[PATCH] D66233: Always print DSO map on Fuchsia libFuzzer launch
Aaron Green via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Wed Aug 14 10:49:45 PDT 2019
aarongreen created this revision.
aarongreen added reviewers: kcc, mcgrathr.
Herald added projects: LLVM, Sanitizers.
Herald added subscribers: llvm-commits, Sanitizers.
Fuchsia doesn't have /proc/id/maps, so it relies on the kernel logging system to provide the DSO map to be able to symbolize in the context of ASLR. The DSO map is logged automatically on Fuchsia when encountering a crash or writing to the sanitizer log for the first time in a process. There are several cases where libFuzzer doesn't encounter a crash, e.g. on timeouts, OOMs, and when configured to print new PCs as they become covered, to name a few. Therefore, this change always writes to the sanitizer log on startup to ensure the DSO map is available in the log.
Repository:
rCRT Compiler Runtime
https://reviews.llvm.org/D66233
Files:
compiler-rt/lib/fuzzer/FuzzerExtFunctions.def
compiler-rt/lib/fuzzer/FuzzerUtilFuchsia.cpp
Index: compiler-rt/lib/fuzzer/FuzzerUtilFuchsia.cpp
===================================================================
--- compiler-rt/lib/fuzzer/FuzzerUtilFuchsia.cpp
+++ compiler-rt/lib/fuzzer/FuzzerUtilFuchsia.cpp
@@ -311,6 +311,17 @@
// Platform specific functions.
void SetSignalHandler(const FuzzingOptions &Options) {
+ // Make sure information from libFuzzer and the sanitizers are easy to
+ // reassemble. `__sanitizer_log_write` has the added benefit of ensuring the
+ // DSO map is always available for the symbolizer.
+ // A uint64_t fits in 20 chars, so 64 is plenty.
+ char Buf[64];
+ memset(Buf, 0, sizeof(Buf));
+ snprintf(Buf, sizeof(Buf), "==%lu== INFO: libFuzzer starting.\n", GetPid());
+ if (EF->__sanitizer_log_write)
+ __sanitizer_log_write(Buf, sizeof(Buf));
+ Printf("%s", Buf);
+
// Set up alarm handler if needed.
if (Options.UnitTimeoutSec > 0) {
std::thread T(AlarmHandler, Options.UnitTimeoutSec / 2 + 1);
Index: compiler-rt/lib/fuzzer/FuzzerExtFunctions.def
===================================================================
--- compiler-rt/lib/fuzzer/FuzzerExtFunctions.def
+++ compiler-rt/lib/fuzzer/FuzzerExtFunctions.def
@@ -33,6 +33,7 @@
(void (*malloc_hook)(const volatile void *, size_t),
void (*free_hook)(const volatile void *)),
false);
+EXT_FUNC(__sanitizer_log_write, void, (const char *buf, size_t len), false);
EXT_FUNC(__sanitizer_purge_allocator, void, (), false);
EXT_FUNC(__sanitizer_print_memory_profile, void, (size_t, size_t), false);
EXT_FUNC(__sanitizer_print_stack_trace, void, (), true);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D66233.215169.patch
Type: text/x-patch
Size: 1607 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20190814/b61b5dd7/attachment.bin>
More information about the llvm-commits
mailing list