[llvm] r279787 - [libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more useful: print PCs only after the initial corpus has been read and symbolize them
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Thu Aug 25 15:35:08 PDT 2016
Author: kcc
Date: Thu Aug 25 17:35:08 2016
New Revision: 279787
URL: http://llvm.org/viewvc/llvm-project?rev=279787&view=rev
Log:
[libFizzer] rename -print_new_cov_pcs=1 into -print_pcs=1 and make it more useful: print PCs only after the initial corpus has been read and symbolize them
Modified:
llvm/trunk/docs/LibFuzzer.rst
llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
llvm/trunk/lib/Fuzzer/FuzzerExtFunctions.def
llvm/trunk/lib/Fuzzer/FuzzerFlags.def
llvm/trunk/lib/Fuzzer/FuzzerInternal.h
llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
llvm/trunk/lib/Fuzzer/test/fuzzer-printcovpcs.test
Modified: llvm/trunk/docs/LibFuzzer.rst
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/docs/LibFuzzer.rst?rev=279787&r1=279786&r2=279787&view=diff
==============================================================================
--- llvm/trunk/docs/LibFuzzer.rst (original)
+++ llvm/trunk/docs/LibFuzzer.rst Thu Aug 25 17:35:08 2016
@@ -270,6 +270,8 @@ The most important command line options
failure (crash, timeout) as ``$(exact_artifact_path)``. This overrides
``-artifact_prefix`` and will not use checksum in the file name. Do not use
the same path for several parallel processes.
+``-print_pcs``
+ If 1, print out newly covered PCs. Defaults to 0.
``-print_final_stats``
If 1, print statistics at exit. Defaults to 0.
``-detect_leaks``
Modified: llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp?rev=279787&r1=279786&r2=279787&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp Thu Aug 25 17:35:08 2016
@@ -334,7 +334,7 @@ int FuzzerDriver(int *argc, char ***argv
Printf("Dictionary: %zd entries\n", Dictionary.size());
bool DoPlainRun = AllInputsAreFiles();
Options.SaveArtifacts = !DoPlainRun;
- Options.PrintNewCovPcs = Flags.print_new_cov_pcs;
+ Options.PrintNewCovPcs = Flags.print_pcs;
Options.PrintFinalStats = Flags.print_final_stats;
Options.TruncateUnits = Flags.truncate_units;
Options.PruneCorpus = Flags.prune_corpus;
Modified: llvm/trunk/lib/Fuzzer/FuzzerExtFunctions.def
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerExtFunctions.def?rev=279787&r1=279786&r2=279787&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerExtFunctions.def (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerExtFunctions.def Thu Aug 25 17:35:08 2016
@@ -40,6 +40,8 @@ EXT_FUNC(__sanitizer_get_total_unique_ca
EXT_FUNC(__sanitizer_get_total_unique_coverage, size_t, (), true);
EXT_FUNC(__sanitizer_print_memory_profile, int, (size_t), false);
EXT_FUNC(__sanitizer_print_stack_trace, void, (), true);
+EXT_FUNC(__sanitizer_symbolize_pc, void,
+ (void *, const char *fmt, char *out_buf, size_t out_buf_size), false);
EXT_FUNC(__sanitizer_reset_coverage, void, (), true);
EXT_FUNC(__sanitizer_set_death_callback, void, (void (*)(void)), true);
EXT_FUNC(__sanitizer_set_report_fd, void, (void*), false);
Modified: llvm/trunk/lib/Fuzzer/FuzzerFlags.def
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerFlags.def?rev=279787&r1=279786&r2=279787&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerFlags.def (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerFlags.def Thu Aug 25 17:35:08 2016
@@ -71,7 +71,7 @@ FUZZER_FLAG_STRING(exact_artifact_path,
FUZZER_FLAG_INT(drill, 0, "Experimental: fuzz using a single unit as the seed "
"corpus, then merge with the initial corpus")
FUZZER_FLAG_INT(output_csv, 0, "Enable pulse output in CSV format.")
-FUZZER_FLAG_INT(print_new_cov_pcs, 0, "If 1, print out new covered pcs.")
+FUZZER_FLAG_INT(print_pcs, 0, "If 1, print out newly covered PCs.")
FUZZER_FLAG_INT(print_final_stats, 0, "If 1, print statistics at exit.")
FUZZER_FLAG_INT(handle_segv, 1, "If 1, try to intercept SIGSEGV.")
Modified: llvm/trunk/lib/Fuzzer/FuzzerInternal.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerInternal.h?rev=279787&r1=279786&r2=279787&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerInternal.h (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerInternal.h Thu Aug 25 17:35:08 2016
@@ -455,6 +455,7 @@ private:
void InterruptCallback();
void MutateAndTestOne();
void ReportNewCoverage(const Unit &U);
+ void PrintNewPCs();
bool RunOne(const Unit &U) { return RunOne(U.data(), U.size()); }
void RunOneAndUpdateCorpus(const uint8_t *Data, size_t Size);
void WriteToOutputCorpus(const Unit &U);
@@ -516,9 +517,10 @@ private:
// Maximum recorded coverage.
Coverage MaxCoverage;
- // For -print_new_cov_pcs
+ // For -print_pcs
uintptr_t* PcBuffer = nullptr;
size_t PcBufferLen = 0;
+ size_t PrevPcBufferPos;
// Need to know our own thread.
static thread_local bool IsMyThread;
Modified: llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp?rev=279787&r1=279786&r2=279787&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp Thu Aug 25 17:35:08 2016
@@ -441,15 +441,9 @@ void Fuzzer::ShuffleAndMinimize() {
}
bool Fuzzer::UpdateMaxCoverage() {
- uintptr_t PrevPcBufferPos = MaxCoverage.PcBufferPos;
+ PrevPcBufferPos = MaxCoverage.PcBufferPos;
bool Res = RecordMaxCoverage(&MaxCoverage);
- if (Options.PrintNewCovPcs && PrevPcBufferPos != MaxCoverage.PcBufferPos) {
- for (size_t I = PrevPcBufferPos; I < MaxCoverage.PcBufferPos; ++I) {
- Printf("%p\n", PcBuffer[I]);
- }
- }
-
return Res;
}
@@ -566,6 +560,21 @@ void Fuzzer::PrintStatusForNewUnit(const
}
}
+void Fuzzer::PrintNewPCs() {
+ if (Options.PrintNewCovPcs && PrevPcBufferPos != MaxCoverage.PcBufferPos) {
+ for (size_t I = PrevPcBufferPos; I < MaxCoverage.PcBufferPos; ++I) {
+ if (EF->__sanitizer_symbolize_pc) {
+ char PcDescr[1024];
+ EF->__sanitizer_symbolize_pc(reinterpret_cast<void*>(PcBuffer[I]),
+ "%p %F %L", PcDescr, sizeof(PcDescr));
+ Printf("\tNEW_PC: %s\n", PcDescr);
+ } else {
+ Printf("\tNEW_PC: %p\n", PcBuffer[I]);
+ }
+ }
+ }
+}
+
void Fuzzer::ReportNewCoverage(const Unit &U) {
Corpus.push_back(U);
UpdateCorpusDistribution();
@@ -574,6 +583,7 @@ void Fuzzer::ReportNewCoverage(const Uni
PrintStatusForNewUnit(U);
WriteToOutputCorpus(U);
NumberOfNewUnitsAdded++;
+ PrintNewPCs();
}
// Finds minimal number of units in 'Extra' that add coverage to 'Initial'.
Modified: llvm/trunk/lib/Fuzzer/test/fuzzer-printcovpcs.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/fuzzer-printcovpcs.test?rev=279787&r1=279786&r2=279787&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/fuzzer-printcovpcs.test (original)
+++ llvm/trunk/lib/Fuzzer/test/fuzzer-printcovpcs.test Thu Aug 25 17:35:08 2016
@@ -1,5 +1,7 @@
-RUN: LLVMFuzzer-SimpleTest -print_new_cov_pcs=1 2>&1 | FileCheck %s --check-prefix=PCS
-PCS:{{^0x[a-f0-9]+}}
+RUN: LLVMFuzzer-SimpleTest -print_pcs=1 2>&1 | FileCheck %s --check-prefix=PCS
+PCS-NOT: NEW_PC
+PCS:INITED
+PCS:NEW_PC: {{0x[a-f0-9]+}} in LLVMFuzzerTestOneInput {{.*}}SimpleTest.cpp
PCS:NEW
PCS:BINGO
More information about the llvm-commits
mailing list