RPCS3/llvm
1
0
Fork 0
mirror of https://github.com/RPCS3/llvm.git synced 2025-04-04 22:31:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

[libFuzzer] best effort support for -fsanitize-coverage=trace-pc instrumentation. It is less efficient and precise than -fsanitize-coverage=trace-pc-guard, but still works

Browse Source 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@299046 91177308-0d34-0410-b5e6-96231b3b80d8
This commit is contained in:
Kostya Serebryany 2017-03-30 01:27:20 +00:00
parent fef24043fa
commit 2d9dd043ff
5 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/Fuzzer/FuzzerTracePC.cpp
View File

@ -287,6 +287,17 @@ void __sanitizer_cov_trace_pc_guard(uint32_t *Guard) {
__sancov_trace_pc_guard_8bit_counters[Idx]++; __sancov_trace_pc_guard_8bit_counters[Idx]++;
} }
// Best-effort support for -fsanitize-coverage=trace-pc, which is available
// in both Clang and GCC.
ATTRIBUTE_INTERFACE
ATTRIBUTE_NO_SANITIZE_ALL
void __sanitizer_cov_trace_pc() {
uintptr_t PC = reinterpret_cast<uintptr_t>(__builtin_return_address(0));
uintptr_t Idx = PC & (((uintptr_t)1 << fuzzer::TracePC::kTracePcBits) - 1);
__sancov_trace_pc_pcs[Idx] = PC;
__sancov_trace_pc_guard_8bit_counters[Idx]++;
}
ATTRIBUTE_INTERFACE ATTRIBUTE_INTERFACE
void __sanitizer_cov_trace_pc_guard_init(uint32_t *Start, uint32_t *Stop) { void __sanitizer_cov_trace_pc_guard_init(uint32_t *Start, uint32_t *Stop) {
fuzzer::TPC.HandleInit(Start, Stop); fuzzer::TPC.HandleInit(Start, Stop);

6
lib/Fuzzer/FuzzerTracePC.h
View File

@ -48,6 +48,8 @@ struct TableOfRecentCompares {
class TracePC { class TracePC {
public: public:
static const size_t kNumPCs = 1 << 21; static const size_t kNumPCs = 1 << 21;
// How many bits of PC are used from __sanitizer_cov_trace_pc.
static const size_t kTracePcBits = 18;
void HandleInit(uint32_t *start, uint32_t *stop); void HandleInit(uint32_t *start, uint32_t *stop);
void HandleCallerCallee(uintptr_t Caller, uintptr_t Callee); void HandleCallerCallee(uintptr_t Caller, uintptr_t Callee);
@ -81,7 +83,9 @@ class TracePC {
void PrintNewPCs(); void PrintNewPCs();
void InitializePrintNewPCs(); void InitializePrintNewPCs();
size_t GetNumPCs() const { return Min(kNumPCs, NumGuards + 1); } size_t GetNumPCs() const {
return NumGuards == 0 ? (1 << kTracePcBits) : Min(kNumPCs, NumGuards + 1);
}
uintptr_t GetPC(size_t Idx) { uintptr_t GetPC(size_t Idx) {
assert(Idx < GetNumPCs()); assert(Idx < GetNumPCs());
return PCs()[Idx]; return PCs()[Idx];

1
lib/Fuzzer/test/CMakeLists.txt
View File

@ -202,6 +202,7 @@ include_directories(..)
# add_subdirectory(uninstrumented) # add_subdirectory(uninstrumented)
add_subdirectory(no-coverage) add_subdirectory(no-coverage)
add_subdirectory(trace-pc)
add_subdirectory(ubsan) add_subdirectory(ubsan)
add_library(LLVMFuzzer-DSO1 SHARED DSO1.cpp) add_library(LLVMFuzzer-DSO1 SHARED DSO1.cpp)

2
lib/Fuzzer/test/trace-pc.test Normal file
View File

@ -0,0 +1,2 @@
CHECK: BINGO
RUN: LLVMFuzzer-SimpleTest-TracePC -runs=100000 -seed=1 2>&1 | FileCheck %s

13
lib/Fuzzer/test/trace-pc/CMakeLists.txt Normal file
View File

@ -0,0 +1,13 @@
# These tests are not instrumented with coverage and don't
# have coverage rt in the binary.
set(CMAKE_CXX_FLAGS
"${LIBFUZZER_FLAGS_BASE} -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard -fsanitize-coverage=trace-pc")
set(TracePCTests
SimpleTest
)
foreach(Test ${TracePCTests})
add_libfuzzer_test(${Test}-TracePC SOURCES ../${Test}.cpp)
endforeach()