[PATCH] D97975: [libFuzzer] add attribute noinline on Fuzzer::ExecuteCallback()

Jonas Paulsson via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Sat Mar 6 11:04:20 PST 2021 

jonpa updated this revision to Diff 328787.
jonpa added a comment.

> it's symbolization+inlining on a specific platform that doesn't 100% work, right? are there any existing test cases or bugs that show this?

Yes, that's how it seems. I don't know if there are any tests or bugs reported for this, but I am not aware of any.

> there should probably be a FIXME explaining why this noinline was added.

OK, I added a comment in the patch.

> why does the inlining only affect one of the two symbolizations?

These are the two commands executed matching DedupToken1/2):

CRASH_MIN: executing: /home/ijonpan/llvm-project/stage2/projects/compiler-rt/test/fuzzer/S390XDefaultLinuxConfig/Output/minimize_two_crashes.test.tmp-TwoDifferentBugsTest -seed=1 -max_total_\
time=600 /home/ijonpan/llvm-project/stage2/projects/compiler-rt/test/fuzzer/S390XDefaultLinuxConfig/Output/minimize_two_crashes.test.tmp/long_crash 2>&1
CRASH_MIN: executing: /home/ijonpan/llvm-project/stage2/projects/compiler-rt/test/fuzzer/S390XDefaultLinuxConfig/Output/minimize_two_crashes.test.tmp-TwoDifferentBugsTest -seed=1 -max_total_\
time=600 /home/ijonpan/llvm-project/stage2/projects/compiler-rt/test/fuzzer/S390XDefaultLinuxConfig/Output/minimize_two_crashes.test.tmp/long_crash -minimize_crash_internal_step=1 -exact_art\
ifact_path=/home/ijonpan/llvm-project/stage2/projects/compiler-rt/test/fuzzer/S390XDefaultLinuxConfig/Output/minimize_two_crashes.test.tmp/result 2>&1n

The second one is the same but adds '-minimize_crash_internal_step=1 -exact_artifact_path=/home/ijonpan/llvm-project/stage2/projects/compiler-rt/test/fuzzer/S390XDefaultLinuxConfig/Output/minimize_two_crashes.test.tmp/result'.

In both of these the segv in the test case triggers the FuzzerUtilPosix.cpp::SegvHandler(), but I am not sure exactly what else could be the difference. It's quite difficult for me to figure out through gdb so maybe someone more knowledgeable could give an explanation?

> the description should probably reference PR49152.

done


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D97975/new/

https://reviews.llvm.org/D97975

Files:
  compiler-rt/lib/fuzzer/FuzzerLoop.cpp


Index: compiler-rt/lib/fuzzer/FuzzerLoop.cpp
===================================================================
--- compiler-rt/lib/fuzzer/FuzzerLoop.cpp
+++ compiler-rt/lib/fuzzer/FuzzerLoop.cpp
@@ -575,7 +575,9 @@
          !memcmp(A + Size - Limit / 2, B + Size - Limit / 2, Limit / 2);
 }
 
-void Fuzzer::ExecuteCallback(const uint8_t *Data, size_t Size) {
+// FIXME: This method is not inlined because it would cause a test to fail
+// where it is part of the stack unwinding. See D97975 for details.
+void __attribute__((noinline)) Fuzzer::ExecuteCallback(const uint8_t *Data, size_t Size) {
   TPC.RecordInitialStack();
   TotalNumberOfRuns++;
   assert(InFuzzingThread());


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D97975.328787.patch
Type: text/x-patch
Size: 682 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20210306/8158581d/attachment.bin>

More information about the llvm-commits mailing list