[libFuzzer] implement value profile for switch, increase the size of the PCs array, make sure we don't overflow it

llvm-svn: 283841
2024-12-02 00:16:25 +00:00 · 2016-10-11 01:14:41 +00:00 · 2016-10-11 01:14:41 +00:00 · 3386751019
commit 3386751019
parent f4f85fd06a
3 changed files with 11 additions and 4 deletions
--- a/lib/Fuzzer/FuzzerTracePC.cpp
+++ b/lib/Fuzzer/FuzzerTracePC.cpp
@ -27,10 +27,10 @@ void TracePC::HandleTrace(uint32_t *Guard, uintptr_t PC) {
  uint8_t *CounterPtr = &Counters[Idx % kNumCounters];
  uint8_t Counter = *CounterPtr;
  if (Counter == 0) {
-    if (!PCs[Idx]) {
+    if (!PCs[Idx % kNumPCs]) {
      AddNewPCID(Idx);
      TotalPCCoverage++;
-      PCs[Idx] = PC;
+      PCs[Idx % kNumPCs] = PC;
    }
  }
  if (UseCounters) {
@ -227,7 +227,12 @@ void __sanitizer_cov_trace_cmp1(uint8_t Arg1, int8_t Arg2) {

 __attribute__((visibility("default")))
 void __sanitizer_cov_trace_switch(uint64_t Val, uint64_t *Cases) {
-  // TODO(kcc): support value profile here.
+  uint64_t N = Cases[0];
+  uint64_t *Vals = Cases + 2;
+  char *PC = (char*)__builtin_return_address(0);
+  for (size_t i = 0; i < N; i++)
+    if (Val != Vals[i])
+      fuzzer::AddValueForCmp(PC + i, Val, Vals[i]);
 }

 __attribute__((visibility("default")))
--- a/lib/Fuzzer/FuzzerTracePC.h
+++ b/lib/Fuzzer/FuzzerTracePC.h
@ -87,7 +87,7 @@ private:
  static const size_t kNumCounters = 1 << 14;
  alignas(8) uint8_t Counters[kNumCounters];

-  static const size_t kNumPCs = 1 << 20;
+  static const size_t kNumPCs = 1 << 24;
  uintptr_t PCs[kNumPCs];

  ValueBitMap ValueProfileMap;
--- a/lib/Fuzzer/test/trace-pc/CMakeLists.txt
+++ b/lib/Fuzzer/test/trace-pc/CMakeLists.txt
@ -10,6 +10,8 @@ set(TracePCTests
  NullDerefTest
  ShrinkControlFlowTest
  ShrinkValueProfileTest
+  SwitchTest
+  Switch2Test
  FullCoverageSetTest
  )