From 1956004b069fcc8a49f0ee364d9ed924ce096ac9 Mon Sep 17 00:00:00 2001 From: Alexander Potapenko Date: Thu, 10 Aug 2017 15:00:13 +0000 Subject: [PATCH] [sanitizer-coverage] Change cmp instrumentation to distinguish const operands This implementation of SanitizerCoverage instrumentation inserts different callbacks depending on constantness of operands: 1. If both operands are non-const, then a usual __sanitizer_cov_trace_cmp[1248] call is inserted. 2. If exactly one operand is const, then a __sanitizer_cov_trace_const_cmp[1248] call is inserted. The first argument of the call is always the constant one. 3. If both operands are const, then no callback is inserted. This separation comes useful in fuzzing when tasks like "find one operand of the comparison in input arguments and replace it with the other one" have to be done. The new instrumentation allows us to not waste time on searching the constant operands in the input. Patch by Victor Chibotaru. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@310600 91177308-0d34-0410-b5e6-96231b3b80d8 --- docs/SanitizerCoverage.rst | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docs/SanitizerCoverage.rst b/docs/SanitizerCoverage.rst index 06bafd6b3a..648fcb3451 100644 --- a/docs/SanitizerCoverage.rst +++ b/docs/SanitizerCoverage.rst @@ -211,6 +211,14 @@ the `LLVM GEP instructions `_ void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint32_t Arg2); void __sanitizer_cov_trace_cmp8(uint64_t Arg1, uint64_t Arg2); + // Called before a comparison instruction if exactly one of the arguments is constant. + // Arg1 and Arg2 are arguments of the comparison, Arg1 is a compile-time constant. + // These callbacks are emitted by -fsanitize-coverage=trace-cmp since 2017-08-11 + void __sanitizer_cov_trace_const_cmp1(uint8_t Arg1, uint8_t Arg2); + void __sanitizer_cov_trace_const_cmp2(uint16_t Arg1, uint16_t Arg2); + void __sanitizer_cov_trace_const_cmp4(uint32_t Arg1, uint32_t Arg2); + void __sanitizer_cov_trace_const_cmp8(uint64_t Arg1, uint64_t Arg2); + // Called before a switch statement. // Val is the switch operand. // Cases[0] is the number of case constants. @@ -227,7 +235,6 @@ the `LLVM GEP instructions `_ // for every non-constant array index. void __sanitizer_cov_trace_gep(uintptr_t Idx); - This interface is a subject to change. Default implementation -- 2.40.0