[compiler-rt] f897e82 - [fuzzer] Add Windows Visual C++ exception intercept
Jonathan Metzman via llvm-commits
llvm-commits at lists.llvm.org
Mon Nov 16 09:16:19 PST 2020
I wasn't able to reproduce this issue locally, so I'm trying a speculative
fix that I think works here:
https://github.com/llvm/llvm-project/commit/a3be1287091463f4099cdb1710883645329cda7e
If that doesn't work, I'm going to disable this test on platforms other
than windows.
On Mon, Nov 16, 2020 at 8:27 AM Jonathan Metzman <metzman at chromium.org>
wrote:
> Hi Ying,
> Sorry for the delay,
> If I can't fix this in about an hour or two, I'll revert.
>
> Apologies for the trouble,
> Jonathan
>
> On Mon, Nov 16, 2020 at 4:53 AM Ying Yi <maggieyi666 at gmail.com> wrote:
>
>> Hi Joe and Jonathan,
>>
>> The commit f897e82 seems to cause a test failure on the Buildbot (
>> http://lab.llvm.org:8011/#/builders/112/builds/1115/steps/5/logs/FAIL__libFuzzer___uncaught-exception_test),
>> could you please either fix it or revert the commit?
>>
>> Thanks,
>> Maggie
>>
>> On Thu, Nov 12, 2020 at 9:12 PM Jonathan Metzman via llvm-commits <
>> llvm-commits at lists.llvm.org> wrote:
>>
>>>
>>> Author: Joe Pletcher
>>> Date: 2020-11-12T13:11:14-08:00
>>> New Revision: f897e82bfd86099a5321e3fd50c63598e11e289b
>>>
>>> URL:
>>> https://github.com/llvm/llvm-project/commit/f897e82bfd86099a5321e3fd50c63598e11e289b
>>> DIFF:
>>> https://github.com/llvm/llvm-project/commit/f897e82bfd86099a5321e3fd50c63598e11e289b.diff
>>>
>>> LOG: [fuzzer] Add Windows Visual C++ exception intercept
>>>
>>> Adds a new option, `handle_winexcept` to try to intercept uncaught
>>> Visual C++ exceptions on Windows. On Linux, such exceptions are handled
>>> implicitly by `std::terminate()` raising `SIBABRT`. This option brings
>>> the
>>> Windows behavior in line with Linux.
>>>
>>> Unfortunately this exception code is intentionally undocumented, however
>>> has remained stable for the last decade. More information can be found
>>> here: https://devblogs.microsoft.com/oldnewthing/20100730-00/?p=13273
>>>
>>> Reviewed By: morehouse, metzman
>>>
>>> Differential Revision: https://reviews.llvm.org/D89755
>>>
>>> Added:
>>> compiler-rt/test/fuzzer/UncaughtException.cpp
>>> compiler-rt/test/fuzzer/uncaught-exception.test
>>>
>>> Modified:
>>> compiler-rt/lib/fuzzer/FuzzerDriver.cpp
>>> compiler-rt/lib/fuzzer/FuzzerFlags.def
>>> compiler-rt/lib/fuzzer/FuzzerOptions.h
>>> compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
>>>
>>> Removed:
>>>
>>>
>>>
>>>
>>> ################################################################################
>>> diff --git a/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
>>> b/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
>>> index 6b674c4e9d7a..447cafce7fd4 100644
>>> --- a/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
>>> +++ b/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
>>> @@ -829,6 +829,8 @@ int FuzzerDriver(int *argc, char ***argv,
>>> UserCallback Callback) {
>>> Options.HandleXfsz = Flags.handle_xfsz;
>>> Options.HandleUsr1 = Flags.handle_usr1;
>>> Options.HandleUsr2 = Flags.handle_usr2;
>>> + Options.HandleWinExcept = Flags.handle_winexcept;
>>> +
>>> SetSignalHandler(Options);
>>>
>>> std::atexit(Fuzzer::StaticExitCallback);
>>>
>>> diff --git a/compiler-rt/lib/fuzzer/FuzzerFlags.def
>>> b/compiler-rt/lib/fuzzer/FuzzerFlags.def
>>> index ef6c3f8ba8f0..ab31da0ae5d6 100644
>>> --- a/compiler-rt/lib/fuzzer/FuzzerFlags.def
>>> +++ b/compiler-rt/lib/fuzzer/FuzzerFlags.def
>>> @@ -145,6 +145,8 @@ FUZZER_FLAG_INT(handle_term, 1, "If 1, try to
>>> intercept SIGTERM.")
>>> FUZZER_FLAG_INT(handle_xfsz, 1, "If 1, try to intercept SIGXFSZ.")
>>> FUZZER_FLAG_INT(handle_usr1, 1, "If 1, try to intercept SIGUSR1.")
>>> FUZZER_FLAG_INT(handle_usr2, 1, "If 1, try to intercept SIGUSR2.")
>>> +FUZZER_FLAG_INT(handle_winexcept, 1, "If 1, try to intercept uncaught
>>> Windows "
>>> + "Visual C++ Exceptions.")
>>> FUZZER_FLAG_INT(close_fd_mask, 0, "If 1, close stdout at startup; "
>>> "if 2, close stderr; if 3, close both. "
>>> "Be careful, this will also close e.g. stderr of asan.")
>>>
>>> diff --git a/compiler-rt/lib/fuzzer/FuzzerOptions.h
>>> b/compiler-rt/lib/fuzzer/FuzzerOptions.h
>>> index 21155e9c5692..d0c285a6821d 100644
>>> --- a/compiler-rt/lib/fuzzer/FuzzerOptions.h
>>> +++ b/compiler-rt/lib/fuzzer/FuzzerOptions.h
>>> @@ -84,6 +84,7 @@ struct FuzzingOptions {
>>> bool HandleXfsz = false;
>>> bool HandleUsr1 = false;
>>> bool HandleUsr2 = false;
>>> + bool HandleWinExcept = false;
>>> };
>>>
>>> } // namespace fuzzer
>>>
>>> diff --git a/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
>>> b/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
>>> index a360b65b5412..1a54bb569eca 100644
>>> --- a/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
>>> +++ b/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
>>> @@ -60,7 +60,15 @@ static LONG CALLBACK
>>> ExceptionHandler(PEXCEPTION_POINTERS ExceptionInfo) {
>>> if (HandlerOpt->HandleFpe)
>>> Fuzzer::StaticCrashSignalCallback();
>>> break;
>>> - // TODO: handle (Options.HandleXfsz)
>>> + // This is an undocumented exception code corresponding to a Visual
>>> C++
>>> + // Exception.
>>> + //
>>> + // See:
>>> https://devblogs.microsoft.com/oldnewthing/20100730-00/?p=13273
>>> + case 0xE06D7363:
>>> + if (HandlerOpt->HandleWinExcept)
>>> + Fuzzer::StaticCrashSignalCallback();
>>> + break;
>>> + // TODO: Handle (Options.HandleXfsz)
>>> }
>>> return EXCEPTION_CONTINUE_SEARCH;
>>> }
>>> @@ -127,7 +135,7 @@ void SetSignalHandler(const FuzzingOptions& Options)
>>> {
>>> }
>>>
>>> if (Options.HandleSegv || Options.HandleBus || Options.HandleIll ||
>>> - Options.HandleFpe)
>>> + Options.HandleFpe || Options.HandleWinExcept)
>>> SetUnhandledExceptionFilter(ExceptionHandler);
>>>
>>> if (Options.HandleAbrt)
>>>
>>> diff --git a/compiler-rt/test/fuzzer/UncaughtException.cpp
>>> b/compiler-rt/test/fuzzer/UncaughtException.cpp
>>> new file mode 100644
>>> index 000000000000..35df4a9ce326
>>> --- /dev/null
>>> +++ b/compiler-rt/test/fuzzer/UncaughtException.cpp
>>> @@ -0,0 +1,10 @@
>>> +#include <cstdint>
>>> +#include <vector>
>>> +
>>> +extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t *data, size_t
>>> size) {
>>> + std::vector<uint8_t> v;
>>> + // Intentionally throw std::length_error
>>> + v.reserve(static_cast<uint64_t>(-1));
>>> +
>>> + return 0;
>>> +}
>>>
>>> diff --git a/compiler-rt/test/fuzzer/uncaught-exception.test
>>> b/compiler-rt/test/fuzzer/uncaught-exception.test
>>> new file mode 100644
>>> index 000000000000..28c423a4e431
>>> --- /dev/null
>>> +++ b/compiler-rt/test/fuzzer/uncaught-exception.test
>>> @@ -0,0 +1,8 @@
>>> +# Test that throws a C++ exception and doesn't catch it. Should result
>>> in a
>>> +# crash
>>> +RUN: %cpp_compiler %S/UncaughtException.cpp -o %t-UncaughtException
>>> +
>>> +RUN: not %run %t-UncaughtException 2>&1 | FileCheck %s
>>> +
>>> +CHECK: ERROR: libFuzzer: deadly signal
>>> +CHECK: Test unit written to ./crash
>>>
>>>
>>>
>>> _______________________________________________
>>> llvm-commits mailing list
>>> llvm-commits at lists.llvm.org
>>> https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
>>>
>>
>>
>> --
>> Ying Yi
>> SN Systems - Sony Interactive Entertainment
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20201116/f6eba405/attachment.html>
More information about the llvm-commits
mailing list