[libFuzzer] simplify the code for __sanitizer_cov_trace_pc_guard and make sure it...

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@293125 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/Fuzzer/FuzzerDefs.h b/lib/Fuzzer/FuzzerDefs.h
index ea60747f24a236614b6f694a7611323883080681..6c1f6a18333ad6a304acbce28ef527ecd5ed9bc7 100644 (file)
--- a/lib/Fuzzer/FuzzerDefs.h
+++ b/lib/Fuzzer/FuzzerDefs.h
@@ -53,6 +53,11 @@
 #  define ALWAYS_INLINE
 #endif // __clang__
 
+#define ATTRIBUTE_NO_SANITIZE_ADDRESS __attribute__((no_sanitize_address))
+
+#define ATTRIBUTE_NO_SANITIZE_ALL ATTRIBUTE_NO_SANITIZE_ADDRESS ATTRIBUTE_NO_SANITIZE_MEMORY
+
+
 #if LIBFUZZER_WINDOWS
 #define ATTRIBUTE_INTERFACE __declspec(dllexport)
 #else

diff --git a/lib/Fuzzer/FuzzerIO.h b/lib/Fuzzer/FuzzerIO.h
index 1f79f3632baf2d1700fd2fa4a0b4dd6d139a6e3c..28c6ba095864f2e155f812343d6472716b161c49 100644 (file)
--- a/lib/Fuzzer/FuzzerIO.h
+++ b/lib/Fuzzer/FuzzerIO.h
@@ -48,6 +48,9 @@ void CloseStdout();
 
 void Printf(const char *Fmt, ...);
 
+// Print using raw syscalls, useful when printing at early init stages.
+void RawPrint(const char *Str);
+
 // Platform specific functions:
 bool IsFile(const std::string &Path);
 

diff --git a/lib/Fuzzer/FuzzerIOPosix.cpp b/lib/Fuzzer/FuzzerIOPosix.cpp
index 2dc2c61b9990acce128371a9973ce516d4736b01..40209a034e37dd77e38ba200129e25401330507d 100644 (file)
--- a/lib/Fuzzer/FuzzerIOPosix.cpp
+++ b/lib/Fuzzer/FuzzerIOPosix.cpp
@@ -109,6 +109,11 @@ bool IsInterestingCoverageFile(const std::string &FileName) {
   return true;
 }
 
+
+void RawPrint(const char *Str) {
+  write(2, Str, strlen(Str));
+}
+
 }  // namespace fuzzer
 
 #endif // LIBFUZZER_POSIX

diff --git a/lib/Fuzzer/FuzzerIOWindows.cpp b/lib/Fuzzer/FuzzerIOWindows.cpp
index 1d82f416272da1d6104a7e35610d2384d2586084..84941bae28f0229a317843aadba73e0905d09a4a 100644 (file)
--- a/lib/Fuzzer/FuzzerIOWindows.cpp
+++ b/lib/Fuzzer/FuzzerIOWindows.cpp
@@ -299,6 +299,11 @@ bool IsInterestingCoverageFile(const std::string &FileName) {
   return true;
 }
 
+void RawPrint(const char *Str) {
+  // Not tested, may or may not work. Fix if needed.
+  Printf("%s", Str);
+}
+
 }  // namespace fuzzer
 
 #endif // LIBFUZZER_WINDOWS

diff --git a/lib/Fuzzer/FuzzerTracePC.cpp b/lib/Fuzzer/FuzzerTracePC.cpp
index 80a59031e6fababa331b6a8ca9f6bc8898f14a45..8b3ea60e8e5835fa30f6de9f3d1e268109898af4 100644 (file)
--- a/lib/Fuzzer/FuzzerTracePC.cpp
+++ b/lib/Fuzzer/FuzzerTracePC.cpp
@@ -28,10 +28,10 @@ namespace fuzzer {
 
 TracePC TPC;
 
+ATTRIBUTE_NO_SANITIZE_ALL
 void TracePC::HandleTrace(uint32_t *Guard, uintptr_t PC) {
   uint32_t Idx = *Guard;
-  if (!Idx) return;
-  PCs[Idx % kNumPCs] = PC;
+  PCs[Idx] = PC;
   Counters[Idx % kNumCounters]++;
 }
 
@@ -46,8 +46,16 @@ size_t TracePC::GetTotalPCCoverage() {
 void TracePC::HandleInit(uint32_t *Start, uint32_t *Stop) {
   if (Start == Stop || *Start) return;
   assert(NumModules < sizeof(Modules) / sizeof(Modules[0]));
-  for (uint32_t *P = Start; P < Stop; P++)
-    *P = ++NumGuards;
+  for (uint32_t *P = Start; P < Stop; P++) {
+    NumGuards++;
+    if (NumGuards == kNumPCs) {
+      RawPrint(
+          "WARNING: The binary has too many instrumented PCs.\n"
+          "         You may want to reduce the size of the binary\n"
+          "         for more efficient fuzzing and precise coverage data\n");
+    }
+    *P = NumGuards % kNumPCs;
+  }
   Modules[NumModules].Start = Start;
   Modules[NumModules].Stop = Stop;
   NumModules++;
@@ -258,6 +266,7 @@ void TracePC::HandleCmp(uintptr_t PC, T Arg1, T Arg2) {
 
 extern "C" {
 ATTRIBUTE_INTERFACE
+ATTRIBUTE_NO_SANITIZE_ALL
 void __sanitizer_cov_trace_pc_guard(uint32_t *Guard) {
   uintptr_t PC = reinterpret_cast<uintptr_t>(__builtin_return_address(0));
   fuzzer::TPC.HandleTrace(Guard, PC);