Till Schneidereit (Jan 17 2025 at 14:15): Till Schneidereit (Jan 17 2025 at 14:15):@Alex Crichton we've discussed this before, but @Robin Freyler's issue about fuzzing timeouts made me look at it again: can you explain to me again why we can't disable ASAN in OSS-Fuzz, given that, AIUI, it doesn't catch issues for us? It seems like removing address from the list in our project.yaml would do that?
Alex Crichton (Jan 17 2025 at 15:15):Hm you're right we have discussed this, and IIRC we concluded at the time it's also fine to remove asan...
The actual implementation is a bit tricky since oss-fuzz doesn't have official support for "no asan" builds so it's not as simple as just removing address. What we might be able to do though is pass --sanitizer none here and pretend we're asan-enabled when it's actually disabled
Till Schneidereit (Jan 17 2025 at 15:21):ah, interesting. The documentation led me to believe that it's possible (though not advised) to run without address. Can you say what we have to work around with what you're proposing?
Till Schneidereit (Jan 17 2025 at 15:22):(also, I guess we should enable i386 with Pulley at some point?)
Alex Crichton (Jan 17 2025 at 15:22): Alex Crichton (Jan 17 2025 at 15:22):heh the docs you're looking at are unfortunately more expansive
Alex Crichton (Jan 17 2025 at 15:23):or well I've never actually looked into i386 support at all
Alex Crichton (Jan 17 2025 at 15:23):I'm not sure there's any rust projects using that ....
Alex Crichton (Jan 17 2025 at 15:23):but for sanitizers I'm relatively certain our only option is to fake it
Till Schneidereit (Jan 17 2025 at 15:23):ah, that makes sense
Till Schneidereit (Jan 17 2025 at 15:24):so removing address from the list is simply ignored in practice?
Alex Crichton (Jan 17 2025 at 15:24):AFAIK that would be bad in that it would then build our fuzzers with both ASAN and UBSAN (I think)
Alex Crichton (Jan 17 2025 at 15:24):in that I think "empty == address + undefined"
Alex Crichton (Jan 17 2025 at 15:24):the concept of "no sanitizers" I don't think exists in C++
Till Schneidereit (Jan 17 2025 at 15:25):oh, I wasn't suggesting to remove the list, but have it empty. But maybe that's not a thing
Till Schneidereit (Jan 17 2025 at 15:25):and I take it of the available santiziers, address is the one we'd mind having active the least?
Alex Crichton (Jan 17 2025 at 15:25):tbh I feel like that would either crash their infrastructure of cause it to be assumed missing anyway heh
Alex Crichton (Jan 17 2025 at 15:26):we only have address enabled right now
Alex Crichton (Jan 17 2025 at 15:26):AFAIK that's mostly because the original integration with cargo-fuzz didn't plumb $SANITIZER to cargo fuzz build
Alex Crichton (Jan 17 2025 at 15:26):it wouldn't be too hard to add I think
Till Schneidereit (Jan 17 2025 at 15:26):understood, yes. What I'm trying to understand is whether, if we have to have at least one active, e.g. undefined would be better or worse
Alex Crichton (Jan 17 2025 at 15:26):I suppose in theory we could leave asan on, enable undefined santiziing, and translate "undefined" to "none"
Alex Crichton (Jan 17 2025 at 15:27):I've never tried "undefined" myself
Till Schneidereit (Jan 17 2025 at 15:27):I guess we'll see what your PR does
Alex Crichton (Jan 17 2025 at 15:27):it's an adventure!
Alex Crichton (Jan 17 2025 at 15:27):lol
Till Schneidereit (Jan 17 2025 at 15:27):(and how it's reviewed)
Last updated: Jan 24 2025 at 00:11 UTC