[PATCH] D50483: [SanitizerCoverage] Add associated metadata to PC guards.
Matt Morehouse via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Wed Aug 8 17:31:55 PDT 2018
morehouse created this revision.
morehouse added a reviewer: eugenis.
Herald added a subscriber: hiraditya.
Without this metadata the wrong guards get stripped by the linker,
causing libFuzzer to look up the wrong entries in the PC table.
https://reviews.llvm.org/D50483
Files:
compiler-rt/lib/fuzzer/FuzzerTracePC.cpp
compiler-rt/test/fuzzer/trace-pc.test
llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
Index: llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
===================================================================
--- llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
+++ llvm/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
@@ -241,7 +241,6 @@
GlobalVariable *FunctionGuardArray; // for trace-pc-guard.
GlobalVariable *Function8bitCounterArray; // for inline-8bit-counters.
GlobalVariable *FunctionPCsArray; // for pc-table.
- SmallVector<GlobalValue *, 20> GlobalsToAppendToUsed;
SmallVector<GlobalValue *, 20> GlobalsToAppendToCompilerUsed;
SanitizerCoverageOptions Options;
@@ -403,8 +402,6 @@
}
// We don't reference these arrays directly in any of our runtime functions,
// so we need to prevent them from being dead stripped.
- if (TargetTriple.isOSBinFormatMachO())
- appendToUsed(M, GlobalsToAppendToUsed);
appendToCompilerUsed(M, GlobalsToAppendToCompilerUsed);
return true;
}
@@ -590,7 +587,9 @@
if (Options.TracePCGuard) {
FunctionGuardArray = CreateFunctionLocalArrayInSection(
AllBlocks.size(), F, Int32Ty, SanCovGuardsSectionName);
- GlobalsToAppendToUsed.push_back(FunctionGuardArray);
+ GlobalsToAppendToCompilerUsed.push_back(FunctionGuardArray);
+ MDNode *MD = MDNode::get(F.getContext(), ValueAsMetadata::get(&F));
+ FunctionGuardArray->addMetadata(LLVMContext::MD_associated, *MD);
}
if (Options.Inline8bitCounters) {
Function8bitCounterArray = CreateFunctionLocalArrayInSection(
Index: compiler-rt/test/fuzzer/trace-pc.test
===================================================================
--- compiler-rt/test/fuzzer/trace-pc.test
+++ compiler-rt/test/fuzzer/trace-pc.test
@@ -1,3 +1,7 @@
RUN: %cpp_compiler %S/SimpleTest.cpp -fsanitize-coverage=0 -fsanitize-coverage=trace-pc -o %t-SimpleTest-TracePC
-CHECK: BINGO
RUN: not %run %t-SimpleTest-TracePC -runs=1000000 -seed=1 2>&1 | FileCheck %s
+
+RUN %cpp_compiler %S/SimpleTest.cpp -fsanitize-coverage=0 -fsanitize-coverage=trace-pc-guard,pc-table -o %t-SimpleTest-TracePC
+RUN: not %run %t-SimpleTest-TracePC -runs=1000000 -seed=1 2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/lib/fuzzer/FuzzerTracePC.cpp
===================================================================
--- compiler-rt/lib/fuzzer/FuzzerTracePC.cpp
+++ compiler-rt/lib/fuzzer/FuzzerTracePC.cpp
@@ -224,9 +224,14 @@
size_t Size = Modules[i].Stop - Beg;
assert(Size ==
(size_t)(ModulePCTable[i].Stop - ModulePCTable[i].Start));
- for (size_t j = 0; j < Size; j++, GuardIdx++)
- if (Counters()[GuardIdx])
+ for (size_t j = 0; j < Size; j++, GuardIdx++) {
+ if (Counters()[GuardIdx]) {
+ assert(
+ PCs()[GuardIdx] - ModulePCTable[i].Start[j].PC < 100 &&
+ "PC table entry doesn't match address from PC guard callback");
Observe(ModulePCTable[i].Start[j]);
+ }
+ }
}
}
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D50483.159835.patch
Type: text/x-patch
Size: 2988 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20180809/c2d5bd60/attachment.bin>
More information about the llvm-commits
mailing list