diff options
| author | Kostya Serebryany <kcc@google.com> | 2017-08-04 23:49:53 +0000 |
|---|---|---|
| committer | Kostya Serebryany <kcc@google.com> | 2017-08-04 23:49:53 +0000 |
| commit | dea6df776523228bd7fd5178a5f44fb6d4cd7415 (patch) | |
| tree | 3fc005c52c88a9a2eaa39be5a80f95fb49851093 | |
| parent | 39007cc8d00c087eb1901a1bf7877d3eacb0c109 (diff) | |
[libFuzzer] use the in-binary pc table (instead of PCs captured at run-time) to implement -exit_on_src_pos
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@310151 91177308-0d34-0410-b5e6-96231b3b80d8
| -rw-r--r-- | lib/Fuzzer/FuzzerLoop.cpp | 11 | ||||
| -rw-r--r-- | lib/Fuzzer/FuzzerTracePC.h | 7 | ||||
| -rw-r--r-- | lib/Fuzzer/test/ShrinkControlFlowTest.cpp | 7 | ||||
| -rw-r--r-- | lib/Fuzzer/test/exit_on_src_pos.test | 8 | ||||
| -rw-r--r-- | lib/Fuzzer/test/fuzzer.test | 5 |
5 files changed, 25 insertions, 13 deletions
diff --git a/lib/Fuzzer/FuzzerLoop.cpp b/lib/Fuzzer/FuzzerLoop.cpp index 41fd213a653..2064783f340 100644 --- a/lib/Fuzzer/FuzzerLoop.cpp +++ b/lib/Fuzzer/FuzzerLoop.cpp @@ -328,17 +328,16 @@ void Fuzzer::SetMaxMutationLen(size_t MaxMutationLen) { void Fuzzer::CheckExitOnSrcPosOrItem() { if (!Options.ExitOnSrcPos.empty()) { static auto *PCsSet = new std::set<uintptr_t>; - for (size_t i = 1, N = TPC.GetNumPCs(); i < N; i++) { - uintptr_t PC = TPC.GetPC(i); - if (!PC) continue; - if (!PCsSet->insert(PC).second) continue; - std::string Descr = DescribePC("%L", PC); + auto HandlePC = [&](uintptr_t PC) { + if (!PCsSet->insert(PC).second) return; + std::string Descr = DescribePC("%F %L", PC + 1); if (Descr.find(Options.ExitOnSrcPos) != std::string::npos) { Printf("INFO: found line matching '%s', exiting.\n", Options.ExitOnSrcPos.c_str()); _Exit(0); } - } + }; + TPC.ForEachObservedPC(HandlePC); } if (!Options.ExitOnItem.empty()) { if (Corpus.HasUnit(Options.ExitOnItem)) { diff --git a/lib/Fuzzer/FuzzerTracePC.h b/lib/Fuzzer/FuzzerTracePC.h index ad832d7b2d4..d5d2985d62c 100644 --- a/lib/Fuzzer/FuzzerTracePC.h +++ b/lib/Fuzzer/FuzzerTracePC.h @@ -133,6 +133,13 @@ class TracePC { } uintptr_t GetMaxStackOffset() const { return InitialStack - LowestStack; } + template<class CallBack> + void ForEachObservedPC(CallBack CB) { + if (ObservedPCs) + for (auto PC : *ObservedPCs) + CB(PC); + } + private: bool UseCounters = false; bool UseValueProfile = false; diff --git a/lib/Fuzzer/test/ShrinkControlFlowTest.cpp b/lib/Fuzzer/test/ShrinkControlFlowTest.cpp index d0954296362..1957c1f90fc 100644 --- a/lib/Fuzzer/test/ShrinkControlFlowTest.cpp +++ b/lib/Fuzzer/test/ShrinkControlFlowTest.cpp @@ -10,6 +10,10 @@ static volatile int Sink; +void Foo() { + Sink++; +} + extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { int8_t Ids[256]; memset(Ids, -1, sizeof(Ids)); @@ -20,8 +24,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { int U = Ids[(unsigned char)'U']; int Z = Ids[(unsigned char)'Z']; if (F >= 0 && U > F && Z > U) { - Sink++; - //fprintf(stderr, "IDS: %d %d %d\n", F, U, Z); + Foo(); } return 0; } diff --git a/lib/Fuzzer/test/exit_on_src_pos.test b/lib/Fuzzer/test/exit_on_src_pos.test new file mode 100644 index 00000000000..6a42c7ae953 --- /dev/null +++ b/lib/Fuzzer/test/exit_on_src_pos.test @@ -0,0 +1,8 @@ +# Temporary use -mllvm -use-unknown-locations=Disable so that +# all instructions have debug info (file line numbers) attached. +RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest -mllvm -use-unknown-locations=Disable +RUN: %cpp_compiler %S/ShrinkControlFlowTest.cpp -o %t-ShrinkControlFlowTest + +RUN: %t-SimpleTest -exit_on_src_pos=SimpleTest.cpp:18 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS +RUN: %t-ShrinkControlFlowTest -exit_on_src_pos=Foo 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS +EXIT_ON_SRC_POS: INFO: found line matching '{{.*}}', exiting. diff --git a/lib/Fuzzer/test/fuzzer.test b/lib/Fuzzer/test/fuzzer.test index 82daad10f07..e506fcbee56 100644 --- a/lib/Fuzzer/test/fuzzer.test +++ b/lib/Fuzzer/test/fuzzer.test @@ -11,7 +11,6 @@ RUN: %cpp_compiler %S/InitializeTest.cpp -o %t-InitializeTest RUN: %cpp_compiler %S/NotinstrumentedTest.cpp -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard -o %t-NotinstrumentedTest-NoCoverage RUN: %cpp_compiler %S/NullDerefOnEmptyTest.cpp -o %t-NullDerefOnEmptyTest RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest -RUN: %cpp_compiler %S/ShrinkControlFlowTest.cpp -o %t-ShrinkControlFlowTest RUN: %cpp_compiler %S/SimpleCmpTest.cpp -o %t-SimpleCmpTest RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest RUN: %cpp_compiler %S/StrncmpOOBTest.cpp -o %t-StrncmpOOBTest @@ -62,10 +61,6 @@ RUN: not %t-DSOTest 2>&1 | FileCheck %s --check-prefix=DSO DSO: INFO: Loaded 3 modules DSO: BINGO -RUN: %t-SimpleTest -exit_on_src_pos=SimpleTest.cpp:18 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS -RUN: %t-ShrinkControlFlowTest -exit_on_src_pos=ShrinkControlFlowTest.cpp:23 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS -EXIT_ON_SRC_POS: INFO: found line matching '{{.*}}', exiting. - RUN: env ASAN_OPTIONS=strict_string_checks=1 not %t-StrncmpOOBTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=STRNCMP STRNCMP: AddressSanitizer: heap-buffer-overflow STRNCMP-NOT: __sanitizer_weak_hook_strncmp |