[compiler-rt] r372056 - [libFuzzer] Always print DSO map on Fuchsia libFuzzer launch

Jake Ehrlich via llvm-commits llvm-commits at lists.llvm.org
Mon Sep 16 17:34:42 PDT 2019 

Author: jakehehrlich
Date: Mon Sep 16 17:34:41 2019
New Revision: 372056

URL: http://llvm.org/viewvc/llvm-project?rev=372056&view=rev
Log:
[libFuzzer] Always print DSO map on Fuchsia libFuzzer launch

Fuchsia doesn't have /proc/id/maps, so it relies on the kernel logging system
to provide the DSO map to be able to symbolize in the context of ASLR. The DSO
map is logged automatically on Fuchsia when encountering a crash or writing to
the sanitizer log for the first time in a process. There are several cases
where libFuzzer doesn't encounter a crash, e.g. on timeouts, OOMs, and when
configured to print new PCs as they become covered, to name a few. Therefore,
this change always writes to the sanitizer log on startup to ensure the DSO map
is available in the log.

Author: aarongreen
Differential Revision: https://reviews.llvm.org/D66233

Modified:
    compiler-rt/trunk/lib/fuzzer/FuzzerExtFunctions.def
    compiler-rt/trunk/lib/fuzzer/FuzzerUtilFuchsia.cpp

Modified: compiler-rt/trunk/lib/fuzzer/FuzzerExtFunctions.def
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerExtFunctions.def?rev=372056&r1=372055&r2=372056&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerExtFunctions.def (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerExtFunctions.def Mon Sep 16 17:34:41 2019
@@ -33,6 +33,7 @@ EXT_FUNC(__sanitizer_install_malloc_and_
          (void (*malloc_hook)(const volatile void *, size_t),
           void (*free_hook)(const volatile void *)),
          false);
+EXT_FUNC(__sanitizer_log_write, void, (const char *buf, size_t len), false);
 EXT_FUNC(__sanitizer_purge_allocator, void, (), false);
 EXT_FUNC(__sanitizer_print_memory_profile, void, (size_t, size_t), false);
 EXT_FUNC(__sanitizer_print_stack_trace, void, (), true);

Modified: compiler-rt/trunk/lib/fuzzer/FuzzerUtilFuchsia.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerUtilFuchsia.cpp?rev=372056&r1=372055&r2=372056&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerUtilFuchsia.cpp (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerUtilFuchsia.cpp Mon Sep 16 17:34:41 2019
@@ -311,6 +311,17 @@ bool Mprotect(void *Ptr, size_t Size, bo
 
 // Platform specific functions.
 void SetSignalHandler(const FuzzingOptions &Options) {
+  // Make sure information from libFuzzer and the sanitizers are easy to
+  // reassemble. `__sanitizer_log_write` has the added benefit of ensuring the
+  // DSO map is always available for the symbolizer.
+  // A uint64_t fits in 20 chars, so 64 is plenty.
+  char Buf[64];
+  memset(Buf, 0, sizeof(Buf));
+  snprintf(Buf, sizeof(Buf), "==%lu== INFO: libFuzzer starting.\n", GetPid());
+  if (EF->__sanitizer_log_write)
+    __sanitizer_log_write(Buf, sizeof(Buf));
+  Printf("%s", Buf);
+
   // Set up alarm handler if needed.
   if (Options.UnitTimeoutSec > 0) {
     std::thread T(AlarmHandler, Options.UnitTimeoutSec / 2 + 1);

More information about the llvm-commits mailing list