[android-building] How can I compile AOSP module with afl-clang-fast++ ?

Gin Mon, 25 Nov 2019 17:10:39 -0800

Hi :)
I'm trying to compile a module stagefright in AOSP, with afl-clang-fast++.
I'm using ele7enxxh's android-afl.
Github link: https://github.com/ele7enxxh/android-afl


My environment is

  - Ubuntu 16.04.5 server, x86_64
  - Pie 9.0.0_r47 x86_64 build
  - Local Clang version - 6.0


I compiled android-afl with local clang, and I did compile the android 
module with afl-clang-fast, Android.mk file like below.

export AFL_CC=/usr/bin/clang
LOCAL_MULTILIB := 64
LOCAL_CLANG := true
LOCAL_CC := afl-clang-fast
LOCAL_LDFLAGS := $(PRODUCT_OUT)/system/afl-llvm-rt-64.o
LOCAL_STRIP_MODULE:= false


include $(BUILD_EXECUTABLE)

After editing Android.mk file, compile was succeeded, and I can check afl 
instrumentation like below.

root@pie:~/aosp/frameworks/av/media# objdump -d /system/bin/stagefright | 
grep afl
   55c7:        48 8d 3d 31 5a 00 00    lea    0x5a31(%rip),%rdi        # 
afff <__afl_auto_init+0x2af>
   55ce:        48 8d 35 f1 58 00 00    lea    0x58f1(%rip),%rsi        # 
aec6 <__afl_auto_init+0x176>
   55d5:        48 8d 15 f6 58 00 00    lea    0x58f6(%rip),%rdx        # 
aed2 <__afl_auto_init+0x182>
   55dc:        48 8d 0d 55 5a 00 00    lea    0x5a55(%rip),%rcx        # 
b038 <__afl_auto_init+0x2e8>
   560a:        48 8d 3d 7b 58 00 00    lea    0x587b(%rip),%rdi        # 
ae8c <__afl_auto_init+0x13c>
   ... 
    ...
   a872:        48 8d 0d 5c 21 00 00    lea    0x215c(%rip),%rcx        # 
c9d5 <__afl_auto_init+0x1c85>
   a8b9:        48 8d 3d 5f 21 00 00    lea    0x215f(%rip),%rdi        # 
ca1f <__afl_auto_init+0x1ccf>
   a8c0:        48 8d 15 0b 06 00 00    lea    0x60b(%rip),%rdx        # 
aed2 <__afl_auto_init+0x182>
   a8c7:        48 8d 0d 5d 21 00 00    lea    0x215d(%rip),%rcx        # 
ca2b <__afl_auto_init+0x1cdb>
   aa08:        f2 0f 10 0d 88 03 00    movsd  0x388(%rip),%xmm1        # 
ad98 <__afl_auto_init+0x48>
   aa14:        f2 0f 59 0d 84 03 00    mulsd  0x384(%rip),%xmm1        # 
ada0 <__afl_auto_init+0x50>
   aa22:        0f 14 05 f7 20 00 00    unpcklps 0x20f7(%rip),%xmm0       
 # cb20 <__afl_auto_init+0x1dd0>
   aa29:        66 0f 5c 05 ff 20 00    subpd  0x20ff(%rip),%xmm0        # 
cb30 <__afl_auto_init+0x1de0>
   aa5b:        f2 0f 59 05 45 03 00    mulsd  0x345(%rip),%xmm0        # 
ada8 <__afl_auto_init+0x58>
000000000000ab20 <__afl_manual_init>:
   ab38:        8a 05 0c 55 00 00       mov    0x550c(%rip),%al        # 
1004a <__afl_manual_init.init_done>
   ab40:        0f 85 dd 01 00 00       jne    ad23 
<__afl_manual_init+0x203>
   ab46:        48 8d 3d 5b 1f 00 00    lea    0x1f5b(%rip),%rdi        # 
caa8 <__afl_auto_init+0x1d58>
   ab55:        74 55                   je     abac <__afl_manual_init+0x8c>
   ab75:        78 28                   js     ab9f <__afl_manual_init+0x7f>
   ab9f:        48 8d 05 5a 54 00 00    lea    0x545a(%rip),%rax        # 
10000 <__afl_area_ptr>
   abac:        48 8d 35 98 54 00 00    lea    0x5498(%rip),%rsi        # 
1004b <__afl_start_forkserver.tmp>
   abcb:        0f 85 4b 01 00 00       jne    ad1c 
<__afl_manual_init+0x1fc>
   abee:        0f 85 0a 01 00 00       jne    acfe 
<__afl_manual_init+0x1de>
   ac13:        74 2b                   je     ac40 
<__afl_manual_init+0x120>
   ac1b:        74 23                   je     ac40 
<__afl_manual_init+0x120>
   ac2d:        79 31                   jns    ac60 
<__afl_manual_init+0x140>
   ac2f:        e9 ca 00 00 00          jmpq   acfe 
<__afl_manual_init+0x1de>
   ac43:        74 1b                   je     ac60 
<__afl_manual_init+0x140>
   ac53:             eb 22                      jmp    ac77 
<__afl_manual_init+0x157>
   ac6b:        0f 88 8d 00 00 00       js     acfe 
<__afl_manual_init+0x1de>
   ac71:        0f 84 91 00 00 00       je     ad08 
<__afl_manual_init+0x1e8>
   ac92:        75 6a                   jne    acfe 
<__afl_manual_init+0x1de>
   acb0:        78 4c                   js     acfe 
<__afl_manual_init+0x1de>
   acd1:        75 2b                   jne    acfe 
<__afl_manual_init+0x1de>
   acf8:        0f 84 12 ff ff ff       je     ac10 <__afl_manual_init+0xf0>
   ad1c:        c6 05 27 53 00 00 01    movb   $0x1,0x5327(%rip)        # 
1004a <__afl_manual_init.init_done>
   ad31:        75 0b                   jne    ad3e 
<__afl_manual_init+0x21e>
000000000000ad50 <__afl_auto_init>:
   ad51:        48 8d 3d 1c 1d 00 00    lea    0x1d1c(%rip),%rdi        # 
ca74 <__afl_auto_init+0x1d24>
   ad67:        48 8d 3d 17 1d 00 00    lea    0x1d17(%rip),%rdi        # 
ca85 <__afl_auto_init+0x1d35>
   ad76:        74 02                   je     ad7a <__afl_auto_init+0x2a>
   ad7b:        e9 a0 fd ff ff          jmpq   ab20 <__afl_manual_init>

But when I added a few lines to the Android.mk file to compile the same 
modules,
I faced segmentation fault error.

export AFL_CC=/usr/bin/clang
export AFL_CXX=/usr/bin/clang++
LOCAL_MULTILIB := 64
LOCAL_CLANG := true
LOCAL_CC := afl-clang-fast
LOCAL_CXX := afl-clang-fast++
LOCAL_LDFLAGS := $(PRODUCT_OUT)/system/afl-llvm-rt-64.o

LOCAL_STRIP_MODULE:= false

include $(BUILD_EXECUTABLE)

[ 25% 2/8] target  C++: stagefright <= frameworks/av/cmds/stagefright/
stagefright.cpp
FAILED: out/target/product/generic_x86_64/obj/EXECUTABLES/
stagefright_intermediates/stagefright.o 
/bin/bash -c "PWD=/proc/self/cwd afl-clang-fast++        -I 
frameworks/av/media/libstagefright -I 
frameworks/av/media/libstagefright/include 
-I frameworks/native/include/media/openmax -I external/jpeg -I 
frameworks/av/cmds/stagefright -I out/target/product/generic_
x86_64/obj/EXECUTABLES/stagefright_intermediates -I 
out/target/product/generic_x86_64/gen/EXECUTABLES/stagefright_intermediates 
-I libnativehelper/include_jni \$(cat out/target/product/generic_
x86_64/obj/EXECUTABLES/stagefright_intermediates/import_includes)  -I 
system/core/include -I system/media/audio/include -I 
hardware/libhardware/include -I hardware/libhardware_legacy/include -I 
hardware/ril/include -I libnativehelper/include -I 
frameworks/native/include -I frameworks/native/opengl/include -I 
frameworks/av/include -isystem bionic/libc/include -isystem 
bionic/libc/kernel/uapi -isystem bionic/libc/kernel/uapi/asm-x86 -isystem 
bionic/libc/kernel/android/scsi -isystem bionic/libc/kernel/android/uapi -c 
 -Werror=implicit-function-declaration -DANDROID -fmessage-length=0 -W 
-Wall -Wno-unused -Winit-self -Wpointer-arith -no-canonical-prefixes 
-DNDEBUG -UDEBUG -fno-exceptions -Wno-multichar -O2 -g -fno-strict-aliasing 
-fdebug-prefix-map=/proc/self/cwd= -D__compiler_offsetof=__builtin_offsetof 
-Werror=int-conversion -Wno-reserved-id-macro -Wno-format-pedantic 
-Wno-unused-command-line-argument -fcolor-diagnostics 
-Wno-expansion-to-defined -Wno-zero-as-null-pointer-constant 
-fdebug-prefix-map=\$PWD/= -ffunction-sections -fdata-sections 
-fno-short-enums -funwind-tables -fstack-protector-strong -Wa,--noexecstack 
-D_FORTIFY_SOURCE=2 -Wstrict-aliasing=2 -Werror=return-type 
-Werror=non-virtual-dtor -Werror=address -Werror=sequence-point 
-Werror=date-time -Werror=format-security -nostdlibinc -m64 -march=x86-64 
-DUSE_SSSE3 -mssse3 -msse4 -msse4.1 -msse4.2 -mpopcnt -target 
x86_64-linux-android -Bprebuilts/gcc/linux-x86/x86/
x86_64-linux-android-4.9/x86_64-linux-android/bin  -Wsign-promo 
-Wno-inconsistent-missing-override -Wno-null-dereference 
-D_LIBCPP_ENABLE_THREAD_SAFETY_ANNOTATIONS -Wno-thread-safety-negative 
-Wno-gnu-include-next -fvisibility-inlines-hidden  -std=gnu++14   -fno-rtti 
-Wno-multichar -Werror -Wall -fPIE -D_USING_LIBCXX -DANDROID_STRICT   
-Werror=int-to-pointer-cast -Werror=pointer-to-int-cast 
-Werror=address-of-temporary -Werror=return-type 
-Wno-tautological-constant-compare 
-Wno-null-pointer-arithmetic -Wno-enum-compare -Wno-enum-compare-switch   
-MD -MF out/target/product/generic_x86_64/obj/EXECUTABLES/
stagefright_intermediates/stagefright.d -o out/target/product/generic_
x86_64/obj/EXECUTABLES/stagefright_intermediates/stagefright.o 
frameworks/av/cmds/stagefright/stagefright.cpp"
clang++: error: unable to execute command: Segmentation fault (core dumped)
clang++: error: clang frontend command failed due to signal (use -v to see 
invocation)
clang version 6.0.0-1ubuntu2~16.04.1 (tags/RELEASE_600/final)
Target: x86_64--linux-android
Thread model: posix
InstalledDir: /usr/bin
clang++: note: diagnostic msg: PLEASE submit a bug report to http:
//llvm.org/bugs/ and include the crash backtrace, preprocessed source, and 
associated run script.
clang++: error: unable to execute command: Segmentation fault (core dumped)
clang++: note: diagnostic msg: Error generating preprocessed source(s).
ninja: build stopped: subcommand failed.
18:12:01 ninja failed with: exit status 1

How can I fix this error?
Anybody help?

-- 
-- 
You received this message because you are subscribed to the "Android Building" 
mailing list.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-building?hl=en

--- 
You received this message because you are subscribed to the Google Groups 
"Android Building" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/android-building/42046af3-4f10-492b-bdca-4e4f79437603%40googlegroups.com.

[android-building] How can I compile AOSP module with afl-clang-fast++ ?

Reply via email to