]> granicus.if.org Git - llvm/commitdiff
projects / llvm / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 31daa34)
[libFuzzer] make caller-callee feedback work with trace-pc-guard
authorKostya Serebryany <kcc@google.com>
Thu, 15 Sep 2016 22:16:15 +0000 (22:16 +0000)
committerKostya Serebryany <kcc@google.com>
Thu, 15 Sep 2016 22:16:15 +0000 (22:16 +0000)
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@281667 91177308-0d34-0410-b5e6-96231b3b80d8

lib/Fuzzer/FuzzerInternal.h patch | blob | history
lib/Fuzzer/FuzzerTracePC.cpp patch | blob | history
lib/Fuzzer/test/CMakeLists.txt patch | blob | history
lib/Fuzzer/test/fuzzer.test patch | blob | history
lib/Fuzzer/test/trace-pc/CMakeLists.txt patch | blob | history

diff --git a/lib/Fuzzer/FuzzerInternal.h b/lib/Fuzzer/FuzzerInternal.h
index 9f0641ff46caeb0bfa09400a07c9f40e3338ff40..1ee1b8f718f487abbc6bc7ba1e34e092638fde83 100644 (file)
--- a/lib/Fuzzer/FuzzerInternal.h
+++ b/lib/Fuzzer/FuzzerInternal.h
@@ -360,6 +360,7 @@ class TracePC {
  public:
   void HandleTrace(uint8_t *guard, uintptr_t PC);
   void HandleInit(uint8_t *start, uint8_t *stop);
+  void HandleCallerCallee(uintptr_t Caller, uintptr_t Callee);
   size_t GetTotalCoverage() { return TotalCoverage; }
   void SetUseCounters(bool UC) { UseCounters = UC; }
   size_t UpdateCounterMap(ValueBitMap *Map);
diff --git a/lib/Fuzzer/FuzzerTracePC.cpp b/lib/Fuzzer/FuzzerTracePC.cpp
index b01769203e2699551c9182dd569edfa4222353a0..f729a5e687871a65cbb656631e3d5c50d3cd903e 100644 (file)
--- a/lib/Fuzzer/FuzzerTracePC.cpp
+++ b/lib/Fuzzer/FuzzerTracePC.cpp
@@ -73,6 +73,12 @@ size_t TracePC::UpdateCounterMap(ValueBitMap *Map) {
   return Delta;
 }
 
+void TracePC::HandleCallerCallee(uintptr_t Caller, uintptr_t Callee) {
+  const uintptr_t kBits = 12;
+  const uintptr_t kMask = (1 << kBits) - 1;
+  CounterMap.AddValue((Caller & kMask) | ((Callee & kMask) << kBits));
+}
+
 } // namespace fuzzer
 
 extern "C" {
@@ -86,4 +92,10 @@ __attribute__((visibility("default")))
 void __sanitizer_cov_trace_pc_guard_init(uint8_t *Start, uint8_t *Stop) {
   fuzzer::TPC.HandleInit(Start, Stop);
 }
+
+__attribute__((visibility("default")))
+void __sanitizer_cov_trace_pc_indir(uintptr_t Callee) {
+  uintptr_t PC = (uintptr_t)__builtin_return_address(0);
+  fuzzer::TPC.HandleCallerCallee(PC, Callee);
+}
 }
diff --git a/lib/Fuzzer/test/CMakeLists.txt b/lib/Fuzzer/test/CMakeLists.txt
index 4df13ad82f3b3d1b86351a9ce5d2b78dfe6e34fe..a1d6e024d552555f396ec12a80ea444aa49e2956 100644 (file)
--- a/lib/Fuzzer/test/CMakeLists.txt
+++ b/lib/Fuzzer/test/CMakeLists.txt
@@ -25,6 +25,7 @@ foreach (VARNAME ${variables_to_filter})
 endforeach()
 
 # Enable the coverage instrumentation (it is disabled for the Fuzzer lib).
+#set(CMAKE_CXX_FLAGS "${LIBFUZZER_FLAGS_BASE} -fno-sanitize-coverage=8bit-counters  -fsanitize-coverage=edge,indirect-calls,trace-cmp,trace-div,trace-gep,trace-pc-guard -g")
 set(CMAKE_CXX_FLAGS "${LIBFUZZER_FLAGS_BASE} -fsanitize-coverage=edge,indirect-calls,trace-cmp,trace-div,trace-gep -g")
 
 # add_libfuzzer_test(<name>
diff --git a/lib/Fuzzer/test/fuzzer.test b/lib/Fuzzer/test/fuzzer.test
index 432d7e01471bf2657ed163f415f7cfae83f508f1..0e7b26ec7260b312f5b4a794455ff0b85c20387e 100644 (file)
--- a/lib/Fuzzer/test/fuzzer.test
+++ b/lib/Fuzzer/test/fuzzer.test
@@ -32,7 +32,8 @@ COUNTERS: NEW {{.*}} bits: {{[1-9]*}}
 COUNTERS: NEW {{.*}} bits: {{[1-9]*}}
 COUNTERS: BINGO
 
-RUN: not LLVMFuzzer-CallerCalleeTest                     -cross_over=0 -max_len=6 -seed=1 -timeout=15 2>&1 | FileCheck %s
+RUN: not LLVMFuzzer-CallerCalleeTest                     -cross_over=0 -max_len=6 -seed=1 -max_total_time=15 2>&1 | FileCheck %s
+RUN: not LLVMFuzzer-CallerCalleeTest-TracePC             -cross_over=0 -max_len=6 -seed=1 -max_total_time=15 2>&1 | FileCheck %s
 # This one is flaky, may actually find the goal even w/o use_indir_calls.
 # LLVMFuzzer-CallerCalleeTest  -use_indir_calls=0 -cross_over=0 -max_len=6 -seed=1 -runs=1000000 2>&1 | FileCheck %s  --check-prefix=Done1000000
 
diff --git a/lib/Fuzzer/test/trace-pc/CMakeLists.txt b/lib/Fuzzer/test/trace-pc/CMakeLists.txt
index a25dbc63a0ebd2c0d01aac349fc88a7b58cad92a..4ecf80163a0dec1515d1d9814eddfe327174b969 100644 (file)
--- a/lib/Fuzzer/test/trace-pc/CMakeLists.txt
+++ b/lib/Fuzzer/test/trace-pc/CMakeLists.txt
@@ -6,6 +6,7 @@ set(CMAKE_CXX_FLAGS
 set(TracePCTests
   SimpleTest
   CounterTest
+  CallerCalleeTest
   )
 
 foreach(Test ${TracePCTests})
Unnamed repository; edit this file 'description' to name the repository.