fuzzer-no-link,undefined)
+    target_compile_options(${PROJECT_NAME}_LF PUBLIC -DLIBFUZZER -mno-avx -fsanitize=fuzzer-no-link,undefined)
    
    target_include_directories(${PROJECT_NAME}_LF
       PUBLIC SYSTEM "${CMAKE_SOURCE_DIR}/src/include"
--- a/README.md
+++ b/README.md
@ -30,7 +30,7 @@ The [2018 IEEE Cybersecurity Development Conference](https://secdev.ieee.org/201
 ## Supported Platforms

 DeepState currently targets Linux, with macOS support in progress
-(some fuzzers work fine, but symbolic execution is not well-supported
+(the fuzzers work fine, but symbolic execution is not well-supported
 yet, without a painful cross-compilation process).

 ## Dependencies
@ -165,10 +165,17 @@ corpus, but fuzzing will work even without an initial corpus, unlike AFL.
 One hint when using libFuzzer is to avoid dynamically allocating
 memory during a test, if that memory would not be freed on a test
 failure.  This will leak memory and libFuzzer will run out of memory
-very quickly in each fuzzing session.  In theory, libFuzzer will work
-on macOS, but getting everything to build with the right version of
-clang can be difficult, since the Apple-provided LLVM is unlikely to
-support libFuzzer on many versions of the operating system.
+very quickly in each fuzzing session.  Using libFuzzer on macOS
+requires compiling DeepState and your program with a clang that
+supports libFuzzer (which the Apple built-in probably won't); this can be as simple as doing:
+
+```shell
+brew install llvm@6
+CC=/usr/local/opt/llvm\@6/bin/clang CXX=/usr/local/opt/llvm\@6/bin/clang++ cmake ..
+make install
+```
+
+Other ways of getting an appropriate LLVM may also work.

 ## Test case reduction

--- a/src/lib/DeepState.c
+++ b/src/lib/DeepState.c
@ -694,6 +694,7 @@ void __stack_chk_fail(void) {
  __builtin_unreachable();
 }

+#ifndef LIBFUZZER
 __attribute__((weak))
 int main(int argc, char *argv[]) {
  int ret = 0;
@ -703,5 +704,6 @@ int main(int argc, char *argv[]) {
  DeepState_Teardown();
  return ret;
 }
+#endif

 DEEPSTATE_END_EXTERN_C