Cannot fuse fuzz drivers due to merge_control_file not found #20
Description
Hi,
I'm trying to run PromptFuzz for libtiff, it successfully generate some fuzz drivers.
However, due to the merge_control_file not found error, they are all placed into output/libtiff/error_seeds/fuzzer and cannot be fused into one fuzz driver.
Below is a fuzz driver generated and placed into error_seeds:
#include <tiffio.hxx>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <vector>
#include <fstream>
#include <iostream>
#include <sstream>
//<ID> 0
//<Prompt> ["TIFFIsMSB2LSB","TIFFCheckTile","TIFFErrorExt","TIFFGetBitRevTable","TIFFFdOpenExt","TIFFRasterScanlineSize64","TIFFScanlineSize64"]
/*<Combination>: [int TIFFIsMSB2LSB(TIFF * ),
int TIFFCheckTile(TIFF * tif, uint32_t x, uint32_t y, uint32_t z, uint16_t s),
void TIFFErrorExt(thandle_t , const char * , const char * ),
const unsigned char *TIFFGetBitRevTable(int ),
TIFF *TIFFFdOpenExt(int , const char * , const char * , TIFFOpenOptions * opts),
uint64_t TIFFRasterScanlineSize64(TIFF * tif),
uint64_t TIFFScanlineSize64(TIFF * tif)
*/
//<score> 0, nr_unique_branch: 0
//<Quality> {"density":0,"unique_branches":{},"library_calls":[],"critical_calls":[],"visited":0}
/*Here's a C++ program that acts as a fuzz driver for testing libtiff using the specified APIs as per your instructions. The program will read a byte stream of TIFF data, perform checks and operations related to TIFF format, and write any output or error to a file.
*/
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
// Open input memory stream
FILE *in_file = fmemopen((void *)data, size, "rb");
if (!in_file) {
return 0; // Failed to open input stream
}
// Prepare TIFFOpenOptions
TIFFOpenOptions *opts = TIFFOpenOptionsAlloc();
// Open TIFF file from file descriptor
int fd = fileno(in_file);
TIFF *tif = TIFFFdOpenExt(fd, "input_file", "r", opts);
TIFFOpenOptionsFree(opts);
if (!tif) {
// Error opening TIFF file
TIFFError("TIFF Open", "Failed to open TIFF file");
fclose(in_file);
return 0;
}
// Check if the TIFF is MSB2LSB (Most Significant Bit to Least Significant Bit)
int isMSB2LSB = TIFFIsMSB2LSB(tif);
// Check if the TIFF image is tiled or not
uint32_t x = 0, y = 0, z = 0, s = 0; // These values will be based on the image data
int tileCheck = TIFFCheckTile(tif, x, y, z, s);
// Handle errors from TIFF operations
if (isMSB2LSB < 0 || tileCheck < 0) {
TIFFErrorExt(tif, "TIFF Error", "Error checking TIFF properties");
}
// Get raster scanline size
uint64_t rasterScanlineSize = TIFFRasterScanlineSize64(tif);
uint64_t scanlineSize = TIFFScanlineSize64(tif);
// Optional: Log the raster sizes (this is here just to consume the values)
printf("Raster Scanline Size: %llu, Scanline Size: %llu\n",
static_cast<unsigned long long>(rasterScanlineSize),
static_cast<unsigned long long>(scanlineSize));
// Cleanup
TIFFClose(tif);
fclose(in_file);
return 0;
}
Fuzzer Error:
warning: creating a shared reference to mutable static is discouraged
--> src/config.rs:105:14
|
105 | unsafe { CONFIG_INSTANCE.as_ref().unwrap_or_else(|| panic!("please parse the config first.")) }
| ^^^^^^^^^^^^^^^^^^^^^^^^ shared reference to mutable static
|
= note: for more information, see <https://doc.rust-lang.org/nightly/edition-guide/rust-2024/static-mut-references.html>
= note: shared references to mutable statics are dangerous; it's undefined behavior if the static is mutated or if a mutable reference is created for it while the shared reference lives
= note: `#[warn(static_mut_refs)]` on by default
warning: creating a mutable reference to mutable static is discouraged
--> src/config.rs:112:14
|
112 | unsafe { CONFIG_INSTANCE.as_mut().unwrap_or_else(|| panic!("please parse the config first.")) }
| ^^^^^^^^^^^^^^^^^^^^^^^^ mutable reference to mutable static
|
= note: for more information, see <https://doc.rust-lang.org/nightly/edition-guide/rust-2024/static-mut-references.html>
= note: mutable references to mutable statics are dangerous; it's undefined behavior if any other pointer to the static is used or if any other reference is created for the static while the mutable reference lives
warning: creating a shared reference to mutable static is discouraged
--> src/deopt.rs:453:21
|
453 | Ok(unsafe { crate::PCH_NAMES.get_or_init(|| Deopt::init_pch_file_names().unwrap()) })
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ shared reference to mutable static
|
= note: for more information, see <https://doc.rust-lang.org/nightly/edition-guide/rust-2024/static-mut-references.html>
= note: shared references to mutable statics are dangerous; it's undefined behavior if the static is mutated or if a mutable reference is created for it while the shared reference lives
warning: creating a mutable reference to mutable static is discouraged
--> src/deopt.rs:457:21
|
457 | Ok(unsafe { crate::PCH_NAMES.get_mut().unwrap() })
| ^^^^^^^^^^^^^^^^^^^^^^^^^^ mutable reference to mutable static
|
= note: for more information, see <https://doc.rust-lang.org/nightly/edition-guide/rust-2024/static-mut-references.html>
= note: mutable references to mutable statics are dangerous; it's undefined behavior if any other pointer to the static is used or if any other reference is created for the static while the mutable reference lives
warning: creating a shared reference to mutable static is discouraged
--> src/execution/logger.rs:385:14
|
385 | unsafe { GTL.set(GlobalTimeLogger::new()).unwrap() };
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ shared reference to mutable static
|
= note: for more information, see <https://doc.rust-lang.org/nightly/edition-guide/rust-2024/static-mut-references.html>
= note: shared references to mutable statics are dangerous; it's undefined behavior if the static is mutated or if a mutable reference is created for it while the shared reference lives
warning: creating a shared reference to mutable static is discouraged
--> src/execution/logger.rs:389:14
|
389 | unsafe { GTL.get().expect("GTL should not be None") }
| ^^^^^^^^^ shared reference to mutable static
|
= note: for more information, see <https://doc.rust-lang.org/nightly/edition-guide/rust-2024/static-mut-references.html>
= note: shared references to mutable statics are dangerous; it's undefined behavior if the static is mutated or if a mutable reference is created for it while the shared reference lives
warning: creating a mutable reference to mutable static is discouraged
--> src/execution/logger.rs:393:14
|
393 | unsafe { GTL.get_mut().expect("GTL should not be None") }
| ^^^^^^^^^^^^^ mutable reference to mutable static
|
= note: for more information, see <https://doc.rust-lang.org/nightly/edition-guide/rust-2024/static-mut-references.html>
= note: mutable references to mutable statics are dangerous; it's undefined behavior if any other pointer to the static is used or if any other reference is created for the static while the mutable reference lives
warning: creating a shared reference to mutable static is discouraged
--> src/program/mod.rs:27:14
|
27 | unsafe { EXEC_COUNTER.get_or_init(HashMap::new) }
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ shared reference to mutable static
|
= note: for more information, see <https://doc.rust-lang.org/nightly/edition-guide/rust-2024/static-mut-references.html>
= note: shared references to mutable statics are dangerous; it's undefined behavior if the static is mutated or if a mutable reference is created for it while the shared reference lives
warning: creating a mutable reference to mutable static is discouraged
--> src/program/mod.rs:31:37
|
31 | if let Some(counter) = unsafe { EXEC_COUNTER.get_mut() } {
| ^^^^^^^^^^^^^^^^^^^^^^ mutable reference to mutable static
|
= note: for more information, see <https://doc.rust-lang.org/nightly/edition-guide/rust-2024/static-mut-references.html>
= note: mutable references to mutable statics are dangerous; it's undefined behavior if any other pointer to the static is used or if any other reference is created for the static while the mutable reference lives
warning: creating a mutable reference to mutable static is discouraged
--> src/program/infer/dynamic_infer.rs:366:13
|
366 | CACHE.push(corpora.clone());
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^ mutable reference to mutable static
|
= note: for more information, see <https://doc.rust-lang.org/nightly/edition-guide/rust-2024/static-mut-references.html>
= note: mutable references to mutable statics are dangerous; it's undefined behavior if any other pointer to the static is used or if any other reference is created for the static while the mutable reference lives
warning: creating a shared reference to mutable static is discouraged
--> src/program/infer/dynamic_infer.rs:379:18
|
379 | if unsafe { !CACHE.is_empty() } {
| ^^^^^^^^^^^^^^^^ shared reference to mutable static
|
= note: for more information, see <https://doc.rust-lang.org/nightly/edition-guide/rust-2024/static-mut-references.html>
= note: shared references to mutable statics are dangerous; it's undefined behavior if the static is mutated or if a mutable reference is created for it while the shared reference lives
warning: creating a shared reference to mutable static is discouraged
--> src/program/infer/dynamic_infer.rs:380:31
|
380 | let choose = unsafe { CACHE.first().unwrap() };
| ^^^^^^^^^^^^^ shared reference to mutable static
|
= note: for more information, see <https://doc.rust-lang.org/nightly/edition-guide/rust-2024/static-mut-references.html>
= note: shared references to mutable statics are dangerous; it's undefined behavior if the static is mutated or if a mutable reference is created for it while the shared reference lives
warning: creating a shared reference to mutable static is discouraged
--> src/program/libfuzzer.rs:607:54
|
607 | let counter: &HashMap<u16, usize> = unsafe { ERROR_COUNT.get_or_init(HashMap::new) };
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ shared reference to mutable static
|
= note: for more information, see <https://doc.rust-lang.org/nightly/edition-guide/rust-2024/static-mut-references.html>
= note: shared references to mutable statics are dangerous; it's undefined behavior if the static is mutated or if a mutable reference is created for it while the shared reference lives
warning: creating a mutable reference to mutable static is discouraged
--> src/program/libfuzzer.rs:613:41
|
613 | if let Some(counter) = unsafe { ERROR_COUNT.get_mut() } {
| ^^^^^^^^^^^^^^^^^^^^^ mutable reference to mutable static
|
= note: for more information, see <https://doc.rust-lang.org/nightly/edition-guide/rust-2024/static-mut-references.html>
= note: mutable references to mutable statics are dangerous; it's undefined behavior if any other pointer to the static is used or if any other reference is created for the static while the mutable reference lives
warning: creating a shared reference to mutable static is discouraged
--> src/request/prompt.rs:42:14
|
42 | unsafe { COUNTER.get_or_init(HashMap::new) }
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ shared reference to mutable static
|
= note: for more information, see <https://doc.rust-lang.org/nightly/edition-guide/rust-2024/static-mut-references.html>
= note: shared references to mutable statics are dangerous; it's undefined behavior if the static is mutated or if a mutable reference is created for it while the shared reference lives
warning: creating a mutable reference to mutable static is discouraged
--> src/request/prompt.rs:46:37
|
46 | if let Some(counter) = unsafe { COUNTER.get_mut() } {
| ^^^^^^^^^^^^^^^^^ mutable reference to mutable static
|
= note: for more information, see <https://doc.rust-lang.org/nightly/edition-guide/rust-2024/static-mut-references.html>
= note: mutable references to mutable statics are dangerous; it's undefined behavior if any other pointer to the static is used or if any other reference is created for the static while the mutable reference lives
thread 'main' panicked at src/execution/sanitize.rs:285:13:
"/prompt_fuzz/output/libtiff/work/id_000000/merge_control_file" does not exist!
stack backtrace:
0: 0x559937bb036a - std::backtrace_rs::backtrace::libunwind::trace::hfe0e1def394da018
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/std/src/../../backtrace/src/backtrace/libunwind.rs:116:5
1: 0x559937bb036a - std::backtrace_rs::backtrace::trace_unsynchronized::h96fbb6d117554616
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
2: 0x559937bb036a - std::sys::backtrace::_print_fmt::he1169c6f8956325b
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/std/src/sys/backtrace.rs:66:9
3: 0x559937bb036a - <std::sys::backtrace::BacktraceLock::print::DisplayBacktrace as core::fmt::Display>::fmt::ha4a311b32f6b4ad8
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/std/src/sys/backtrace.rs:39:26
4: 0x559937bdab13 - core::fmt::rt::Argument::fmt::h8ccd2627d2418ed3
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/core/src/fmt/rt.rs:177:76
5: 0x559937bdab13 - core::fmt::write::h1866771663f62b81
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/core/src/fmt/mod.rs:1189:21
6: 0x559937bac713 - std::io::Write::write_fmt::hb549e7444823135e
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/std/src/io/mod.rs:1884:15
7: 0x559937bb01b2 - std::sys::backtrace::BacktraceLock::print::hddd3a9918ce29aa7
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/std/src/sys/backtrace.rs:42:9
8: 0x559937bb13ac - std::panicking::default_hook::{{closure}}::h791f75256b902d7d
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/std/src/panicking.rs:268:22
9: 0x559937bb11f2 - std::panicking::default_hook::h82cc572fcb0d8cd7
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/std/src/panicking.rs:295:9
10: 0x559937bb1987 - std::panicking::rust_panic_with_hook::he21644cc2707f2c4
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/std/src/panicking.rs:801:13
11: 0x559937bb181a - std::panicking::begin_panic_handler::{{closure}}::h42f7c414fed3cad9
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/std/src/panicking.rs:674:13
12: 0x559937bb0849 - std::sys::backtrace::__rust_end_short_backtrace::ha26cf5766b4e8c65
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/std/src/sys/backtrace.rs:170:18
13: 0x559937bb14ac - rust_begin_unwind
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/std/src/panicking.rs:665:5
14: 0x55993731e120 - core::panicking::panic_fmt::h74866b78e934b1c0
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/core/src/panicking.rs:76:14
15: 0x55993746fc99 - prompt_fuzz::execution::sanitize::<impl prompt_fuzz::execution::Executor>::evolve_corpus::hb71945ae55fb9aa7
at /prompt_fuzz/src/execution/sanitize.rs:285:13
16: 0x55993746dfad - prompt_fuzz::execution::sanitize::<impl prompt_fuzz::execution::Executor>::is_program_coverage_correct::hccbcd4ff61b1f9da
at /prompt_fuzz/src/execution/sanitize.rs:127:9
17: 0x55993746ecf8 - prompt_fuzz::execution::sanitize::<impl prompt_fuzz::execution::Executor>::check_program_is_correct::h2e3f97bd9b83683a
at /prompt_fuzz/src/execution/sanitize.rs:151:28
18: 0x559937332cb7 - harness::check::h58ca51402b4298a3
at /prompt_fuzz/src/bin/harness.rs:129:19
19: 0x5599373391f2 - harness::main::he2ccde2a6f235db7
at /prompt_fuzz/src/bin/harness.rs:347:45
20: 0x55993731ffcb - core::ops::function::FnOnce::call_once::h2552ad2d0d1c1bca
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/core/src/ops/function.rs:250:5
21: 0x5599373285be - std::sys::backtrace::__rust_begin_short_backtrace::h9b8184a0c0751c23
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/std/src/sys/backtrace.rs:154:18
22: 0x559937330a01 - std::rt::lang_start::{{closure}}::h902043d1195bdaf4
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/std/src/rt.rs:195:18
23: 0x559937ba4c77 - core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once::h39b9ecdfe07c1b40
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/core/src/ops/function.rs:284:13
24: 0x559937ba4c77 - std::panicking::try::do_call::h195dec19c0e8d555
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/std/src/panicking.rs:557:40
25: 0x559937ba4c77 - std::panicking::try::h140b43e48373b310
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/std/src/panicking.rs:520:19
26: 0x559937ba4c77 - std::panic::catch_unwind::h82ff8b15455474e8
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/std/src/panic.rs:358:14
27: 0x559937ba4c77 - std::rt::lang_start_internal::{{closure}}::h68d9606a782b08fd
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/std/src/rt.rs:174:48
28: 0x559937ba4c77 - std::panicking::try::do_call::h9b1efbc7212cd607
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/std/src/panicking.rs:557:40
29: 0x559937ba4c77 - std::panicking::try::h3c3a9bacfbed2ee5
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/std/src/panicking.rs:520:19
30: 0x559937ba4c77 - std::panic::catch_unwind::h92cc37461d0f445d
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/std/src/panic.rs:358:14
31: 0x559937ba4c77 - std::rt::lang_start_internal::h78dd36c15a6b42b8
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/std/src/rt.rs:174:20
32: 0x5599373309da - std::rt::lang_start::h33a15df221e87795
at /rustc/9fc6b43126469e3858e2fe86cafb4f0fd5068869/library/std/src/rt.rs:194:17
33: 0x55993734181e - main
34: 0x7fbe99002d90 - <unknown>
35: 0x7fbe99002e40 - __libc_start_main
36: 0x55993731ea65 - _start
37: 0x0 - <unknown>Thank you for any advise!