[PATCH] D97975: [libFuzzer] add attribute noinline on Fuzzer::ExecuteCallback()

Jonas Paulsson via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Thu Mar 4 13:09:30 PST 2021 

jonpa created this revision.
jonpa added reviewers: uweigand, aeubanks.
jonpa requested review of this revision.

The inlining of this function caused minimize_two_crashes.test to fail on a stage-2 (clang) build, so it is necessary to disable it.

The reason the test fails is that during stack unwinding it expects to find this function, get a string representation that matches it, like:

  DedupToken1: DEDUP_TOKEN: Bar()--LLVMFuzzerTestOneInput--fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)
  DedupToken2: DEDUP_TOKEN: Bar()--LLVMFuzzerTestOneInput--fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)

When inlined the strings do not match anymore, and the test fails:

  DedupToken1: DEDUP_TOKEN: Bar()--LLVMFuzzerTestOneInput--fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)
  DedupToken2: DEDUP_TOKEN: Bar()--LLVMFuzzerTestOneInput--ExecuteCallback
  mismatch in dedup tokens (looks like a different bug). Won't minimize further

It may be possible to in the future fix the clang symbolization of the function signature of the inlined function to match the expected full string, like happens with a gcc build. The noinline attribute can then be removed again, even though the function should be large enough to not demand inlining for performance reasons.


https://reviews.llvm.org/D97975

Files:
  compiler-rt/lib/fuzzer/FuzzerLoop.cpp


Index: compiler-rt/lib/fuzzer/FuzzerLoop.cpp
===================================================================
--- compiler-rt/lib/fuzzer/FuzzerLoop.cpp
+++ compiler-rt/lib/fuzzer/FuzzerLoop.cpp
@@ -575,7 +575,7 @@
          !memcmp(A + Size - Limit / 2, B + Size - Limit / 2, Limit / 2);
 }
 
-void Fuzzer::ExecuteCallback(const uint8_t *Data, size_t Size) {
+void __attribute__((noinline)) Fuzzer::ExecuteCallback(const uint8_t *Data, size_t Size) {
   TPC.RecordInitialStack();
   TotalNumberOfRuns++;
   assert(InFuzzingThread());


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D97975.328282.patch
Type: text/x-patch
Size: 537 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20210304/ff82d6ef/attachment.bin>

More information about the llvm-commits mailing list