[clang] 12d1124 - [libFuzzer] Disable implicit builtin knowledge about memcmp-like functions when -fsanitize=fuzzer-no-link is given.
Dokyung Song via cfe-commits
cfe-commits at lists.llvm.org
Thu Jul 16 15:55:30 PDT 2020
Author: Dokyung Song
Date: 2020-07-16T22:53:54Z
New Revision: 12d1124c49beec0fb79d36944960e5bf0f236d4c
URL: https://github.com/llvm/llvm-project/commit/12d1124c49beec0fb79d36944960e5bf0f236d4c
DIFF: https://github.com/llvm/llvm-project/commit/12d1124c49beec0fb79d36944960e5bf0f236d4c.diff
LOG: [libFuzzer] Disable implicit builtin knowledge about memcmp-like functions when -fsanitize=fuzzer-no-link is given.
Summary: This patch disables implicit builtin knowledge about memcmp-like functions when compiling the program for fuzzing, i.e., when -fsanitize=fuzzer(-no-link) is given. This allows libFuzzer to always intercept memcmp-like functions as it effectively disables optimizing calls to such functions into different forms. This is done by adding a set of flags (-fno-builtin-memcmp and others) in the clang driver. Individual -fno-builtin-* flags previously used in several libFuzzer tests are now removed, as it is now done automatically in the clang driver.
Reviewers: morehouse, hctim
Subscribers: cfe-commits, #sanitizers
Tags: #clang, #sanitizers
Differential Revision: https://reviews.llvm.org/D83987
Added:
Modified:
clang/lib/Driver/SanitizerArgs.cpp
compiler-rt/test/fuzzer/memcmp.test
compiler-rt/test/fuzzer/memcmp64.test
compiler-rt/test/fuzzer/strcmp.test
compiler-rt/test/fuzzer/strncmp.test
compiler-rt/test/fuzzer/strstr.test
Removed:
################################################################################
diff --git a/clang/lib/Driver/SanitizerArgs.cpp b/clang/lib/Driver/SanitizerArgs.cpp
index e4fda752c041..4af24662ca91 100644
--- a/clang/lib/Driver/SanitizerArgs.cpp
+++ b/clang/lib/Driver/SanitizerArgs.cpp
@@ -1088,6 +1088,22 @@ void SanitizerArgs::addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args,
Sanitizers.has(SanitizerKind::Address))
CmdArgs.push_back("-fno-assume-sane-operator-new");
+ // libFuzzer wants to intercept calls to certain library functions, so the
+ // following -fno-builtin-* flags force the compiler to emit interposable
+ // libcalls to these functions. Other sanitizers effectively do the same thing
+ // by marking all library call sites with NoBuiltin attribute in their LLVM
+ // pass. (see llvm::maybeMarkSanitizerLibraryCallNoBuiltin)
+ if (Sanitizers.has(SanitizerKind::FuzzerNoLink)) {
+ CmdArgs.push_back("-fno-builtin-memcmp");
+ CmdArgs.push_back("-fno-builtin-strncmp");
+ CmdArgs.push_back("-fno-builtin-strcmp");
+ CmdArgs.push_back("-fno-builtin-strncasecmp");
+ CmdArgs.push_back("-fno-builtin-strcasecmp");
+ CmdArgs.push_back("-fno-builtin-strstr");
+ CmdArgs.push_back("-fno-builtin-strcasestr");
+ CmdArgs.push_back("-fno-builtin-memmem");
+ }
+
// Require -fvisibility= flag on non-Windows when compiling if vptr CFI is
// enabled.
if (Sanitizers.hasOneOf(CFIClasses) && !TC.getTriple().isOSWindows() &&
diff --git a/compiler-rt/test/fuzzer/memcmp.test b/compiler-rt/test/fuzzer/memcmp.test
index 8859afbe8a97..fa995a22c68a 100644
--- a/compiler-rt/test/fuzzer/memcmp.test
+++ b/compiler-rt/test/fuzzer/memcmp.test
@@ -2,7 +2,7 @@ UNSUPPORTED: freebsd
RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest
RUN: not %run %t-MemcmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s
-RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp -o %t-NoAsanMemcmpTest
+RUN: %cpp_compiler -fno-sanitize=address %S/MemcmpTest.cpp -o %t-NoAsanMemcmpTest
RUN: not %run %t-MemcmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s
CHECK: BINGO
diff --git a/compiler-rt/test/fuzzer/memcmp64.test b/compiler-rt/test/fuzzer/memcmp64.test
index fc9d02324373..ca8c8fe8206f 100644
--- a/compiler-rt/test/fuzzer/memcmp64.test
+++ b/compiler-rt/test/fuzzer/memcmp64.test
@@ -2,7 +2,7 @@ UNSUPPORTED: freebsd
RUN: %cpp_compiler %S/Memcmp64BytesTest.cpp -o %t-Memcmp64BytesTest
RUN: not %run %t-Memcmp64BytesTest -seed=1 -runs=1000000 2>&1 | FileCheck %s
-RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/Memcmp64BytesTest.cpp -o %t-NoAsanMemcmp64BytesTest
+RUN: %cpp_compiler -fno-sanitize=address %S/Memcmp64BytesTest.cpp -o %t-NoAsanMemcmp64BytesTest
RUN: not %run %t-Memcmp64BytesTest -seed=1 -runs=1000000 2>&1 | FileCheck %s
CHECK: BINGO
diff --git a/compiler-rt/test/fuzzer/strcmp.test b/compiler-rt/test/fuzzer/strcmp.test
index eebcf8ef5c70..61065de6fa94 100644
--- a/compiler-rt/test/fuzzer/strcmp.test
+++ b/compiler-rt/test/fuzzer/strcmp.test
@@ -2,7 +2,7 @@ UNSUPPORTED: freebsd
RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-StrcmpTest
RUN: not %run %t-StrcmpTest -seed=1 -runs=2000000 2>&1 | FileCheck %s
-RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strcmp %S/StrcmpTest.cpp -o %t-NoAsanStrcmpTest
+RUN: %cpp_compiler -fno-sanitize=address %S/StrcmpTest.cpp -o %t-NoAsanStrcmpTest
RUN: not %run %t-StrcmpTest -seed=1 -runs=2000000 2>&1 | FileCheck %s
CHECK: BINGO
diff --git a/compiler-rt/test/fuzzer/strncmp.test b/compiler-rt/test/fuzzer/strncmp.test
index f8ff9299a1d9..102451058d44 100644
--- a/compiler-rt/test/fuzzer/strncmp.test
+++ b/compiler-rt/test/fuzzer/strncmp.test
@@ -2,7 +2,7 @@ UNSUPPORTED: freebsd
RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-StrncmpTest
RUN: not %run %t-StrncmpTest -seed=2 -runs=10000000 2>&1 | FileCheck %s
-RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strncmp %S/StrncmpTest.cpp -o %t-NoAsanStrncmpTest
+RUN: %cpp_compiler -fno-sanitize=address %S/StrncmpTest.cpp -o %t-NoAsanStrncmpTest
RUN: not %run %t-StrncmpTest -seed=2 -runs=10000000 2>&1 | FileCheck %s
CHECK: BINGO
diff --git a/compiler-rt/test/fuzzer/strstr.test b/compiler-rt/test/fuzzer/strstr.test
index 54a5abe8a414..5c10805e18c6 100644
--- a/compiler-rt/test/fuzzer/strstr.test
+++ b/compiler-rt/test/fuzzer/strstr.test
@@ -2,7 +2,7 @@ UNSUPPORTED: freebsd
RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-StrstrTest
RUN: not %run %t-StrstrTest -seed=1 -runs=2000000 2>&1 | FileCheck %s
-RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strstr %S/StrstrTest.cpp -o %t-NoAsanStrstrTest
+RUN: %cpp_compiler -fno-sanitize=address %S/StrstrTest.cpp -o %t-NoAsanStrstrTest
RUN: not %run %t-StrstrTest -seed=1 -runs=2000000 2>&1 | FileCheck %s
CHECK: BINGO
More information about the cfe-commits
mailing list