[fuzzer] Script to detect unbalanced allocation in -trace_malloc output

Reviewers: kcc

Subscribers: llvm-commits

Differential Revision: https://reviews.llvm.org/D39466

llvm-svn: 317036

compiler-rt/lib/fuzzer/scripts/unbalanced_allocs.py

@@ -0,0 +1,93 @@
+#!/usr/bin/env python
+#===- lib/fuzzer/scripts/unbalanced_allocs.py ------------------------------===#
+#
+#                     The LLVM Compiler Infrastructure
+#
+# This file is distributed under the University of Illinois Open Source
+# License. See LICENSE.TXT for details.
+#
+#===------------------------------------------------------------------------===#
+#
+# Post-process -trace_malloc=2 output and printout only allocations and frees
+# unbalanced inside of fuzzer runs.
+# Usage:
+#   my_fuzzer -trace_malloc=2 -runs=10 2>&1 | unbalanced_allocs.py -skip=5
+#
+#===------------------------------------------------------------------------===#
+
+import argparse
+import sys
+
+_skip = 0
+
+def PrintStack(line, stack):
+  global _skip
+  if _skip > 0:
+    return
+  print 'Unbalanced ' + line.rstrip();
+  for l in stack:
+    print l.rstrip()
+
+def ProcessStack(line, f):
+  stack = []
+  while line and line.startswith('    #'):
+    stack += [line]
+    line = f.readline()
+  return line, stack
+
+def ProcessFree(line, f, allocs):
+  if not line.startswith('FREE['):
+    return f.readline()
+
+  addr = int(line.split()[1], 16)
+  next_line, stack = ProcessStack(f.readline(), f)
+  if addr in allocs:
+    del allocs[addr]
+  else:
+    PrintStack(line, stack)
+  return next_line
+
+def ProcessMalloc(line, f, allocs):
+  if not line.startswith('MALLOC['):
+    return ProcessFree(line, f, allocs)
+
+  addr = int(line.split()[1], 16)
+  assert not addr in allocs
+
+  next_line, stack = ProcessStack(f.readline(), f)
+  allocs[addr] = (line, stack)
+  return next_line
+
+def ProcessRun(line, f):
+  if not line.startswith('MallocFreeTracer: START'):
+    return ProcessMalloc(line, f, {})
+
+  allocs = {}
+  print line.rstrip()
+  line = f.readline()
+  while line:
+    if line.startswith('MallocFreeTracer: STOP'):
+      global _skip
+      _skip = _skip - 1
+      for _, (l, s) in allocs.iteritems():
+        PrintStack(l, s)
+      print line.rstrip()
+      return f.readline()
+    line = ProcessMalloc(line, f, allocs)
+  return line
+
+def ProcessFile(f):
+  line = f.readline()
+  while line:
+    line = ProcessRun(line, f);
+
+def main(argv):
+  parser = argparse.ArgumentParser()
+  parser.add_argument('--skip', default=0, help='number of runs to ignore')
+  args = parser.parse_args()
+  global _skip
+  _skip = int(args.skip) + 1
+  ProcessFile(sys.stdin)
+
+if __name__ == '__main__':
+  main(sys.argv)

compiler-rt/test/fuzzer/trace-malloc-unbalanced.test

@@ -0,0 +1,27 @@
+// FIXME: This test infinite loops on darwin because it crashes
+// printing a stack trace repeatedly
+UNSUPPORTED: darwin
+
+// Verifies lib/fuzzer/scripts/unbalanced_allocs.py script
+
+RUN: %cpp_compiler %S/TraceMallocTest.cpp -o %t-TraceMallocTest
+
+RUN: %t-TraceMallocTest -seed=1 -trace_malloc=1 -runs=100 2>&1 | \
+RUN:    %libfuzzer_src/scripts/unbalanced_allocs.py --skip=5 | FileCheck %s
+
+RUN: %t-TraceMallocTest -seed=1 -trace_malloc=2 -runs=100 2>&1 | \
+RUN:    %libfuzzer_src/scripts/unbalanced_allocs.py --skip=5 | FileCheck %s --check-prefixes=CHECK,CHECK2
+
+CHECK: MallocFreeTracer: START
+CHECK: Unbalanced MALLOC[{{[0-9]+}}] [[PTR:0x[0-9a-f]+]] 4
+CHECK2-NEXT: {{ #0 0x[0-9a-f]+ in }}
+CHECK2-NEXT: {{ #1 0x[0-9a-f]+ in }}
+CHECK2-NEXT: {{ #2 0x[0-9a-f]+ in }}
+CHECK: MallocFreeTracer: STOP
+
+CHECK: MallocFreeTracer: START
+CHECK: Unbalanced FREE[{{[0-9]+}}] [[PTR]]
+CHECK2-NEXT: {{ #0 0x[0-9a-f]+ in }}
+CHECK2-NEXT: {{ #1 0x[0-9a-f]+ in }}
+CHECK2-NEXT: {{ #2 0x[0-9a-f]+ in }}
+CHECK: MallocFreeTracer: STOP