[PATCH] D48891: [libFuzzer] Make -fsanitize=memory,fuzzer work.
Kostya Serebryany via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Jul 3 16:15:54 PDT 2018
kcc added inline comments.
================
Comment at: compiler-rt/lib/fuzzer/FuzzerDriver.cpp:541
EF->LLVMFuzzerInitialize(argc, argv);
+ DisableInterceptors = new ScopedDisableMsanInterceptorChecks();
const Vector<std::string> Args(*argv, *argv + *argc);
----------------
errr. this sounds like an overkill.
If you never destruct this, then just call __msan_scoped_disable_interceptor_checks
================
Comment at: compiler-rt/lib/fuzzer/FuzzerInternal.h:155
+struct ScopedEnableMsanInterceptorChecks {
+ ScopedEnableMsanInterceptorChecks() {
----------------
you only ever need ScopedEnable, right?
never ScopedDisable
================
Comment at: compiler-rt/lib/fuzzer/FuzzerLoop.cpp:182
return; // Happens when running individual inputs.
- MD.PrintMutationSequence();
- Printf("; base unit: %s\n", Sha1ToString(BaseSha1).c_str());
- size_t UnitSize = CurrentUnitSize;
- if (UnitSize <= kMaxUnitSizeToPrint) {
- PrintHexArray(CurrentUnitData, UnitSize, "\n");
- PrintASCII(CurrentUnitData, UnitSize, "\n");
+ {
+ ScopedDisableMsanInterceptorChecks S;
----------------
Do you need this extra scope here?
================
Comment at: compiler-rt/lib/fuzzer/FuzzerLoop.cpp:519
+ if (EF->__msan_unpoison)
+ EF->__msan_unpoison(Data, Size);
// We copy the contents of Unit into a separate heap buffer
----------------
why Data, not DataCopy?
================
Comment at: compiler-rt/test/fuzzer/msan.test:18
+RUN: %msan_compiler %S/UseAfterDtor.cpp -o %t
+RUN: MSAN_OPTIONS=poison_in_dtor=1 not %run %t -seed=1 -runs=10000000 2>&1 | FileCheck %s --check-prefix=REPORT
+
----------------
also add one test that would break if you accidentally disable and never enable back the interceptor checks
https://reviews.llvm.org/D48891
More information about the llvm-commits
mailing list