Llvm 22 upgrades and fixes#3821
Open
rchildre3 wants to merge 6 commits into
Open
Conversation
rchildre3
force-pushed
the
llvm-22-upgrades-and-fixes
branch
from
2405609 to
b91ef19
Compare
rchildre3
force-pushed
the
llvm-22-upgrades-and-fixes
branch
from
e6a9403 to
3de818c
Compare
rchildre3
force-pushed
the
llvm-22-upgrades-and-fixes
branch
2 times, most recently
from
e565552 to
be12516
Compare
Member
|
What's missing? |
rchildre3
force-pushed
the
llvm-22-upgrades-and-fixes
branch
from
be12516 to
a58346d
Compare
Contributor
Author
|
The https://github.com/AFLplusplus/LibAFL/actions/runs/25896455451/job/76110522316 but the job is now passing after a rebase? I did not add any new diff to address the job failure. I will mark as ready but unsure what is the correct action to take |
Member
|
The ASan test is flakey, it's fixed by #3650 that we'll need to merge still |
`PassPlugin.h` was moved from `Passes/` to `Plugins/` in LLVM commit: `f54df0d09e19 ([LLVM][NFC] Move PassPlugin from Passes to separate library, 2025-12-22)` (First tagged in LLVM 22 releases)
LLVM began introducing opaque pointers (pointer types with purposefully undefined pointee types) around LLVM 13[1] like in commit: `2155dc51d700 ([IR] Introduce the opaque pointer type, 2021-05-01)` introducing the function: `PointerType::get(LLVMContext &C, unsigned AddressSpace)` and had wholesale switched to only opaque pointers by LLVM 17[2]. Part of that effort deprecates many functions, including: `PointerType::get(Type *ElementType, unsigned AddressSpace)` though this function was depreacted much later in LLVM 21 in commit: `146ad71bc71a ([IR] Deprecate PointerType::get/getUnqual pointee type overload (#134517), 2025-04-07)` Switch libafl_cc's passes to the new function to avoid deprecation warnings [1]: https://releases.llvm.org/13.0.1/docs/ReleaseNotes.html#changes-to-the-llvm-ir [2]: https://releases.llvm.org/22.1.0/docs/OpaquePointers.html#version-support
Constructing an ArrayRef from a nullopt was deprecated in LLVM commit:
`2529de5c935a ([ADT] Deprecate ArrayRef(std::nullopt) (#146011), 2025-06-27)`
(First tagged in LLVM 21)
Then removed in LLVM commit:
`cfbb4cc31215 ([ADT] Remove ArrayRef(std::nullopt_t) (#165831), 2025-10-31)`
(First tagged in LLVM 22)
The LLVM authors recommend switching to the `{}` C++ syntax, so
introduce that conditionally if and only if the LLVM version is
greater than or equal to 21 and fall back to the previous nullopt
workaround, otherwise
`FATAL` is defined in the `common-llvm.h` and is therefore accessible to all of the passes, remove the duplicate in the pass `.cc` file to remove the compiler warning
Address comments made in commit: `2a92a831 (Fix CI on MacOS (AFLplusplus#3813), 2026-05-13)`
rchildre3
force-pushed
the
llvm-22-upgrades-and-fixes
branch
from
a58346d to
3e2df59
Compare
Member
Finished `dev` profile [optimized + debuginfo] target(s) in 49.97s
/home/runner/work/LibAFL/LibAFL/target/debug/libafl_cc /home/runner/work/LibAFL/LibAFL/fuzzers/forkserver/forkserver_libafl_cc/src/program.c -o fuzzer_libafl_cc -lm -lz
[UserStats #0] run time: 0s, clients: 1, corpus: 0, objectives: 0, executions: 1, exec/sec: 0.000, shared_mem: 2/65536 (0%)
[Testcase #0] run time: 0s, clients: 1, corpus: 1, objectives: 0, executions: 1, exec/sec: 0.000, shared_mem: 2/65536 (0%)
We imported 1 inputs from disk.
[UserStats #0] run time: 0s, clients: 1, corpus: 1, objectives: 0, executions: 5, exec/sec: 0.000, shared_mem: 3/65536 (0%)
[Testcase #0] run time: 0s, clients: 1, corpus: 2, objectives: 0, executions: 5, exec/sec: 0.000, shared_mem: 3/65536 (0%)
[UserStats #0] run time: 0s, clients: 1, corpus: 2, objectives: 0, executions: 362, exec/sec: 0.000, shared_mem: 4/65536 (0%)
[Testcase #0] run time: 0s, clients: 1, corpus: 3, objectives: 0, executions: 362, exec/sec: 0.000, shared_mem: 4/65536 (0%)
[Client Heartbeat #0] run time: 15s, clients: 1, corpus: 3, objectives: 0, executions: 31078, exec/sec: 2.072k, shared_mem: 4/65536 (0%)
Fuzzer does not generate any testcases or any crashes
error: recipe `test` failed with exit code 1
error: recipe `test-fuzzer` failed on line 166 with exit code 1
Error: Process completed with exit code 1.Did something break instrumentation? |
* Remove 1 second per testcase timeout. The crashes are taking longer
and are erroneously treated as a timeout. Under moderate load on my
laptop, the crashes were being missed frequently.
* Add a max input length parameter akin to AFL++'s afl-fuzz CLI args so
that the mutations are more likely to find the objective (crash)
* Set the default test to length 10 as the two potential crashes can
be found mutating the first 3 or 4 bytes
* Relying on grep'ing through the the log of the micro fuzz campaign
is inheritly fraught as the printing is infrequent and
non-deterministic. Switch to checking the filesystem for results
rchildre3
force-pushed
the
llvm-22-upgrades-and-fixes
branch
from
3e2df59 to
145a7e8
Compare
Contributor
Author
No the test was very fragile being suspect to CPU load, as the default of even 1.2 seconds per testcase was far too low. I could trivially cause the Additionally I moved away from the fraught text searching through logs for success criteria, moving to a filesystem based approach. Also additionally, i have the test now print out what it was able to discover during the micro fuzzing campaign to test that any feedback was caught at all, as that the main reason for this test fuzzer's existence See updated test in CI here: https://github.com/AFLplusplus/LibAFL/actions/runs/26110207665/job/76785352015?pr=3821#step:6:465 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Closes #3769
I see the comments from @tokatoka that:
#3769 (comment)
and:
#3777 (comment)
With concurrence from @domenukk :
#3777 (comment)
But as a stopgap here is a PR that gets everything compiling with no deprecation warnings with LLVM 22
Checklist
./scripts/precommit.shand addressed all comments