[llvm] r310151 - [libFuzzer] use the in-binary pc table (instead of PCs captured at run-time) to implement -exit_on_src_pos
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Fri Aug 4 16:49:53 PDT 2017
Author: kcc
Date: Fri Aug 4 16:49:53 2017
New Revision: 310151
URL: http://llvm.org/viewvc/llvm-project?rev=310151&view=rev
Log:
[libFuzzer] use the in-binary pc table (instead of PCs captured at run-time) to implement -exit_on_src_pos
Added:
llvm/trunk/lib/Fuzzer/test/exit_on_src_pos.test
Modified:
llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
llvm/trunk/lib/Fuzzer/FuzzerTracePC.h
llvm/trunk/lib/Fuzzer/test/ShrinkControlFlowTest.cpp
llvm/trunk/lib/Fuzzer/test/fuzzer.test
Modified: llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp?rev=310151&r1=310150&r2=310151&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp Fri Aug 4 16:49:53 2017
@@ -328,17 +328,16 @@ void Fuzzer::SetMaxMutationLen(size_t Ma
void Fuzzer::CheckExitOnSrcPosOrItem() {
if (!Options.ExitOnSrcPos.empty()) {
static auto *PCsSet = new std::set<uintptr_t>;
- for (size_t i = 1, N = TPC.GetNumPCs(); i < N; i++) {
- uintptr_t PC = TPC.GetPC(i);
- if (!PC) continue;
- if (!PCsSet->insert(PC).second) continue;
- std::string Descr = DescribePC("%L", PC);
+ auto HandlePC = [&](uintptr_t PC) {
+ if (!PCsSet->insert(PC).second) return;
+ std::string Descr = DescribePC("%F %L", PC + 1);
if (Descr.find(Options.ExitOnSrcPos) != std::string::npos) {
Printf("INFO: found line matching '%s', exiting.\n",
Options.ExitOnSrcPos.c_str());
_Exit(0);
}
- }
+ };
+ TPC.ForEachObservedPC(HandlePC);
}
if (!Options.ExitOnItem.empty()) {
if (Corpus.HasUnit(Options.ExitOnItem)) {
Modified: llvm/trunk/lib/Fuzzer/FuzzerTracePC.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerTracePC.h?rev=310151&r1=310150&r2=310151&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerTracePC.h (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerTracePC.h Fri Aug 4 16:49:53 2017
@@ -133,6 +133,13 @@ class TracePC {
}
uintptr_t GetMaxStackOffset() const { return InitialStack - LowestStack; }
+ template<class CallBack>
+ void ForEachObservedPC(CallBack CB) {
+ if (ObservedPCs)
+ for (auto PC : *ObservedPCs)
+ CB(PC);
+ }
+
private:
bool UseCounters = false;
bool UseValueProfile = false;
Modified: llvm/trunk/lib/Fuzzer/test/ShrinkControlFlowTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/ShrinkControlFlowTest.cpp?rev=310151&r1=310150&r2=310151&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/ShrinkControlFlowTest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/ShrinkControlFlowTest.cpp Fri Aug 4 16:49:53 2017
@@ -10,6 +10,10 @@
static volatile int Sink;
+void Foo() {
+ Sink++;
+}
+
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
int8_t Ids[256];
memset(Ids, -1, sizeof(Ids));
@@ -20,8 +24,7 @@ extern "C" int LLVMFuzzerTestOneInput(co
int U = Ids[(unsigned char)'U'];
int Z = Ids[(unsigned char)'Z'];
if (F >= 0 && U > F && Z > U) {
- Sink++;
- //fprintf(stderr, "IDS: %d %d %d\n", F, U, Z);
+ Foo();
}
return 0;
}
Added: llvm/trunk/lib/Fuzzer/test/exit_on_src_pos.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/exit_on_src_pos.test?rev=310151&view=auto
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/exit_on_src_pos.test (added)
+++ llvm/trunk/lib/Fuzzer/test/exit_on_src_pos.test Fri Aug 4 16:49:53 2017
@@ -0,0 +1,8 @@
+# Temporary use -mllvm -use-unknown-locations=Disable so that
+# all instructions have debug info (file line numbers) attached.
+RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest -mllvm -use-unknown-locations=Disable
+RUN: %cpp_compiler %S/ShrinkControlFlowTest.cpp -o %t-ShrinkControlFlowTest
+
+RUN: %t-SimpleTest -exit_on_src_pos=SimpleTest.cpp:18 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
+RUN: %t-ShrinkControlFlowTest -exit_on_src_pos=Foo 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
+EXIT_ON_SRC_POS: INFO: found line matching '{{.*}}', exiting.
Modified: llvm/trunk/lib/Fuzzer/test/fuzzer.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/fuzzer.test?rev=310151&r1=310150&r2=310151&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/fuzzer.test (original)
+++ llvm/trunk/lib/Fuzzer/test/fuzzer.test Fri Aug 4 16:49:53 2017
@@ -11,7 +11,6 @@ RUN: %cpp_compiler %S/InitializeTest.cpp
RUN: %cpp_compiler %S/NotinstrumentedTest.cpp -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard -o %t-NotinstrumentedTest-NoCoverage
RUN: %cpp_compiler %S/NullDerefOnEmptyTest.cpp -o %t-NullDerefOnEmptyTest
RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest
-RUN: %cpp_compiler %S/ShrinkControlFlowTest.cpp -o %t-ShrinkControlFlowTest
RUN: %cpp_compiler %S/SimpleCmpTest.cpp -o %t-SimpleCmpTest
RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest
RUN: %cpp_compiler %S/StrncmpOOBTest.cpp -o %t-StrncmpOOBTest
@@ -62,10 +61,6 @@ RUN: not %t-DSOTest 2>&1 | FileCheck %s
DSO: INFO: Loaded 3 modules
DSO: BINGO
-RUN: %t-SimpleTest -exit_on_src_pos=SimpleTest.cpp:18 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
-RUN: %t-ShrinkControlFlowTest -exit_on_src_pos=ShrinkControlFlowTest.cpp:23 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
-EXIT_ON_SRC_POS: INFO: found line matching '{{.*}}', exiting.
-
RUN: env ASAN_OPTIONS=strict_string_checks=1 not %t-StrncmpOOBTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=STRNCMP
STRNCMP: AddressSanitizer: heap-buffer-overflow
STRNCMP-NOT: __sanitizer_weak_hook_strncmp
More information about the llvm-commits
mailing list