From: Kostya Serebryany Date: Fri, 27 Jan 2017 00:09:59 +0000 (+0000) Subject: [libFuzzer] simplify the value profile code and disable asan/msan on it X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=bcc64b878f47a3b289af163645c1580692b3bafd;p=llvm [libFuzzer] simplify the value profile code and disable asan/msan on it git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@293236 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/Fuzzer/FuzzerTracePC.cpp b/lib/Fuzzer/FuzzerTracePC.cpp index 755f00a8f97..020b9b9f595 100644 --- a/lib/Fuzzer/FuzzerTracePC.cpp +++ b/lib/Fuzzer/FuzzerTracePC.cpp @@ -68,11 +68,12 @@ void TracePC::PrintModuleInfo() { Printf("\n"); } +ATTRIBUTE_NO_SANITIZE_ALL void TracePC::HandleCallerCallee(uintptr_t Caller, uintptr_t Callee) { const uintptr_t kBits = 12; const uintptr_t kMask = (1 << kBits) - 1; uintptr_t Idx = (Caller & kMask) | ((Callee & kMask) << kBits); - HandleValueProfile(Idx); + ValueProfileMap.AddValue(Idx); } void TracePC::InitializePrintNewPCs() { @@ -221,7 +222,7 @@ void TracePC::DumpCoverage() { // For cmp instructions the interesting value is a XOR of the parameters. // The interesting value is mixed up with the PC and is then added to the map. -ATTRIBUTE_NO_SANITIZE_MEMORY +ATTRIBUTE_NO_SANITIZE_ADDRESS void TracePC::AddValueForMemcmp(void *caller_pc, const void *s1, const void *s2, size_t n, bool StopAtZero) { if (!n) return; @@ -245,12 +246,13 @@ void TracePC::AddValueForMemcmp(void *caller_pc, const void *s1, const void *s2, break; size_t PC = reinterpret_cast(caller_pc); size_t Idx = (PC & 4095) | (I << 12); - TPC.HandleValueProfile(Idx); + ValueProfileMap.AddValue(Idx); TORCW.Insert(Idx ^ Hash, Word(B1, Len), Word(B2, Len)); } template ATTRIBUTE_TARGET_POPCNT ALWAYS_INLINE +ATTRIBUTE_NO_SANITIZE_ALL void TracePC::HandleCmp(uintptr_t PC, T Arg1, T Arg2) { uint64_t ArgXor = Arg1 ^ Arg2; uint64_t ArgDistance = __builtin_popcountl(ArgXor) + 1; // [1,65] @@ -259,7 +261,7 @@ void TracePC::HandleCmp(uintptr_t PC, T Arg1, T Arg2) { TORC4.Insert(ArgXor, Arg1, Arg2); else if (sizeof(T) == 8) TORC8.Insert(ArgXor, Arg1, Arg2); - HandleValueProfile(Idx); + ValueProfileMap.AddValue(Idx); } } // namespace fuzzer @@ -278,36 +280,42 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *Start, uint32_t *Stop) { } ATTRIBUTE_INTERFACE +ATTRIBUTE_NO_SANITIZE_ALL void __sanitizer_cov_trace_pc_indir(uintptr_t Callee) { uintptr_t PC = reinterpret_cast(__builtin_return_address(0)); fuzzer::TPC.HandleCallerCallee(PC, Callee); } ATTRIBUTE_INTERFACE +ATTRIBUTE_NO_SANITIZE_ALL void __sanitizer_cov_trace_cmp8(uint64_t Arg1, uint64_t Arg2) { uintptr_t PC = reinterpret_cast(__builtin_return_address(0)); fuzzer::TPC.HandleCmp(PC, Arg1, Arg2); } ATTRIBUTE_INTERFACE +ATTRIBUTE_NO_SANITIZE_ALL void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint32_t Arg2) { uintptr_t PC = reinterpret_cast(__builtin_return_address(0)); fuzzer::TPC.HandleCmp(PC, Arg1, Arg2); } ATTRIBUTE_INTERFACE +ATTRIBUTE_NO_SANITIZE_ALL void __sanitizer_cov_trace_cmp2(uint16_t Arg1, uint16_t Arg2) { uintptr_t PC = reinterpret_cast(__builtin_return_address(0)); fuzzer::TPC.HandleCmp(PC, Arg1, Arg2); } ATTRIBUTE_INTERFACE +ATTRIBUTE_NO_SANITIZE_ALL void __sanitizer_cov_trace_cmp1(uint8_t Arg1, uint8_t Arg2) { uintptr_t PC = reinterpret_cast(__builtin_return_address(0)); fuzzer::TPC.HandleCmp(PC, Arg1, Arg2); } ATTRIBUTE_INTERFACE +ATTRIBUTE_NO_SANITIZE_ALL void __sanitizer_cov_trace_switch(uint64_t Val, uint64_t *Cases) { uint64_t N = Cases[0]; uint64_t ValSizeInBits = Cases[1]; @@ -333,18 +341,21 @@ void __sanitizer_cov_trace_switch(uint64_t Val, uint64_t *Cases) { } ATTRIBUTE_INTERFACE +ATTRIBUTE_NO_SANITIZE_ALL void __sanitizer_cov_trace_div4(uint32_t Val) { uintptr_t PC = reinterpret_cast(__builtin_return_address(0)); fuzzer::TPC.HandleCmp(PC, Val, (uint32_t)0); } ATTRIBUTE_INTERFACE +ATTRIBUTE_NO_SANITIZE_ALL void __sanitizer_cov_trace_div8(uint64_t Val) { uintptr_t PC = reinterpret_cast(__builtin_return_address(0)); fuzzer::TPC.HandleCmp(PC, Val, (uint64_t)0); } ATTRIBUTE_INTERFACE +ATTRIBUTE_NO_SANITIZE_ALL void __sanitizer_cov_trace_gep(uintptr_t Idx) { uintptr_t PC = reinterpret_cast(__builtin_return_address(0)); fuzzer::TPC.HandleCmp(PC, Idx, (uintptr_t)0); diff --git a/lib/Fuzzer/FuzzerTracePC.h b/lib/Fuzzer/FuzzerTracePC.h index 70f6b44e4f2..b94aa63df62 100644 --- a/lib/Fuzzer/FuzzerTracePC.h +++ b/lib/Fuzzer/FuzzerTracePC.h @@ -33,6 +33,7 @@ struct TableOfRecentCompares { struct Pair { T A, B; }; + ATTRIBUTE_NO_SANITIZE_ALL void Insert(size_t Idx, T Arg1, T Arg2) { Idx = Idx % kSize; Table[Idx].A = Arg1; @@ -51,7 +52,6 @@ class TracePC { void HandleTrace(uint32_t *guard, uintptr_t PC); void HandleInit(uint32_t *start, uint32_t *stop); void HandleCallerCallee(uintptr_t Caller, uintptr_t Callee); - void HandleValueProfile(size_t Value) { ValueProfileMap.AddValue(Value); } template void HandleCmp(uintptr_t PC, T Arg1, T Arg2); size_t GetTotalPCCoverage(); void SetUseCounters(bool UC) { UseCounters = UC; } diff --git a/lib/Fuzzer/FuzzerValueBitMap.h b/lib/Fuzzer/FuzzerValueBitMap.h index 0692acd13ee..22e06641fa1 100644 --- a/lib/Fuzzer/FuzzerValueBitMap.h +++ b/lib/Fuzzer/FuzzerValueBitMap.h @@ -19,7 +19,7 @@ namespace fuzzer { // A bit map containing kMapSizeInWords bits. struct ValueBitMap { static const size_t kMapSizeInBits = 65371; // Prime. - static const size_t kMapSizeInBitsAligned = 65536; // 2^16 + static const size_t kMapSizeInBitsAligned = 1 << 16; // 2^16 static const size_t kBitsInWord = (sizeof(uintptr_t) * 8); static const size_t kMapSizeInWords = kMapSizeInBitsAligned / kBitsInWord; public: @@ -29,6 +29,7 @@ struct ValueBitMap { // Computes a hash function of Value and sets the corresponding bit. // Returns true if the bit was changed from 0 to 1. + ATTRIBUTE_NO_SANITIZE_ALL inline bool AddValue(uintptr_t Value) { uintptr_t Idx = Value < kMapSizeInBits ? Value : Value % kMapSizeInBits; uintptr_t WordIdx = Idx / kBitsInWord; @@ -69,6 +70,7 @@ struct ValueBitMap { } template + ATTRIBUTE_NO_SANITIZE_ALL void ForEach(Callback CB) { for (size_t i = 0; i < kMapSizeInWords; i++) if (uintptr_t M = Map[i])