[compiler-rt] r333122 - [libFuzzer] change the output format for the DataFlow tracer

Kostya Serebryany via llvm-commits llvm-commits at lists.llvm.org
Wed May 23 13:57:11 PDT 2018 

Author: kcc
Date: Wed May 23 13:57:11 2018
New Revision: 333122

URL: http://llvm.org/viewvc/llvm-project?rev=333122&view=rev
Log:
[libFuzzer] change the output format for the DataFlow tracer

Modified:
    compiler-rt/trunk/lib/fuzzer/dataflow/DataFlow.cpp
    compiler-rt/trunk/test/fuzzer/dataflow.test

Modified: compiler-rt/trunk/lib/fuzzer/dataflow/DataFlow.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/dataflow/DataFlow.cpp?rev=333122&r1=333121&r2=333122&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/dataflow/DataFlow.cpp (original)
+++ compiler-rt/trunk/lib/fuzzer/dataflow/DataFlow.cpp Wed May 23 13:57:11 2018
@@ -40,23 +40,12 @@
 //
 // Example output:
 // ===============
-// LEN:    5
-// LABELS: 10
-// L7 1 6
-// L8 2 7
-// L9 3 8
-// L10 4 9
-// F1 10
-// F2 5
+//  F0 11111111111111
+//  F1 10000000000000
 //  ===============
-// "LEN:" indicates the number of bytes in the input.
-// "LABELS:" indicates the number of DFSan labels created while running the input.
-//   * The labels [1,LEN] correspond to the bytes of the input
-//     (label 1 corresponds to byte 0, and so on)
-//   * The label LEN+1 corresponds to the input size.
-//   * The labels [LEN+2,LABELS] correspond to DFSan's union labels.
-// "Li j k": describes the label 'i' as a union of labels 'j' and 'k'.
-// "Ff l": tells that the function 'f' depends on the label 'l'.
+// "FN xxxxxxxxxx": tells what bytes of the input does the function N depend on.
+//    The byte string is LEN+1 bytes. The last byte is set if the function
+//    depends on the input length.
 //===----------------------------------------------------------------------===*/
 
 #include <assert.h>
@@ -79,9 +68,10 @@ static size_t NumFuncs;
 static const uintptr_t *FuncsBeg;
 static __thread size_t CurrentFunc;
 static dfsan_label *FuncLabels;  // Array of NumFuncs elements.
+static char *PrintableStringForLabel;  // InputLen + 2 bytes.
 
 // Prints all instrumented functions.
-int PrintFunctions() {
+static int PrintFunctions() {
   // We don't have the symbolizer integrated with dfsan yet.
   // So use backtrace_symbols_fd and pipe it through llvm-symbolizer.
   // TODO(kcc): this is pretty ugly and may break in lots of ways.
@@ -99,16 +89,27 @@ int PrintFunctions() {
   return 0;
 }
 
-void PrintDataFlow(FILE *Out) {
-  fprintf(Out, "LEN:    %zd\n", InputLen);
-  fprintf(Out, "LABELS: %zd\n", dfsan_get_label_count());
-  for (dfsan_label L = InputLen + 2; L <= dfsan_get_label_count(); L++) {
+static void SetBytesForLabel(dfsan_label L, char *Bytes) {
+  if (L <= InputLen) {
+    Bytes[L] = '1';
+  } else {
     auto *DLI = dfsan_get_label_info(L);
-    fprintf(Out, "L%d %d %d\n", L, DLI->l1, DLI->l2);
+    SetBytesForLabel(DLI->l1, Bytes);
+    SetBytesForLabel(DLI->l2, Bytes);
   }
+}
+
+static char *GetPrintableStringForLabel(dfsan_label L) {
+  memset(PrintableStringForLabel, '0', InputLen + 1);
+  PrintableStringForLabel[InputLen + 1] = 0;
+  SetBytesForLabel(L, PrintableStringForLabel);
+  return PrintableStringForLabel;
+}
+
+static void PrintDataFlow(FILE *Out) {
   for (size_t I = 0; I < NumFuncs; I++)
     if (FuncLabels[I])
-      fprintf(Out, "F%zd %d\n", I, FuncLabels[I]);
+      fprintf(Out, "F%zd %s\n", I, GetPrintableStringForLabel(FuncLabels[I]));
 }
 
 int main(int argc, char **argv) {
@@ -128,6 +129,7 @@ int main(int argc, char **argv) {
   unsigned char *Buf = (unsigned char*)malloc(InputLen);
   size_t NumBytesRead = fread(Buf, 1, InputLen, In);
   assert(NumBytesRead == InputLen);
+  PrintableStringForLabel = (char*)malloc(InputLen + 2);
   fclose(In);
 
   fprintf(stderr, "INFO: running '%s'\n", Input);

Modified: compiler-rt/trunk/test/fuzzer/dataflow.test
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/fuzzer/dataflow.test?rev=333122&r1=333121&r2=333122&view=diff
==============================================================================
--- compiler-rt/trunk/test/fuzzer/dataflow.test (original)
+++ compiler-rt/trunk/test/fuzzer/dataflow.test Wed May 23 13:57:11 2018
@@ -24,58 +24,31 @@ RUN: echo -n 1234567890123456 > %t/IN/12
 
 # ABC: No data is used, the only used label is 4 (corresponds to the size)
 RUN:%t-ThreeFunctionsTestDF %t/IN/ABC    | FileCheck %s --check-prefix=IN_ABC
-IN_ABC: LEN: 3
-IN_ABC: LABELS: 4
-IN_ABC: F{{[012]}} 4
+IN_ABC: F{{[012]}} 1000
 IN_ABC-NOT: F
 
 # FUABC: First 3 bytes are checked, Func1/Func2 are not called.
 RUN:%t-ThreeFunctionsTestDF %t/IN/FUABC  | FileCheck %s --check-prefix=IN_FUABC
-IN_FUABC: LEN: 5
-IN_FUABC: LABELS:
-IN_FUABC: L{{.*}} 1
-IN_FUABC: L{{.*}} 2
-IN_FUABC: L{{.*}} 3
-IN_FUABC-NOT: L{{.*}} 4
-IN_FUABC: F{{[012]}}
+IN_FUABC: F{{[012]}} 111100
 IN_FUABC-NOT: F
 
 # FUZZR: 5 bytes are used (4 in one function, 5-th in the other), Func2 is not called.
 RUN:%t-ThreeFunctionsTestDF %t/IN/FUZZR  | FileCheck %s --check-prefix=IN_FUZZR
-IN_FUZZR: LEN: 5
-IN_FUZZR: LABELS:
-IN_FUZZR: L{{.*}} 1
-IN_FUZZR: L{{.*}} 2
-IN_FUZZR: L{{.*}} 3
-IN_FUZZR: L[[L0:[0-9]*]] 4
-IN_FUZZR-DAG: F{{[012]}} 5
-IN_FUZZR-DAG: F{{[012]}} [[L0]]
+IN_FUZZR-DAG: F{{[012]}} 111110
+IN_FUZZR-DAG: F{{[012]}} 000001
 IN_FUZZR-NOT: F
 
 # FUZZM: 5 bytes are used, both Func1 and Func2 are called, Func2 depends only on size (label 6).
 RUN:%t-ThreeFunctionsTestDF %t/IN/FUZZM  | FileCheck %s --check-prefix=IN_FUZZM
-IN_FUZZM: LEN: 5
-IN_FUZZM: LABELS:
-IN_FUZZM: L{{.*}} 1
-IN_FUZZM: L{{.*}} 2
-IN_FUZZM: L{{.*}} 3
-IN_FUZZM: L{{.*}} 4
-IN_FUZZM-DAG: F{{[012]}} 6
-IN_FUZZM-DAG: F{{[012]}} 5
-IN_FUZZM-DAG: F
+IN_FUZZM-DAG: F{{[012]}} 100000
+IN_FUZZM-DAG: F{{[012]}} 111110
+IN_FUZZM-DAG: F{{[012]}} 000001
 
 # FUZZMU: 6 bytes are used, both Func1 and Func2 are called, Func2 depends on byte 6 and size (label 7)
 RUN:%t-ThreeFunctionsTestDF %t/IN/FUZZMU  | FileCheck %s --check-prefix=IN_FUZZMU
-IN_FUZZMU: LEN: 6
-IN_FUZZMU: LABELS:
-IN_FUZZMU: L{{.*}} 1
-IN_FUZZMU: L{{.*}} 2
-IN_FUZZMU: L{{.*}} 3
-IN_FUZZMU: L{{.*}} 4
-IN_FUZZMU: L[[L2:[0-9]*]] 6 7
-IN_FUZZMU-DAG: F{{[012]}} 5
-IN_FUZZMU-DAG: F{{[012]}} [[L2]]
-IN_FUZZMU-DAG: F
+IN_FUZZMU-DAG: F{{[012]}} 1000001
+IN_FUZZMU-DAG: F{{[012]}} 1111100
+IN_FUZZMU-DAG: F{{[012]}} 0000010
 
 # Today a very simple test will cause DFSan to die with "out of labels"
 RUN: not %t-ExplodeDFSanLabelsTestDF %t/IN/1234567890123456 2>&1 | FileCheck %s --check-prefix=OUT_OF_LABELS

More information about the llvm-commits mailing list