[PATCH] D40376: [LibFuzzer] Fix `CounterToFeature()` so that it doesn't ignore the 6th bit.
Dan Liew via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Thu Nov 23 13:04:59 PST 2017
delcypher updated this revision to Diff 124106.
delcypher edited the summary of this revision.
delcypher added a comment.
Herald added a subscriber: krytarowski.
Turns out my original change to `CounterToFeature()` broke an existing test. To work around that I'm just changing how user supplied counters are handled instead.
https://reviews.llvm.org/D40376
Files:
lib/fuzzer/FuzzerTracePC.h
test/fuzzer/SingleExtraCounterTest.cpp
test/fuzzer/single-extra-counter.test
Index: test/fuzzer/single-extra-counter.test
===================================================================
--- /dev/null
+++ test/fuzzer/single-extra-counter.test
@@ -0,0 +1,23 @@
+REQUIRES: linux
+RUN: %cpp_compiler %S/SingleExtraCounterTest.cpp -o %t-SingleExtraCounterTest
+RUN: %t-SingleExtraCounterTest -max_len=1 -seed=0 -runs=10 -print_final_stats=1 2>&1 | FileCheck %s
+
+CHECK: Setting bit: 0
+CHECK-NEXT: #3 {{ *}}NEW
+CHECK: Setting bit: 1
+CHECK-NEXT: #4 {{ *}}NEW
+CHECK: Setting bit: 2
+CHECK-NEXT: #5 {{ *}}NEW
+CHECK: Setting bit: 3
+CHECK-NEXT: #6 {{ *}}NEW
+CHECK: Setting bit: 4
+CHECK-NEXT: #7 {{ *}}NEW
+CHECK: Setting bit: 5
+CHECK-NEXT: #8 {{ *}}NEW
+CHECK: Setting bit: 6
+CHECK-NEXT: #9 {{ *}}NEW
+CHECK: Setting bit: 7
+CHECK-NEXT: #10 {{ *}}NEW
+
+CHECK: number_of_executed_units:{{ *}}10
+CHECK: new_units_added:{{ *}}8
Index: test/fuzzer/SingleExtraCounterTest.cpp
===================================================================
--- /dev/null
+++ test/fuzzer/SingleExtraCounterTest.cpp
@@ -0,0 +1,31 @@
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+#include <cassert>
+#include <cstdint>
+#include <cstdio>
+
+#ifdef __linux__
+__attribute__((section("__libfuzzer_extra_counters")))
+#endif
+ static uint8_t Counters[1];
+
+// This tests that every bit inside a counter is used as a signal
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+ static int RunCount = 0;
+ fprintf(stderr, "Doing run: #%d\n", RunCount);
+ // FIXME: The is fragile, why two runs before init is done?
+ // The first two runs of this function are for LibFuzzers init so
+ // don't modify counters until after they are done.
+ if (RunCount < 2) {
+ ++RunCount;
+ return 0;
+ }
+ int BitToSet = RunCount - 2;
+ assert(BitToSet >= 0 & BitToSet <= 7);
+ // LibFuzzer should reset this for every call
+ assert(Counters[0] == 0);
+ fprintf(stderr, "Setting bit: %d\n", BitToSet);
+ Counters[0] = (1 << BitToSet);
+ ++RunCount;
+ return 0;
+}
Index: lib/fuzzer/FuzzerTracePC.h
===================================================================
--- lib/fuzzer/FuzzerTracePC.h
+++ lib/fuzzer/FuzzerTracePC.h
@@ -246,7 +246,16 @@
}
ForEachNonZeroByte(ExtraCountersBegin(), ExtraCountersEnd(), FirstFeature,
- Handle8bitCounter);
+ [&](size_t FirstFeature, size_t Idx, uint8_t Counter) {
+ assert(Counter);
+ // Convert to Counter to a Feature. This is similar to the
+ // `CounterToFeature()` function but here each bit in the counter
+ // is treated as a distinct feature.
+ unsigned int MSBit = sizeof(unsigned int) * 8 - __builtin_clz(Counter);
+ assert(MSBit >=0 && MSBit < 8);
+ size_t Feature = MSBit -1;
+ HandleFeature(FirstFeature + Idx * 8 + Feature);
+ });
FirstFeature += (ExtraCountersEnd() - ExtraCountersBegin()) * 8;
if (UseValueProfile) {
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D40376.124106.patch
Type: text/x-patch
Size: 2963 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20171123/dfb49be6/attachment.bin>
More information about the llvm-commits
mailing list