From 4e0f1c78219fee9a1bc8e8145f244297eadf9f75 Mon Sep 17 00:00:00 2001 From: George Karpenkov Date: Fri, 11 Aug 2017 17:23:45 +0000 Subject: [PATCH] Update libFuzzer documentation for -fsanitize=fuzzer-no-link flag Differential Revision: https://reviews.llvm.org/D36602 llvm-svn: 310734 --- docs/LibFuzzer.rst | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/docs/LibFuzzer.rst b/docs/LibFuzzer.rst index e22ed388e40..d9c7966a721 100644 --- a/docs/LibFuzzer.rst +++ b/docs/LibFuzzer.rst @@ -90,12 +90,24 @@ Some important things to remember about fuzz targets: Fuzzer Usage ------------ -Very recent versions of Clang (> April 20 2017) include libFuzzer, +Very recent versions of Clang (after April 20 2017) include libFuzzer, and no installation is necessary. In order to fuzz your binary, use the `-fsanitize=fuzzer` flag during the compilation:: clang -fsanitize=fuzzer,address mytarget.c +This will perform the necessary instrumentation, as well as linking in libFuzzer +library. +Note that linking in libFuzzer defines the ``main`` symbol. +If modifying ``CFLAGS`` of a large project, which also compiles executables +requiring their own ``main`` symbol, it may be desirable to request just the +instrumentation without linking:: + + clang -fsanitize=fuzzer-no-link mytarget.c + +Then libFuzzer can be linked to the desired driver by passing in +``-fsanitize=fuzzer`` during the linking stage. + Otherwise, build the libFuzzer library as a static archive, without any sanitizer options. Note that the libFuzzer library contains the ``main()`` function: