Throwing afl (or libFuzzer)<span></span> at llvm-dwarfdump might do a lot. :)<br><br>On Tuesday, May 26, 2015, Alexey Samsonov <<a href="mailto:vonosmas@gmail.com">vonosmas@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Fair enough. I will add such an input then. I guess there will be even more once of those once/if I write llvm-dwarfdump-fuzzer :)</div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, May 26, 2015 at 1:30 PM, Filipe Cabecinhas <span dir="ltr"><<a href="javascript:_e(%7B%7D,'cvml','filcab@gmail.com');" target="_blank">filcab@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">If we want to be sure we're handling the errors correctly, we want invalid input. There's a bunch of them for macho (tests/Object/Inputs/macho{,64}-invalid-*) and bitcode (tests/Bitcode/Inputs/invalid-*).<div><br></div><div>  Filipe<div><div><br><br>On Tuesday, May 26, 2015, Eric Christopher <<a href="javascript:_e(%7B%7D,'cvml','echristo@gmail.com');" target="_blank">echristo@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Could have a binary input?<br><br>-eric</div><br><div class="gmail_quote">On Tue, May 26, 2015 at 12:46 PM Alexey Samsonov <<a>vonosmas@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">At this stage that would require producing a broken DWARF file, possibly by manually flipping bits in the output of clang/gcc. Do we really want this in the tree?</div><div class="gmail_extra"></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, May 26, 2015 at 7:06 AM, Rafael Espíndola <span dir="ltr"><<a>rafael.espindola@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">testcase?<br>
<div><div><br>
On 19 May 2015 at 17:54, Alexey Samsonov <<a>vonosmas@gmail.com</a>> wrote:<br>
> Author: samsonov<br>
> Date: Tue May 19 16:54:32 2015<br>
> New Revision: 237733<br>
><br>
> URL: <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__llvm.org_viewvc_llvm-2Dproject-3Frev-3D237733-26view-3Drev&d=AwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=mQ4LZ2PUj9hpadE3cDHZnIdEwhEBrbAstXeMaFoB9tg&m=i0RikhEETYZDN7aNgdqzao5KZVbb44wCscGgxV85vOo&s=WJCv3-sOyU-kNy7q14dfet81O5FN3uwSBCHo7z8kJxI&e=" target="_blank">http://llvm.org/viewvc/llvm-project?rev=237733&view=rev</a><br>
> Log:<br>
> [DWARF parser] Make DWARF parser more robust against missing compile/type units.<br>
><br>
> DWARF standard claims that each compilation/type unit header in<br>
> .debug_info/.debug_types section must be followed by corresponding<br>
> compile/type unit DIE, possibly with its children. Two situations<br>
> are possible:<br>
><br>
>  * compile/type unit DIE is missing because DWARF producer failed to<br>
>    emit it.<br>
>  * DWARF parser failed to parse unit DIE correctly, for instance if it<br>
>    contains some unsupported attributes (see r237721, for instance).<br>
><br>
> In either of these cases, the library, and the tools that use it<br>
> (llvm-dwarfdump, llvm-symbolizer) should not crash. Insert appropriate<br>
> checks to protect against this.<br>
><br>
> Modified:<br>
>     llvm/trunk/include/llvm/DebugInfo/DWARF/DWARFUnit.h<br>
>     llvm/trunk/lib/DebugInfo/DWARF/DWARFCompileUnit.cpp<br>
>     llvm/trunk/lib/DebugInfo/DWARF/DWARFContext.cpp<br>
>     llvm/trunk/lib/DebugInfo/DWARF/DWARFTypeUnit.cpp<br>
>     llvm/trunk/lib/DebugInfo/DWARF/DWARFUnit.cpp<br>
>     llvm/trunk/tools/dsymutil/DwarfLinker.cpp<br>
><br>
> Modified: llvm/trunk/include/llvm/DebugInfo/DWARF/DWARFUnit.h<br>
> URL: <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__llvm.org_viewvc_llvm-2Dproject_llvm_trunk_include_llvm_DebugInfo_DWARF_DWARFUnit.h-3Frev-3D237733-26r1-3D237732-26r2-3D237733-26view-3Ddiff&d=AwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=mQ4LZ2PUj9hpadE3cDHZnIdEwhEBrbAstXeMaFoB9tg&m=i0RikhEETYZDN7aNgdqzao5KZVbb44wCscGgxV85vOo&s=UdM4yDUJGI81iOHT3gWMDhnYdYi5sDeMyoD249yK-9Y&e=" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/include/llvm/DebugInfo/DWARF/DWARFUnit.h?rev=237733&r1=237732&r2=237733&view=diff</a><br>
> ==============================================================================<br>
> --- llvm/trunk/include/llvm/DebugInfo/DWARF/DWARFUnit.h (original)<br>
> +++ llvm/trunk/include/llvm/DebugInfo/DWARF/DWARFUnit.h Tue May 19 16:54:32 2015<br>
> @@ -195,9 +195,8 @@ public:<br>
>      BaseAddr = base_addr;<br>
>    }<br>
><br>
> -  const DWARFDebugInfoEntryMinimal *<br>
> -  getCompileUnitDIE(bool extract_cu_die_only = true) {<br>
> -    extractDIEsIfNeeded(extract_cu_die_only);<br>
> +  const DWARFDebugInfoEntryMinimal *getUnitDIE(bool ExtractUnitDIEOnly = true) {<br>
> +    extractDIEsIfNeeded(ExtractUnitDIEOnly);<br>
>      return DieArray.empty() ? nullptr : &DieArray[0];<br>
>    }<br>
><br>
> @@ -226,8 +225,7 @@ public:<br>
>    /// It is illegal to call this method with a DIE that hasn't be<br>
>    /// created by this unit. In other word, it's illegal to call this<br>
>    /// method on a DIE that isn't accessible by following<br>
> -  /// children/sibling links starting from this unit's<br>
> -  /// getCompileUnitDIE().<br>
> +  /// children/sibling links starting from this unit's getUnitDIE().<br>
>    uint32_t getDIEIndex(const DWARFDebugInfoEntryMinimal *DIE) {<br>
>      assert(!DieArray.empty() && DIE >= &DieArray[0] &&<br>
>             DIE < &DieArray[0] + DieArray.size());<br>
><br>
> Modified: llvm/trunk/lib/DebugInfo/DWARF/DWARFCompileUnit.cpp<br>
> URL: <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__llvm.org_viewvc_llvm-2Dproject_llvm_trunk_lib_DebugInfo_DWARF_DWARFCompileUnit.cpp-3Frev-3D237733-26r1-3D237732-26r2-3D237733-26view-3Ddiff&d=AwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=mQ4LZ2PUj9hpadE3cDHZnIdEwhEBrbAstXeMaFoB9tg&m=i0RikhEETYZDN7aNgdqzao5KZVbb44wCscGgxV85vOo&s=q9Qw5_oJ_WYHkzMoXhKy_3DjR5vajUv8gQ4HRKAbXj8&e=" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/DebugInfo/DWARF/DWARFCompileUnit.cpp?rev=237733&r1=237732&r2=237733&view=diff</a><br>
> ==============================================================================<br>
> --- llvm/trunk/lib/DebugInfo/DWARF/DWARFCompileUnit.cpp (original)<br>
> +++ llvm/trunk/lib/DebugInfo/DWARF/DWARFCompileUnit.cpp Tue May 19 16:54:32 2015<br>
> @@ -22,9 +22,10 @@ void DWARFCompileUnit::dump(raw_ostream<br>
>       << " (next unit at " << format("0x%08x", getNextUnitOffset())<br>
>       << ")\n";<br>
><br>
> -  const DWARFDebugInfoEntryMinimal *CU = getCompileUnitDIE(false);<br>
> -  assert(CU && "Null Compile Unit?");<br>
> -  CU->dump(OS, this, -1U);<br>
> +  if (const DWARFDebugInfoEntryMinimal *CU = getUnitDIE(false))<br>
> +    CU->dump(OS, this, -1U);<br>
> +  else<br>
> +    OS << "<compile unit can't be parsed!>\n\n";<br>
>  }<br>
><br>
>  // VTable anchor.<br>
><br>
> Modified: llvm/trunk/lib/DebugInfo/DWARF/DWARFContext.cpp<br>
> URL: <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__llvm.org_viewvc_llvm-2Dproject_llvm_trunk_lib_DebugInfo_DWARF_DWARFContext.cpp-3Frev-3D237733-26r1-3D237732-26r2-3D237733-26view-3Ddiff&d=AwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=mQ4LZ2PUj9hpadE3cDHZnIdEwhEBrbAstXeMaFoB9tg&m=i0RikhEETYZDN7aNgdqzao5KZVbb44wCscGgxV85vOo&s=HJVL60uJ4lybBLyg2Qcq9DDCYOza6L53QTPT0GfYrpU&e=" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/DebugInfo/DWARF/DWARFContext.cpp?rev=237733&r1=237732&r2=237733&view=diff</a><br>
> ==============================================================================<br>
> --- llvm/trunk/lib/DebugInfo/DWARF/DWARFContext.cpp (original)<br>
> +++ llvm/trunk/lib/DebugInfo/DWARF/DWARFContext.cpp Tue May 19 16:54:32 2015<br>
> @@ -140,9 +140,11 @@ void DWARFContext::dump(raw_ostream &OS,<br>
>      OS << "\n.debug_line contents:\n";<br>
>      for (const auto &CU : compile_units()) {<br>
>        savedAddressByteSize = CU->getAddressByteSize();<br>
> -      unsigned stmtOffset =<br>
> -          CU->getCompileUnitDIE()->getAttributeValueAsSectionOffset(<br>
> -              CU.get(), DW_AT_stmt_list, -1U);<br>
> +      const auto *CUDIE = CU->getUnitDIE();<br>
> +      if (CUDIE == nullptr)<br>
> +        continue;<br>
> +      unsigned stmtOffset = CUDIE->getAttributeValueAsSectionOffset(<br>
> +          CU.get(), DW_AT_stmt_list, -1U);<br>
>        if (stmtOffset != -1U) {<br>
>          DataExtractor lineData(getLineSection().Data, isLittleEndian(),<br>
>                                 savedAddressByteSize);<br>
> @@ -321,13 +323,14 @@ const DWARFDebugFrame *DWARFContext::get<br>
>  }<br>
><br>
>  const DWARFLineTable *<br>
> -DWARFContext::getLineTableForUnit(DWARFUnit *cu) {<br>
> +DWARFContext::getLineTableForUnit(DWARFUnit *U) {<br>
>    if (!Line)<br>
>      Line.reset(new DWARFDebugLine(&getLineSection().Relocs));<br>
> -<br>
> +  const auto *UnitDIE = U->getUnitDIE();<br>
> +  if (UnitDIE == nullptr)<br>
> +    return nullptr;<br>
>    unsigned stmtOffset =<br>
> -      cu->getCompileUnitDIE()->getAttributeValueAsSectionOffset(<br>
> -          cu, DW_AT_stmt_list, -1U);<br>
> +      UnitDIE->getAttributeValueAsSectionOffset(U, DW_AT_stmt_list, -1U);<br>
>    if (stmtOffset == -1U)<br>
>      return nullptr; // No line table for this compile unit.<br>
><br>
> @@ -337,7 +340,7 @@ DWARFContext::getLineTableForUnit(DWARFU<br>
><br>
>    // We have to parse it first.<br>
>    DataExtractor lineData(getLineSection().Data, isLittleEndian(),<br>
> -                         cu->getAddressByteSize());<br>
> +                         U->getAddressByteSize());<br>
>    return Line->getOrParseLineTable(lineData, stmtOffset);<br>
>  }<br>
><br>
><br>
> Modified: llvm/trunk/lib/DebugInfo/DWARF/DWARFTypeUnit.cpp<br>
> URL: <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__llvm.org_viewvc_llvm-2Dproject_llvm_trunk_lib_DebugInfo_DWARF_DWARFTypeUnit.cpp-3Frev-3D237733-26r1-3D237732-26r2-3D237733-26view-3Ddiff&d=AwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=mQ4LZ2PUj9hpadE3cDHZnIdEwhEBrbAstXeMaFoB9tg&m=i0RikhEETYZDN7aNgdqzao5KZVbb44wCscGgxV85vOo&s=CKRMfE-kGYuRa3LpYSaggn0lntWaEmnHl811uBLEi58&e=" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/DebugInfo/DWARF/DWARFTypeUnit.cpp?rev=237733&r1=237732&r2=237733&view=diff</a><br>
> ==============================================================================<br>
> --- llvm/trunk/lib/DebugInfo/DWARF/DWARFTypeUnit.cpp (original)<br>
> +++ llvm/trunk/lib/DebugInfo/DWARF/DWARFTypeUnit.cpp Tue May 19 16:54:32 2015<br>
> @@ -33,7 +33,8 @@ void DWARFTypeUnit::dump(raw_ostream &OS<br>
>       << " (next unit at " << format("0x%08x", getNextUnitOffset())<br>
>       << ")\n";<br>
><br>
> -  const DWARFDebugInfoEntryMinimal *CU = getCompileUnitDIE(false);<br>
> -  assert(CU && "Null Compile Unit?");<br>
> -  CU->dump(OS, this, -1U);<br>
> +  if (const DWARFDebugInfoEntryMinimal *TU = getUnitDIE(false))<br>
> +    TU->dump(OS, this, -1U);<br>
> +  else<br>
> +    OS << "<type unit can't be parsed!>\n\n";<br>
>  }<br>
><br>
> Modified: llvm/trunk/lib/DebugInfo/DWARF/DWARFUnit.cpp<br>
> URL: <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__llvm.org_viewvc_llvm-2Dproject_llvm_trunk_lib_DebugInfo_DWARF_DWARFUnit.cpp-3Frev-3D237733-26r1-3D237732-26r2-3D237733-26view-3Ddiff&d=AwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=mQ4LZ2PUj9hpadE3cDHZnIdEwhEBrbAstXeMaFoB9tg&m=i0RikhEETYZDN7aNgdqzao5KZVbb44wCscGgxV85vOo&s=ONzxT5tM7jRAOqxX9shQH-CMGyvjBMnqGzlxdK0hAz0&e=" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/DebugInfo/DWARF/DWARFUnit.cpp?rev=237733&r1=237732&r2=237733&view=diff</a><br>
> ==============================================================================<br>
> --- llvm/trunk/lib/DebugInfo/DWARF/DWARFUnit.cpp (original)<br>
> +++ llvm/trunk/lib/DebugInfo/DWARF/DWARFUnit.cpp Tue May 19 16:54:32 2015<br>
> @@ -310,8 +310,11 @@ void DWARFUnit::clearDIEs(bool KeepCUDie<br>
>  }<br>
><br>
>  void DWARFUnit::collectAddressRanges(DWARFAddressRangesVector &CURanges) {<br>
> -  // First, check if CU DIE describes address ranges for the unit.<br>
> -  const auto &CUDIERanges = getCompileUnitDIE()->getAddressRanges(this);<br>
> +  const auto *U = getUnitDIE();<br>
> +  if (U == nullptr)<br>
> +    return;<br>
> +  // First, check if unit DIE describes address ranges for the whole unit.<br>
> +  const auto &CUDIERanges = U->getAddressRanges(this);<br>
>    if (!CUDIERanges.empty()) {<br>
>      CURanges.insert(CURanges.end(), CUDIERanges.begin(), CUDIERanges.end());<br>
>      return;<br>
><br>
> Modified: llvm/trunk/tools/dsymutil/DwarfLinker.cpp<br>
> URL: <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__llvm.org_viewvc_llvm-2Dproject_llvm_trunk_tools_dsymutil_DwarfLinker.cpp-3Frev-3D237733-26r1-3D237732-26r2-3D237733-26view-3Ddiff&d=AwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=mQ4LZ2PUj9hpadE3cDHZnIdEwhEBrbAstXeMaFoB9tg&m=i0RikhEETYZDN7aNgdqzao5KZVbb44wCscGgxV85vOo&s=lthJ-pbHL4ZQvFR0n9YmO2E7a1DFd4N2iMCAXNF-VrM&e=" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/tools/dsymutil/DwarfLinker.cpp?rev=237733&r1=237732&r2=237733&view=diff</a><br>
> ==============================================================================<br>
> --- llvm/trunk/tools/dsymutil/DwarfLinker.cpp (original)<br>
> +++ llvm/trunk/tools/dsymutil/DwarfLinker.cpp Tue May 19 16:54:32 2015<br>
> @@ -729,7 +729,7 @@ void DwarfStreamer::emitLocationsForUnit<br>
>    const DWARFSection &InputSec = Dwarf.getLocSection();<br>
>    DataExtractor Data(InputSec.Data, Dwarf.isLittleEndian(), AddressSize);<br>
>    DWARFUnit &OrigUnit = Unit.getOrigUnit();<br>
> -  const auto *OrigUnitDie = OrigUnit.getCompileUnitDIE(false);<br>
> +  const auto *OrigUnitDie = OrigUnit.getUnitDIE(false);<br>
>    int64_t UnitPcOffset = 0;<br>
>    uint64_t OrigLowPc = OrigUnitDie->getAttributeValueAsAddress(<br>
>        &OrigUnit, dwarf::DW_AT_low_pc, -1ULL);<br>
> @@ -2203,7 +2203,7 @@ void DwarfLinker::patchRangesForUnit(con<br>
>                                 OrigDwarf.isLittleEndian(), AddressSize);<br>
>    auto InvalidRange = FunctionRanges.end(), CurrRange = InvalidRange;<br>
>    DWARFUnit &OrigUnit = Unit.getOrigUnit();<br>
> -  const auto *OrigUnitDie = OrigUnit.getCompileUnitDIE(false);<br>
> +  const auto *OrigUnitDie = OrigUnit.getUnitDIE(false);<br>
>    uint64_t OrigLowPc = OrigUnitDie->getAttributeValueAsAddress(<br>
>        &OrigUnit, dwarf::DW_AT_low_pc, -1ULL);<br>
>    // Ranges addresses are based on the unit's low_pc. Compute the<br>
> @@ -2287,7 +2287,7 @@ static void insertLineSequence(std::vect<br>
>  void DwarfLinker::patchLineTableForUnit(CompileUnit &Unit,<br>
>                                          DWARFContext &OrigDwarf) {<br>
>    const DWARFDebugInfoEntryMinimal *CUDie =<br>
> -      Unit.getOrigUnit().getCompileUnitDIE();<br>
> +      Unit.getOrigUnit().getUnitDIE();<br>
>    uint64_t StmtList = CUDie->getAttributeValueAsSectionOffset(<br>
>        &Unit.getOrigUnit(), dwarf::DW_AT_stmt_list, -1ULL);<br>
>    if (StmtList == -1ULL)<br>
> @@ -2461,7 +2461,7 @@ bool DwarfLinker::link(const DebugMap &M<br>
>      // In a first phase, just read in the debug info and store the DIE<br>
>      // parent links that we will use during the next phase.<br>
>      for (const auto &CU : DwarfContext.compile_units()) {<br>
> -      auto *CUDie = CU->getCompileUnitDIE(false);<br>
> +      auto *CUDie = CU->getUnitDIE(false);<br>
>        if (Options.Verbose) {<br>
>          outs() << "Input compilation unit:";<br>
>          CUDie->dump(outs(), CU.get(), 0);<br>
> @@ -2476,7 +2476,7 @@ bool DwarfLinker::link(const DebugMap &M<br>
>      // references require the ParentIdx to be setup for every CU in<br>
>      // the object file before calling this.<br>
>      for (auto &CurrentUnit : Units)<br>
> -      lookForDIEsToKeep(*CurrentUnit.getOrigUnit().getCompileUnitDIE(), *Obj,<br>
> +      lookForDIEsToKeep(*CurrentUnit.getOrigUnit().getUnitDIE(), *Obj,<br>
>                          CurrentUnit, 0);<br>
><br>
>      // The calls to applyValidRelocs inside cloneDIE will walk the<br>
> @@ -2489,7 +2489,7 @@ bool DwarfLinker::link(const DebugMap &M<br>
>      // to clone/emit.<br>
>      if (!ValidRelocs.empty())<br>
>        for (auto &CurrentUnit : Units) {<br>
> -        const auto *InputDIE = CurrentUnit.getOrigUnit().getCompileUnitDIE();<br>
> +        const auto *InputDIE = CurrentUnit.getOrigUnit().getUnitDIE();<br>
>          CurrentUnit.setStartOffset(OutputDebugInfoSize);<br>
>          DIE *OutputDIE = cloneDIE(*InputDIE, CurrentUnit, 0 /* PCOffset */,<br>
>                                    11 /* Unit Header size */);<br>
><br>
><br>
> _______________________________________________<br>
> llvm-commits mailing list<br>
> <a>llvm-commits@cs.uiuc.edu</a><br>
> <a href="http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div></div><div class="gmail_extra">-- <br><div><div dir="ltr">Alexey Samsonov<br><a>vonosmas@gmail.com</a></div></div>
</div>
_______________________________________________<br>
llvm-commits mailing list<br>
<a>llvm-commits@cs.uiuc.edu</a><br>
<a href="http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits</a><br>
</blockquote></div>
</blockquote></div></div></div><span><font color="#888888"><br><br>-- <br>  F<br><br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><div><div dir="ltr">Alexey Samsonov<br><a href="javascript:_e(%7B%7D,'cvml','vonosmas@gmail.com');" target="_blank">vonosmas@gmail.com</a></div></div>
</div>
</blockquote><br><br>-- <br>  F<br><br>