[llvm-bugs] [Bug 34437] New: sanitize-coverage: incorrectly instruments logical operations
via llvm-bugs
llvm-bugs at lists.llvm.org
Sun Sep 3 03:44:22 PDT 2017
https://bugs.llvm.org/show_bug.cgi?id=34437
Bug ID: 34437
Summary: sanitize-coverage: incorrectly instruments logical
operations
Product: clang
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: -New Bugs
Assignee: unassignedclangbugs at nondot.org
Reporter: dvyukov at google.com
CC: llvm-bugs at lists.llvm.org
clang version 5.0.0 (trunk 303084)
Program:
void bad();
void foo(int x, int y) {
if (x == 0xdead && y == 0xbeef)
bad();
}
int bar(int x, int y) {
return x == 0xdead && y == 0xbeef;
}
$ clang test.c -O2 -c -S -o - -fsanitize-coverage=trace-pc
foo:
movl %esi, %ebx
movl %edi, %ebp
callq __sanitizer_cov_trace_pc
#APP
#NO_APP
cmpl $57005, %ebp # imm = 0xDEAD
jne .LBB0_2
# BB#1: # %entry
cmpl $48879, %ebx # imm = 0xBEEF
jne .LBB0_2
# BB#3: # %if.then
callq __sanitizer_cov_trace_pc
#APP
#NO_APP
xorl %eax, %eax
addq $8, %rsp
popq %rbx
popq %rbp
jmp bad # TAILCALL
.LBB0_2: # %if.end
callq __sanitizer_cov_trace_pc
#APP
#NO_APP
addq $8, %rsp
popq %rbx
popq %rbp
retq
.Lfunc_end0:
.size foo, .Lfunc_end0-foo
.cfi_endproc
bar:
movl %esi, %ebx
movl %edi, %ebp
callq __sanitizer_cov_trace_pc
#APP
#NO_APP
xorl $57005, %ebp # imm = 0xDEAD
xorl $48879, %ebx # imm = 0xBEEF
xorl %eax, %eax
orl %ebp, %ebx
sete %al
addq $8, %rsp
popq %rbx
popq %rbp
retq
For foo there must be an additional callback at BB#1, for bar there must be an
additional callback somewhere.
This has negative effect on coverage-guided fuzzers as they need to guess N
values simultaneously in order to make progress, rather then guess values
one-by-one and persist progress.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20170903/6ee45a9f/attachment.html>
More information about the llvm-bugs
mailing list