From 33867510194704cffc9f783dac4db52022c7c764 Mon Sep 17 00:00:00 2001
From: Kostya Serebryany <kcc@google.com>
Date: Tue, 11 Oct 2016 01:14:41 +0000
Subject: [PATCH] [libFuzzer] implement value profile for switch, increase the
 size of the PCs array, make sure we don't overflow it

llvm-svn: 283841
---
 lib/Fuzzer/FuzzerTracePC.cpp            | 11 ++++++++---
 lib/Fuzzer/FuzzerTracePC.h              |  2 +-
 lib/Fuzzer/test/trace-pc/CMakeLists.txt |  2 ++
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/lib/Fuzzer/FuzzerTracePC.cpp b/lib/Fuzzer/FuzzerTracePC.cpp
index aa5bd9b6087..3b3e1f294e4 100644
--- a/lib/Fuzzer/FuzzerTracePC.cpp
+++ b/lib/Fuzzer/FuzzerTracePC.cpp
@@ -27,10 +27,10 @@ void TracePC::HandleTrace(uint32_t *Guard, uintptr_t PC) {
   uint8_t *CounterPtr = &Counters[Idx % kNumCounters];
   uint8_t Counter = *CounterPtr;
   if (Counter == 0) {
-    if (!PCs[Idx]) {
+    if (!PCs[Idx % kNumPCs]) {
       AddNewPCID(Idx);
       TotalPCCoverage++;
-      PCs[Idx] = PC;
+      PCs[Idx % kNumPCs] = PC;
     }
   }
   if (UseCounters) {
@@ -227,7 +227,12 @@ void __sanitizer_cov_trace_cmp1(uint8_t Arg1, int8_t Arg2) {
 
 __attribute__((visibility("default")))
 void __sanitizer_cov_trace_switch(uint64_t Val, uint64_t *Cases) {
-  // TODO(kcc): support value profile here.
+  uint64_t N = Cases[0];
+  uint64_t *Vals = Cases + 2;
+  char *PC = (char*)__builtin_return_address(0);
+  for (size_t i = 0; i < N; i++)
+    if (Val != Vals[i])
+      fuzzer::AddValueForCmp(PC + i, Val, Vals[i]);
 }
 
 __attribute__((visibility("default")))
diff --git a/lib/Fuzzer/FuzzerTracePC.h b/lib/Fuzzer/FuzzerTracePC.h
index 49f7faa6a1a..9a10b44fa70 100644
--- a/lib/Fuzzer/FuzzerTracePC.h
+++ b/lib/Fuzzer/FuzzerTracePC.h
@@ -87,7 +87,7 @@ private:
   static const size_t kNumCounters = 1 << 14;
   alignas(8) uint8_t Counters[kNumCounters];
 
-  static const size_t kNumPCs = 1 << 20;
+  static const size_t kNumPCs = 1 << 24;
   uintptr_t PCs[kNumPCs];
 
   ValueBitMap ValueProfileMap;
diff --git a/lib/Fuzzer/test/trace-pc/CMakeLists.txt b/lib/Fuzzer/test/trace-pc/CMakeLists.txt
index a1eeb7263c0..d5caa188ed4 100644
--- a/lib/Fuzzer/test/trace-pc/CMakeLists.txt
+++ b/lib/Fuzzer/test/trace-pc/CMakeLists.txt
@@ -10,6 +10,8 @@ set(TracePCTests
   NullDerefTest
   ShrinkControlFlowTest
   ShrinkValueProfileTest
+  SwitchTest
+  Switch2Test
   FullCoverageSetTest
   )