[PATCH] D63037: [dfsan] Introduce dfsan_flush().
Kostya Serebryany via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Fri Jun 7 17:38:42 PDT 2019
kcc created this revision.
kcc added a reviewer: pcc.
Herald added subscribers: llvm-commits, Sanitizers, delcypher.
Herald added projects: LLVM, Sanitizers.
dfsan_flush() allows to restart tain tracking from scratch in the same process.
The primary purpose right now is to allow more efficient data flow tracing
for DFT fuzzing: https://github.com/google/oss-fuzz/issues/1632
Repository:
rCRT Compiler Runtime
https://reviews.llvm.org/D63037
Files:
include/sanitizer/dfsan_interface.h
lib/dfsan/dfsan.cc
lib/dfsan/done_abilist.txt
test/dfsan/flush.c
Index: test/dfsan/flush.c
===================================================================
--- /dev/null
+++ test/dfsan/flush.c
@@ -0,0 +1,28 @@
+// Tests dfsan_flush().
+// RUN: %clang_dfsan %s -o %t && %run %t
+#include <sanitizer/dfsan_interface.h>
+#include <assert.h>
+#include <stdlib.h>
+
+int global;
+
+int main() {
+ int local;
+ int *heap = (int*)malloc(sizeof(int));
+
+ dfsan_set_label(10, &global, sizeof(global));
+ dfsan_set_label(20, &local, sizeof(local));
+ dfsan_set_label(30, heap, sizeof(*heap));
+
+ assert(dfsan_get_label(global) == 10);
+ assert(dfsan_get_label(local) == 20);
+ assert(dfsan_get_label(*heap) == 30);
+
+ dfsan_flush();
+
+ assert(dfsan_get_label(global) == 0);
+ assert(dfsan_get_label(local) == 0);
+ assert(dfsan_get_label(*heap) == 0);
+
+ free(heap);
+}
Index: include/sanitizer/dfsan_interface.h
===================================================================
--- include/sanitizer/dfsan_interface.h
+++ include/sanitizer/dfsan_interface.h
@@ -79,6 +79,12 @@
/// Returns the number of labels allocated.
size_t dfsan_get_label_count(void);
+/// Flushes the DFSan shadow, i.e. forgets about all labels currently associated
+/// with the application memory. Will work only if there are no other
+/// threads executing DFSan-instrumented code concurrently.
+/// Use this call to start over the taint tracking within the same procces.
+void dfsan_flush(void);
+
/// Sets a callback to be invoked on calls to write(). The callback is invoked
/// before the write is done. The write is not guaranteed to succeed when the
/// callback executes. Pass in NULL to remove any callback.
Index: lib/dfsan/done_abilist.txt
===================================================================
--- lib/dfsan/done_abilist.txt
+++ lib/dfsan/done_abilist.txt
@@ -26,6 +26,8 @@
fun:dfsan_has_label_with_desc=discard
fun:dfsan_set_write_callback=uninstrumented
fun:dfsan_set_write_callback=custom
+fun:dfsan_flush=uninstrumented
+fun:dfsan_flush=discard
###############################################################################
# glibc
Index: lib/dfsan/dfsan.cc
===================================================================
--- lib/dfsan/dfsan.cc
+++ lib/dfsan/dfsan.cc
@@ -421,6 +421,12 @@
}
}
+extern "C" void dfsan_flush() {
+ UnmapOrDie((void*)ShadowAddr(), UnusedAddr() - ShadowAddr());
+ if (!MmapFixedNoReserve(ShadowAddr(), UnusedAddr() - ShadowAddr()))
+ Die();
+}
+
static void dfsan_init(int argc, char **argv, char **envp) {
InitializeFlags();
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D63037.203650.patch
Type: text/x-patch
Size: 2546 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20190608/60567824/attachment.bin>
More information about the llvm-commits
mailing list