[llvm] r299046 - [libFuzzer] best effort support for -fsanitize-coverage=trace-pc instrumentation. It is less efficient and precise than -fsanitize-coverage=trace-pc-guard, but still works
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Wed Mar 29 18:27:20 PDT 2017
Author: kcc
Date: Wed Mar 29 20:27:20 2017
New Revision: 299046
URL: http://llvm.org/viewvc/llvm-project?rev=299046&view=rev
Log:
[libFuzzer] best effort support for -fsanitize-coverage=trace-pc instrumentation. It is less efficient and precise than -fsanitize-coverage=trace-pc-guard, but still works
Added:
llvm/trunk/lib/Fuzzer/test/trace-pc.test
llvm/trunk/lib/Fuzzer/test/trace-pc/CMakeLists.txt
Modified:
llvm/trunk/lib/Fuzzer/FuzzerTracePC.cpp
llvm/trunk/lib/Fuzzer/FuzzerTracePC.h
llvm/trunk/lib/Fuzzer/test/CMakeLists.txt
Modified: llvm/trunk/lib/Fuzzer/FuzzerTracePC.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerTracePC.cpp?rev=299046&r1=299045&r2=299046&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerTracePC.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerTracePC.cpp Wed Mar 29 20:27:20 2017
@@ -287,6 +287,17 @@ void __sanitizer_cov_trace_pc_guard(uint
__sancov_trace_pc_guard_8bit_counters[Idx]++;
}
+// Best-effort support for -fsanitize-coverage=trace-pc, which is available
+// in both Clang and GCC.
+ATTRIBUTE_INTERFACE
+ATTRIBUTE_NO_SANITIZE_ALL
+void __sanitizer_cov_trace_pc() {
+ uintptr_t PC = reinterpret_cast<uintptr_t>(__builtin_return_address(0));
+ uintptr_t Idx = PC & (((uintptr_t)1 << fuzzer::TracePC::kTracePcBits) - 1);
+ __sancov_trace_pc_pcs[Idx] = PC;
+ __sancov_trace_pc_guard_8bit_counters[Idx]++;
+}
+
ATTRIBUTE_INTERFACE
void __sanitizer_cov_trace_pc_guard_init(uint32_t *Start, uint32_t *Stop) {
fuzzer::TPC.HandleInit(Start, Stop);
Modified: llvm/trunk/lib/Fuzzer/FuzzerTracePC.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerTracePC.h?rev=299046&r1=299045&r2=299046&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerTracePC.h (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerTracePC.h Wed Mar 29 20:27:20 2017
@@ -48,6 +48,8 @@ struct TableOfRecentCompares {
class TracePC {
public:
static const size_t kNumPCs = 1 << 21;
+ // How many bits of PC are used from __sanitizer_cov_trace_pc.
+ static const size_t kTracePcBits = 18;
void HandleInit(uint32_t *start, uint32_t *stop);
void HandleCallerCallee(uintptr_t Caller, uintptr_t Callee);
@@ -81,7 +83,9 @@ class TracePC {
void PrintNewPCs();
void InitializePrintNewPCs();
- size_t GetNumPCs() const { return Min(kNumPCs, NumGuards + 1); }
+ size_t GetNumPCs() const {
+ return NumGuards == 0 ? (1 << kTracePcBits) : Min(kNumPCs, NumGuards + 1);
+ }
uintptr_t GetPC(size_t Idx) {
assert(Idx < GetNumPCs());
return PCs()[Idx];
Modified: llvm/trunk/lib/Fuzzer/test/CMakeLists.txt
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/CMakeLists.txt?rev=299046&r1=299045&r2=299046&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/CMakeLists.txt (original)
+++ llvm/trunk/lib/Fuzzer/test/CMakeLists.txt Wed Mar 29 20:27:20 2017
@@ -202,6 +202,7 @@ include_directories(..)
# add_subdirectory(uninstrumented)
add_subdirectory(no-coverage)
+add_subdirectory(trace-pc)
add_subdirectory(ubsan)
add_library(LLVMFuzzer-DSO1 SHARED DSO1.cpp)
Added: llvm/trunk/lib/Fuzzer/test/trace-pc.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/trace-pc.test?rev=299046&view=auto
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/trace-pc.test (added)
+++ llvm/trunk/lib/Fuzzer/test/trace-pc.test Wed Mar 29 20:27:20 2017
@@ -0,0 +1,2 @@
+CHECK: BINGO
+RUN: LLVMFuzzer-SimpleTest-TracePC -runs=100000 -seed=1 2>&1 | FileCheck %s
Added: llvm/trunk/lib/Fuzzer/test/trace-pc/CMakeLists.txt
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/trace-pc/CMakeLists.txt?rev=299046&view=auto
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/trace-pc/CMakeLists.txt (added)
+++ llvm/trunk/lib/Fuzzer/test/trace-pc/CMakeLists.txt Wed Mar 29 20:27:20 2017
@@ -0,0 +1,13 @@
+# These tests are not instrumented with coverage and don't
+# have coverage rt in the binary.
+
+set(CMAKE_CXX_FLAGS
+ "${LIBFUZZER_FLAGS_BASE} -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard -fsanitize-coverage=trace-pc")
+
+set(TracePCTests
+ SimpleTest
+ )
+
+foreach(Test ${TracePCTests})
+ add_libfuzzer_test(${Test}-TracePC SOURCES ../${Test}.cpp)
+endforeach()
More information about the llvm-commits
mailing list