From: Kostya Serebryany Date: Thu, 26 Jan 2017 01:04:54 +0000 (+0000) Subject: [libFuzzer] simplify the code for __sanitizer_cov_trace_pc_guard and make sure it... X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=df040aa50b37f4296b6f5ec8ad819d08d45b4c99;p=llvm [libFuzzer] simplify the code for __sanitizer_cov_trace_pc_guard and make sure it is not asan/msan-instrumented git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@293125 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/Fuzzer/FuzzerDefs.h b/lib/Fuzzer/FuzzerDefs.h index ea60747f24a..6c1f6a18333 100644 --- a/lib/Fuzzer/FuzzerDefs.h +++ b/lib/Fuzzer/FuzzerDefs.h @@ -53,6 +53,11 @@ # define ALWAYS_INLINE #endif // __clang__ +#define ATTRIBUTE_NO_SANITIZE_ADDRESS __attribute__((no_sanitize_address)) + +#define ATTRIBUTE_NO_SANITIZE_ALL ATTRIBUTE_NO_SANITIZE_ADDRESS ATTRIBUTE_NO_SANITIZE_MEMORY + + #if LIBFUZZER_WINDOWS #define ATTRIBUTE_INTERFACE __declspec(dllexport) #else diff --git a/lib/Fuzzer/FuzzerIO.h b/lib/Fuzzer/FuzzerIO.h index 1f79f3632ba..28c6ba09586 100644 --- a/lib/Fuzzer/FuzzerIO.h +++ b/lib/Fuzzer/FuzzerIO.h @@ -48,6 +48,9 @@ void CloseStdout(); void Printf(const char *Fmt, ...); +// Print using raw syscalls, useful when printing at early init stages. +void RawPrint(const char *Str); + // Platform specific functions: bool IsFile(const std::string &Path); diff --git a/lib/Fuzzer/FuzzerIOPosix.cpp b/lib/Fuzzer/FuzzerIOPosix.cpp index 2dc2c61b999..40209a034e3 100644 --- a/lib/Fuzzer/FuzzerIOPosix.cpp +++ b/lib/Fuzzer/FuzzerIOPosix.cpp @@ -109,6 +109,11 @@ bool IsInterestingCoverageFile(const std::string &FileName) { return true; } + +void RawPrint(const char *Str) { + write(2, Str, strlen(Str)); +} + } // namespace fuzzer #endif // LIBFUZZER_POSIX diff --git a/lib/Fuzzer/FuzzerIOWindows.cpp b/lib/Fuzzer/FuzzerIOWindows.cpp index 1d82f416272..84941bae28f 100644 --- a/lib/Fuzzer/FuzzerIOWindows.cpp +++ b/lib/Fuzzer/FuzzerIOWindows.cpp @@ -299,6 +299,11 @@ bool IsInterestingCoverageFile(const std::string &FileName) { return true; } +void RawPrint(const char *Str) { + // Not tested, may or may not work. Fix if needed. + Printf("%s", Str); +} + } // namespace fuzzer #endif // LIBFUZZER_WINDOWS diff --git a/lib/Fuzzer/FuzzerTracePC.cpp b/lib/Fuzzer/FuzzerTracePC.cpp index 80a59031e6f..8b3ea60e8e5 100644 --- a/lib/Fuzzer/FuzzerTracePC.cpp +++ b/lib/Fuzzer/FuzzerTracePC.cpp @@ -28,10 +28,10 @@ namespace fuzzer { TracePC TPC; +ATTRIBUTE_NO_SANITIZE_ALL void TracePC::HandleTrace(uint32_t *Guard, uintptr_t PC) { uint32_t Idx = *Guard; - if (!Idx) return; - PCs[Idx % kNumPCs] = PC; + PCs[Idx] = PC; Counters[Idx % kNumCounters]++; } @@ -46,8 +46,16 @@ size_t TracePC::GetTotalPCCoverage() { void TracePC::HandleInit(uint32_t *Start, uint32_t *Stop) { if (Start == Stop || *Start) return; assert(NumModules < sizeof(Modules) / sizeof(Modules[0])); - for (uint32_t *P = Start; P < Stop; P++) - *P = ++NumGuards; + for (uint32_t *P = Start; P < Stop; P++) { + NumGuards++; + if (NumGuards == kNumPCs) { + RawPrint( + "WARNING: The binary has too many instrumented PCs.\n" + " You may want to reduce the size of the binary\n" + " for more efficient fuzzing and precise coverage data\n"); + } + *P = NumGuards % kNumPCs; + } Modules[NumModules].Start = Start; Modules[NumModules].Stop = Stop; NumModules++; @@ -258,6 +266,7 @@ void TracePC::HandleCmp(uintptr_t PC, T Arg1, T Arg2) { extern "C" { ATTRIBUTE_INTERFACE +ATTRIBUTE_NO_SANITIZE_ALL void __sanitizer_cov_trace_pc_guard(uint32_t *Guard) { uintptr_t PC = reinterpret_cast(__builtin_return_address(0)); fuzzer::TPC.HandleTrace(Guard, PC);