[compiler-rt] r352713 - [libFuzzer] set libFuzzer's own SEGV handler even one is already present, but call that handler from ours (unless we are unprotecting lazy counters). Call ProtectLazyCounters later, so that it runs after the initialization code in the target.
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Wed Jan 30 17:40:14 PST 2019
Author: kcc
Date: Wed Jan 30 17:40:14 2019
New Revision: 352713
URL: http://llvm.org/viewvc/llvm-project?rev=352713&view=rev
Log:
[libFuzzer] set libFuzzer's own SEGV handler even one is already present, but call that handler from ours (unless we are unprotecting lazy counters). Call ProtectLazyCounters later, so that it runs after the initialization code in the target.
Modified:
compiler-rt/trunk/lib/fuzzer/FuzzerDriver.cpp
compiler-rt/trunk/lib/fuzzer/FuzzerInternal.h
compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp
compiler-rt/trunk/lib/fuzzer/FuzzerUtilPosix.cpp
compiler-rt/trunk/test/fuzzer/large.test
Modified: compiler-rt/trunk/lib/fuzzer/FuzzerDriver.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerDriver.cpp?rev=352713&r1=352712&r2=352713&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerDriver.cpp (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerDriver.cpp Wed Jan 30 17:40:14 2019
@@ -628,6 +628,7 @@ int FuzzerDriver(int *argc, char ***argv
Options.FocusFunction = Flags.focus_function;
if (Flags.data_flow_trace)
Options.DataFlowTrace = Flags.data_flow_trace;
+ Options.LazyCounters = Flags.lazy_counters;
unsigned Seed = Flags.seed;
// Initialize Seed.
@@ -658,10 +659,7 @@ int FuzzerDriver(int *argc, char ***argv
Options.HandleXfsz = Flags.handle_xfsz;
Options.HandleUsr1 = Flags.handle_usr1;
Options.HandleUsr2 = Flags.handle_usr2;
- Options.LazyCounters = Flags.lazy_counters;
SetSignalHandler(Options);
- if (Options.LazyCounters)
- TPC.ProtectLazyCounters();
std::atexit(Fuzzer::StaticExitCallback);
Modified: compiler-rt/trunk/lib/fuzzer/FuzzerInternal.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerInternal.h?rev=352713&r1=352712&r2=352713&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerInternal.h (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerInternal.h Wed Jan 30 17:40:14 2019
@@ -59,7 +59,6 @@ public:
size_t getTotalNumberOfRuns() { return TotalNumberOfRuns; }
static void StaticAlarmCallback();
- static void StaticSegvSignalCallback(void *Addr);
static void StaticCrashSignalCallback();
static void StaticExitCallback();
static void StaticInterruptCallback();
Modified: compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp?rev=352713&r1=352712&r2=352713&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp Wed Jan 30 17:40:14 2019
@@ -205,11 +205,6 @@ void Fuzzer::StaticCrashSignalCallback()
F->CrashCallback();
}
-void Fuzzer::StaticSegvSignalCallback(void *Addr) {
- if (TPC.UnprotectLazyCounters(Addr)) return;
- StaticCrashSignalCallback();
-}
-
void Fuzzer::StaticExitCallback() {
assert(F);
F->ExitCallback();
@@ -720,6 +715,10 @@ void Fuzzer::ReadAndExecuteSeedCorpora(c
uint8_t dummy = 0;
ExecuteCallback(&dummy, 0);
+ // Protect lazy counters here, after the once-init code has been executed.
+ if (Options.LazyCounters)
+ TPC.ProtectLazyCounters();
+
if (SizedFiles.empty()) {
Printf("INFO: A corpus is not provided, starting from an empty corpus\n");
Unit U({'\n'}); // Valid ASCII input.
Modified: compiler-rt/trunk/lib/fuzzer/FuzzerUtilPosix.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerUtilPosix.cpp?rev=352713&r1=352712&r2=352713&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerUtilPosix.cpp (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerUtilPosix.cpp Wed Jan 30 17:40:14 2019
@@ -11,6 +11,7 @@
#if LIBFUZZER_POSIX
#include "FuzzerIO.h"
#include "FuzzerInternal.h"
+#include "FuzzerTracePC.h"
#include <cassert>
#include <chrono>
#include <cstring>
@@ -32,9 +33,14 @@ static void AlarmHandler(int, siginfo_t
Fuzzer::StaticAlarmCallback();
}
-static void SegvHandler(int, siginfo_t *si, void *) {
+static void (*upstream_segv_handler)(int, siginfo_t *, void *);
+
+static void SegvHandler(int sig, siginfo_t *si, void *ucontext) {
assert(si->si_signo == SIGSEGV);
- Fuzzer::StaticSegvSignalCallback(si->si_addr);
+ if (TPC.UnprotectLazyCounters(si->si_addr)) return;
+ if (upstream_segv_handler)
+ return upstream_segv_handler(sig, si, ucontext);
+ Fuzzer::StaticCrashSignalCallback();
}
static void CrashHandler(int, siginfo_t *, void *) {
@@ -61,8 +67,11 @@ static void SetSigaction(int signum,
exit(1);
}
if (sigact.sa_flags & SA_SIGINFO) {
- if (sigact.sa_sigaction)
- return;
+ if (sigact.sa_sigaction) {
+ if (signum != SIGSEGV)
+ return;
+ upstream_segv_handler = sigact.sa_sigaction;
+ }
} else {
if (sigact.sa_handler != SIG_DFL && sigact.sa_handler != SIG_IGN &&
sigact.sa_handler != SIG_ERR)
Modified: compiler-rt/trunk/test/fuzzer/large.test
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/fuzzer/large.test?rev=352713&r1=352712&r2=352713&view=diff
==============================================================================
--- compiler-rt/trunk/test/fuzzer/large.test (original)
+++ compiler-rt/trunk/test/fuzzer/large.test Wed Jan 30 17:40:14 2019
@@ -2,5 +2,6 @@ REQUIRES: linux
RUN: %cpp_compiler %S/LargeTest.cpp -o %t-LargeTest
RUN: %run %t-LargeTest -runs=10000
RUN: %env_asan_opts=handle_segv=0 %run %t-LargeTest -runs=10000 -lazy_counters=1 2>&1 | FileCheck %s
+RUN: %run %t-LargeTest -runs=10000 -lazy_counters=1 2>&1 | FileCheck %s
CHECK: pages of counters where protected; libFuzzer's SEGV handler must be installed
More information about the llvm-commits
mailing list