-
Notifications
You must be signed in to change notification settings - Fork 281
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
go-fuzz-build doesn't work with go modules (go 1.11.2) #195
Comments
Please try inside GOPATH. Building outside of GOPATH was never tested nor intended to work. |
OK, I'll dig into the first case. |
Another reason to remember golang/go#19109 |
Any updates on this? I experienced similar problems while trying to fuzz another project. I tried running go-fuzz in the project directory itself and received the |
I do not have any updates on this. |
Hello there, I've also just encountered this with $ go-fuzz-build github.com/census-instrumentation/opencensus-service/fuzz/receivers/zipkin
package dir '/Users/emmanuelodeke/go/pkg/mod/github.com/dvyukov/[email protected]/go-fuzz-dep' does not end with import path 'github.com/dvyukov/go-fuzz/go-fuzz-dep' @dvyukov perhaps it might be useful to create releases for this repository or even initialize it with go-modules? |
Kindly paging @bcmills :) #sorryForTheRandomPing |
See also #219 |
Inlining Josh's comment from #219 (comment) now that #219 is closed as a dup:
In addition to that outline from Josh, I suspect:
However, I could also imagine being wrong about those things. ;-) Some additional background on For reference, I think this is where the Lines 556 to 562 in 9cfa592
|
Updates dvyukov#195 Updates google/oss-fuzz/pull#2188
Updates #195 Updates google/oss-fuzz/pull#2188
This is a follow-up to dvyukov#237. Updates dvyukov#195 Updates google/oss-fuzz/pull#2188
for what it's worth, this worked fine with a mod-vendored project with minimal changes. index 324fc7c..fa57092 100644
--- a/go-fuzz-build/main.go
+++ b/go-fuzz-build/main.go
@@ -58,7 +58,6 @@ func makeTags() string {
// that clients can then modify and use for calls to go/packages.
func basePackagesConfig() *packages.Config {
cfg := new(packages.Config)
- cfg.Env = append(os.Environ(), "GO111MODULE=off")
return cfg
}
@@ -234,7 +233,7 @@ func (c *Context) loadPkg(pkg string) {
// See https://golang.org/issue/30826 and https://golang.org/issue/30828.
rescfg := basePackagesConfig()
rescfg.Mode = packages.NeedName
- rescfg.BuildFlags = []string{"-tags", makeTags()}
+ rescfg.BuildFlags = []string{"-mod=vendor", "-tags", makeTags()}
respkgs, err := packages.Load(rescfg, pkg)
if err != nil {
c.failf("could not resolve package %q: %v", pkg, err)
@@ -254,7 +253,7 @@ func (c *Context) loadPkg(pkg string) {
// of invalid code than trying to compile instrumented code.
cfg := basePackagesConfig()
cfg.Mode = packages.LoadAllSyntax
- cfg.BuildFlags = []string{"-tags", makeTags()}
+ cfg.BuildFlags = []string{"-mod=vendor", "-tags", makeTags()}
// use custom ParseFile in order to get comments
cfg.ParseFile = func(fset *token.FileSet, filename string, src []byte) (*ast.File, error) {
return parser.ParseFile(fset, filename, src, parser.ParseComments) obviously this is just force-setting things to use It might help to see how the There is a config (file or CLI param) to set your preferred |
Hmm, it seems it actually may have pulled from It didn't use That being said, vendor or not, module support might be not painful to implement here. reference:
|
Looks like it works these days. |
go-fuzz-build still does not work with go modules. |
OK. Reopened. |
@dvyukov @josharian I would like to work (me or some one from my team) on this issue. But before jumping and implementing I wanted to understand how complicated this is and how it should be implemented in terms of the design? we can come up with a proposal as well but wanted to see if there is already an idea in mind? |
I can't help much. I don't know what modules are. On user interface level we try to mimic go tool as much as possible. On implementation level I don't have any concrete thoughts. |
ccing also @mvdan as I know you did some hacky work arounds. maybe you have a suggestion in mind? |
I'm pretty sure @josharian has a master plan here, I just don't know if he's made it public :) Anyone is free to copy what I did here: https://github.com/mvdan/sh/tree/master/_fuzz/it The steps are:
As a bonus point, you can also track/pin the version of |
Great!
A short proposal is a fine way to proceed. It is possible that to understand enough to write a proposal you will find you need to actually implement most/all of it. If that happens, it is also ok to put the proposal in the commit message and send a PR. :)
I would hope that there would be no interface-level impact at all. go-fuzz-build should "just work" on both module-using and non-module-using packages.
I'm afraid that my master plan was: "get in there and figure it out". |
@mvdan Your pattern is working well for me. Thanks for posting it. Do you know if it's possible to fuzz a private function in the target package? I'm trying to adapt some fuzz targets that hit private functions. Not sure if there's a way to get at them from the fuzz module. |
We'll see how things end up, but most likely google/oss-fuzz#2878 needs to land first before landing modules support in go-fuzz. (google/oss-fuzz#2878 is a hopefully a small change). |
@thepudds any news with google/oss-fuzz#2878? |
@thepudds maybe we can do some incremental addition of this feature. i.e by adding some flag that enable this support until google/oss-fuzz#2878 is solved? |
Hello @yevgenypats, there seems to be some loose consensus there, but it is still open. I just pinged one of the oss-fuzz owners. If you don't see progress there soon, you could add a friendly ping there if you want. |
This is an alternative to dvyukov#271. Updates dvyukov#195
This will prevent breaking go-fuzz when it will support go modules dvyukov/go-fuzz#195 and addressing this issue: google#2878
This will prevent breaking go-fuzz when it will support go modules dvyukov/go-fuzz#195 and addressing this issue: #2878
For anyone who is particularly eager to see modules support land, one good and hopefully quick way to help would be sending a PR for issue #252. (That is not a gate on initial modules support, but it would help). |
Updates dvyukov#195 Updates google/oss-fuzz/pull#2188
This is a follow-up to dvyukov#237. Updates dvyukov#195 Updates google/oss-fuzz/pull#2188
Still doesn't work because Prometheus client_golang broke everything for non-modules in github.com/prometheus/client_golang/commit/ee1078a03c073762e2660d305738bfdafbf69ba6 You can't resolve xxhash/v2 in the fuzzer bcause it doesn't support modules yet, dvyukov/go-fuzz#195
…ind them. Until dvyukov/go-fuzz#195 is fixed, we need to vendor as some dependencies are only modules and cannot be found otherwise.
FTR: I'm going to investigate this issue a bit. If the problem is on my side, I will close the issue.
Environment:
Steps to reproduce inside GOPATH:
Steps to reproduce outside GOPATH:
The text was updated successfully, but these errors were encountered: