[PATCH] D27179: LibFuzzer - Implement timers for Windows and improve synchronization.
Marcos Pividori via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Mon Nov 28 16:44:32 PST 2016
mpividori created this revision.
mpividori added a reviewer: zturner.
mpividori added a subscriber: llvm-commits.
mpividori set the repository for this revision to rL LLVM.
Herald added a subscriber: aemerson.
+ Implemented timeouts for Windows using TimerQueueTimers.
+ Modified the implementation of timer for Posix systems. Instead of using ALRM signals, I create a new thread.
This simplifies the code, since both Posix and Windows implementations use a special thread to call AlarmCallback().
Under this assumption, we can safely use locks to synchronize that thread with the main thread.
(We couldn't do that if the same code could be executed asynchronously by a signal handler in Posix systems and by a separated thread in Windows).
Also, I realized that previous implementation assumed that the ALRM signals would be handled by the main thread, which is not necessarily true. In POSIX it is unspecified with thread handle signals.
+ I added a new flag `RunningCB` to know if the Fuzzer's main thread is running the CB function, instead of using `! CurrentUnitSize`. `! CurrentUnitSize` doesn't work properly.
For example, in FuzzerLoop.cpp, line 452, we execute the callback with size 0. Previous implementation failed to detect timeouts in that execution.
+ Add a mutex `RunningCBMtx` to synchronize the access to the Fuzzer's data between different threads.
All the information related to the state of the fuzzer is only modified by the main thread, when it is not running the callback function.
So, in order to consistently access to the Fuzzer's data, we should lock the `RunningCBMtx` and make sure `RunningCB` is true (the main thread is running the CB).
This is used to synchronize the thread which manages the timers, and the one which supervises rss limits, with the main thread.
Repository:
rL LLVM
https://reviews.llvm.org/D27179
Files:
lib/Fuzzer/FuzzerInternal.h
lib/Fuzzer/FuzzerLoop.cpp
lib/Fuzzer/FuzzerUtilPosix.cpp
lib/Fuzzer/FuzzerUtilWindows.cpp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D27179.79472.patch
Type: text/x-patch
Size: 5443 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20161129/d2902176/attachment.bin>
More information about the llvm-commits
mailing list