[llvm] r281667 - [libFuzzer] make caller-callee feedback work with trace-pc-guard

Kostya Serebryany via llvm-commits llvm-commits at lists.llvm.org
Thu Sep 15 15:16:15 PDT 2016 

Author: kcc
Date: Thu Sep 15 17:16:15 2016
New Revision: 281667

URL: http://llvm.org/viewvc/llvm-project?rev=281667&view=rev
Log:
[libFuzzer] make caller-callee feedback work with trace-pc-guard

Modified:
    llvm/trunk/lib/Fuzzer/FuzzerInternal.h
    llvm/trunk/lib/Fuzzer/FuzzerTracePC.cpp
    llvm/trunk/lib/Fuzzer/test/CMakeLists.txt
    llvm/trunk/lib/Fuzzer/test/fuzzer.test
    llvm/trunk/lib/Fuzzer/test/trace-pc/CMakeLists.txt

Modified: llvm/trunk/lib/Fuzzer/FuzzerInternal.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerInternal.h?rev=281667&r1=281666&r2=281667&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerInternal.h (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerInternal.h Thu Sep 15 17:16:15 2016
@@ -360,6 +360,7 @@ class TracePC {
  public:
   void HandleTrace(uint8_t *guard, uintptr_t PC);
   void HandleInit(uint8_t *start, uint8_t *stop);
+  void HandleCallerCallee(uintptr_t Caller, uintptr_t Callee);
   size_t GetTotalCoverage() { return TotalCoverage; }
   void SetUseCounters(bool UC) { UseCounters = UC; }
   size_t UpdateCounterMap(ValueBitMap *Map);

Modified: llvm/trunk/lib/Fuzzer/FuzzerTracePC.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerTracePC.cpp?rev=281667&r1=281666&r2=281667&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerTracePC.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerTracePC.cpp Thu Sep 15 17:16:15 2016
@@ -73,6 +73,12 @@ size_t TracePC::UpdateCounterMap(ValueBi
   return Delta;
 }
 
+void TracePC::HandleCallerCallee(uintptr_t Caller, uintptr_t Callee) {
+  const uintptr_t kBits = 12;
+  const uintptr_t kMask = (1 << kBits) - 1;
+  CounterMap.AddValue((Caller & kMask) | ((Callee & kMask) << kBits));
+}
+
 } // namespace fuzzer
 
 extern "C" {
@@ -86,4 +92,10 @@ __attribute__((visibility("default")))
 void __sanitizer_cov_trace_pc_guard_init(uint8_t *Start, uint8_t *Stop) {
   fuzzer::TPC.HandleInit(Start, Stop);
 }
+
+__attribute__((visibility("default")))
+void __sanitizer_cov_trace_pc_indir(uintptr_t Callee) {
+  uintptr_t PC = (uintptr_t)__builtin_return_address(0);
+  fuzzer::TPC.HandleCallerCallee(PC, Callee);
+}
 }

Modified: llvm/trunk/lib/Fuzzer/test/CMakeLists.txt
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/CMakeLists.txt?rev=281667&r1=281666&r2=281667&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/CMakeLists.txt (original)
+++ llvm/trunk/lib/Fuzzer/test/CMakeLists.txt Thu Sep 15 17:16:15 2016
@@ -25,6 +25,7 @@ foreach (VARNAME ${variables_to_filter})
 endforeach()
 
 # Enable the coverage instrumentation (it is disabled for the Fuzzer lib).
+#set(CMAKE_CXX_FLAGS "${LIBFUZZER_FLAGS_BASE} -fno-sanitize-coverage=8bit-counters  -fsanitize-coverage=edge,indirect-calls,trace-cmp,trace-div,trace-gep,trace-pc-guard -g")
 set(CMAKE_CXX_FLAGS "${LIBFUZZER_FLAGS_BASE} -fsanitize-coverage=edge,indirect-calls,trace-cmp,trace-div,trace-gep -g")
 
 # add_libfuzzer_test(<name>

Modified: llvm/trunk/lib/Fuzzer/test/fuzzer.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/fuzzer.test?rev=281667&r1=281666&r2=281667&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/fuzzer.test (original)
+++ llvm/trunk/lib/Fuzzer/test/fuzzer.test Thu Sep 15 17:16:15 2016
@@ -32,7 +32,8 @@ COUNTERS: NEW {{.*}} bits: {{[1-9]*}}
 COUNTERS: NEW {{.*}} bits: {{[1-9]*}}
 COUNTERS: BINGO
 
-RUN: not LLVMFuzzer-CallerCalleeTest                     -cross_over=0 -max_len=6 -seed=1 -timeout=15 2>&1 | FileCheck %s
+RUN: not LLVMFuzzer-CallerCalleeTest                     -cross_over=0 -max_len=6 -seed=1 -max_total_time=15 2>&1 | FileCheck %s
+RUN: not LLVMFuzzer-CallerCalleeTest-TracePC             -cross_over=0 -max_len=6 -seed=1 -max_total_time=15 2>&1 | FileCheck %s
 # This one is flaky, may actually find the goal even w/o use_indir_calls.
 # LLVMFuzzer-CallerCalleeTest  -use_indir_calls=0 -cross_over=0 -max_len=6 -seed=1 -runs=1000000 2>&1 | FileCheck %s  --check-prefix=Done1000000
 

Modified: llvm/trunk/lib/Fuzzer/test/trace-pc/CMakeLists.txt
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/trace-pc/CMakeLists.txt?rev=281667&r1=281666&r2=281667&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/trace-pc/CMakeLists.txt (original)
+++ llvm/trunk/lib/Fuzzer/test/trace-pc/CMakeLists.txt Thu Sep 15 17:16:15 2016
@@ -6,6 +6,7 @@ set(CMAKE_CXX_FLAGS
 set(TracePCTests
   SimpleTest
   CounterTest
+  CallerCalleeTest
   )
 
 foreach(Test ${TracePCTests})

More information about the llvm-commits mailing list