[PATCH] D83987: [libFuzzer] Disable implicit builtin knowledge about memcmp-like functions when -fsanitize=fuzzer-no-link is given.
Dokyung Song via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Thu Jul 16 15:00:40 PDT 2020
dokyungs updated this revision to Diff 278610.
dokyungs added a comment.
Addressed comments.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D83987/new/
https://reviews.llvm.org/D83987
Files:
clang/lib/Driver/SanitizerArgs.cpp
compiler-rt/test/fuzzer/memcmp.test
compiler-rt/test/fuzzer/memcmp64.test
compiler-rt/test/fuzzer/strcmp.test
compiler-rt/test/fuzzer/strncmp.test
compiler-rt/test/fuzzer/strstr.test
Index: compiler-rt/test/fuzzer/strstr.test
===================================================================
--- compiler-rt/test/fuzzer/strstr.test
+++ compiler-rt/test/fuzzer/strstr.test
@@ -2,7 +2,7 @@
RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-StrstrTest
RUN: not %run %t-StrstrTest -seed=1 -runs=2000000 2>&1 | FileCheck %s
-RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strstr %S/StrstrTest.cpp -o %t-NoAsanStrstrTest
+RUN: %cpp_compiler -fno-sanitize=address %S/StrstrTest.cpp -o %t-NoAsanStrstrTest
RUN: not %run %t-StrstrTest -seed=1 -runs=2000000 2>&1 | FileCheck %s
CHECK: BINGO
Index: compiler-rt/test/fuzzer/strncmp.test
===================================================================
--- compiler-rt/test/fuzzer/strncmp.test
+++ compiler-rt/test/fuzzer/strncmp.test
@@ -2,7 +2,7 @@
RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-StrncmpTest
RUN: not %run %t-StrncmpTest -seed=2 -runs=10000000 2>&1 | FileCheck %s
-RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strncmp %S/StrncmpTest.cpp -o %t-NoAsanStrncmpTest
+RUN: %cpp_compiler -fno-sanitize=address %S/StrncmpTest.cpp -o %t-NoAsanStrncmpTest
RUN: not %run %t-StrncmpTest -seed=2 -runs=10000000 2>&1 | FileCheck %s
CHECK: BINGO
Index: compiler-rt/test/fuzzer/strcmp.test
===================================================================
--- compiler-rt/test/fuzzer/strcmp.test
+++ compiler-rt/test/fuzzer/strcmp.test
@@ -2,7 +2,7 @@
RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-StrcmpTest
RUN: not %run %t-StrcmpTest -seed=1 -runs=2000000 2>&1 | FileCheck %s
-RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strcmp %S/StrcmpTest.cpp -o %t-NoAsanStrcmpTest
+RUN: %cpp_compiler -fno-sanitize=address %S/StrcmpTest.cpp -o %t-NoAsanStrcmpTest
RUN: not %run %t-StrcmpTest -seed=1 -runs=2000000 2>&1 | FileCheck %s
CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp64.test
===================================================================
--- compiler-rt/test/fuzzer/memcmp64.test
+++ compiler-rt/test/fuzzer/memcmp64.test
@@ -2,7 +2,7 @@
RUN: %cpp_compiler %S/Memcmp64BytesTest.cpp -o %t-Memcmp64BytesTest
RUN: not %run %t-Memcmp64BytesTest -seed=1 -runs=1000000 2>&1 | FileCheck %s
-RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/Memcmp64BytesTest.cpp -o %t-NoAsanMemcmp64BytesTest
+RUN: %cpp_compiler -fno-sanitize=address %S/Memcmp64BytesTest.cpp -o %t-NoAsanMemcmp64BytesTest
RUN: not %run %t-Memcmp64BytesTest -seed=1 -runs=1000000 2>&1 | FileCheck %s
CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp.test
===================================================================
--- compiler-rt/test/fuzzer/memcmp.test
+++ compiler-rt/test/fuzzer/memcmp.test
@@ -2,7 +2,7 @@
RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest
RUN: not %run %t-MemcmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s
-RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp -o %t-NoAsanMemcmpTest
+RUN: %cpp_compiler -fno-sanitize=address %S/MemcmpTest.cpp -o %t-NoAsanMemcmpTest
RUN: not %run %t-MemcmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s
CHECK: BINGO
Index: clang/lib/Driver/SanitizerArgs.cpp
===================================================================
--- clang/lib/Driver/SanitizerArgs.cpp
+++ clang/lib/Driver/SanitizerArgs.cpp
@@ -1088,6 +1088,22 @@
Sanitizers.has(SanitizerKind::Address))
CmdArgs.push_back("-fno-assume-sane-operator-new");
+ // libFuzzer wants to intercept calls to certain library functions, so the
+ // following -fno-builtin-* flags disable implicit builtin knowledge about
+ // those functions. Other sanitizers effectively do the same thing by marking
+ // all library call sites with NoBuiltin attribute in their LLVM pass.
+ // (see llvm::maybeMarkSanitizerLibraryCallNoBuiltin)
+ if (Sanitizers.has(SanitizerKind::FuzzerNoLink)) {
+ CmdArgs.push_back("-fno-builtin-memcmp");
+ CmdArgs.push_back("-fno-builtin-strncmp");
+ CmdArgs.push_back("-fno-builtin-strcmp");
+ CmdArgs.push_back("-fno-builtin-strncasecmp");
+ CmdArgs.push_back("-fno-builtin-strcasecmp");
+ CmdArgs.push_back("-fno-builtin-strstr");
+ CmdArgs.push_back("-fno-builtin-strcasestr");
+ CmdArgs.push_back("-fno-builtin-memmem");
+ }
+
// Require -fvisibility= flag on non-Windows when compiling if vptr CFI is
// enabled.
if (Sanitizers.hasOneOf(CFIClasses) && !TC.getTriple().isOSWindows() &&
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D83987.278610.patch
Type: text/x-patch
Size: 4566 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20200716/a2d31382/attachment-0001.bin>
More information about the cfe-commits
mailing list