From 49204878d7002f846313f40e6a7dd046ddb7341b Mon Sep 17 00:00:00 2001 From: Kostya Serebryany Date: Thu, 7 May 2015 00:11:33 +0000 Subject: [PATCH] [lib/Fuzzer] add dfsan_weak_hook_memcmp, enable the test that uses it, simplify the test runner git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236683 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/Fuzzer/FuzzerDFSan.cpp | 15 +++++++++++++ lib/Fuzzer/test/CxxTokensTest.cpp | 2 +- lib/Fuzzer/test/SimpleTest.cpp | 2 +- lib/Fuzzer/test/dfsan/DFSanMemcmpTest.cpp | 8 +++++-- lib/Fuzzer/test/dfsan/DFSanSimpleCmpTest.cpp | 2 +- lib/Fuzzer/test/fuzzer.test | 23 ++++++++++---------- 6 files changed, 35 insertions(+), 17 deletions(-) diff --git a/lib/Fuzzer/FuzzerDFSan.cpp b/lib/Fuzzer/FuzzerDFSan.cpp index cd6ec3fb3c4..e3fda1615b8 100644 --- a/lib/Fuzzer/FuzzerDFSan.cpp +++ b/lib/Fuzzer/FuzzerDFSan.cpp @@ -81,6 +81,8 @@ __attribute__((weak)) void dfsan_add_label(dfsan_label label, void *addr, size_t size); __attribute__((weak)) const struct dfsan_label_info *dfsan_get_label_info(dfsan_label label); +__attribute__((weak)) +dfsan_label dfsan_read_label(const void *addr, size_t size); } // extern "C" namespace { @@ -272,4 +274,17 @@ void __dfsw___sanitizer_cov_trace_cmp(uint64_t SizeAndType, uint64_t Arg1, uint64_t Type = (SizeAndType << 32) >> 32; DFSan->DFSanCmpCallback(PC, CmpSize, Type, Arg1, Arg2, L1, L2); } + +void dfsan_weak_hook_memcmp(void *caller_pc, const void *s1, const void *s2, + size_t n, dfsan_label s1_label, + dfsan_label s2_label, dfsan_label n_label) { + uintptr_t PC = reinterpret_cast(caller_pc); + uint64_t S1, S2; + // Simplification: handle only first 8 bytes. + memcpy(&S1, s1, std::min(n, sizeof(S1))); + memcpy(&S2, s2, std::min(n, sizeof(S2))); + dfsan_label L1 = dfsan_read_label(s1, n); + dfsan_label L2 = dfsan_read_label(s2, n); + DFSan->DFSanCmpCallback(PC, n, ICMP_EQ, S1, S2, L1, L2); +} } // extern "C" diff --git a/lib/Fuzzer/test/CxxTokensTest.cpp b/lib/Fuzzer/test/CxxTokensTest.cpp index 682ceb4f978..77d08b3d105 100644 --- a/lib/Fuzzer/test/CxxTokensTest.cpp +++ b/lib/Fuzzer/test/CxxTokensTest.cpp @@ -6,7 +6,7 @@ #include static void Found() { - std::cout << "Found the target, exiting\n"; + std::cout << "BINGO; Found the target, exiting\n"; exit(1); } diff --git a/lib/Fuzzer/test/SimpleTest.cpp b/lib/Fuzzer/test/SimpleTest.cpp index 4e3501882d0..a891635a7f1 100644 --- a/lib/Fuzzer/test/SimpleTest.cpp +++ b/lib/Fuzzer/test/SimpleTest.cpp @@ -12,7 +12,7 @@ extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { if (Size > 1 && Data[1] == 'i') { Sink = 2; if (Size > 2 && Data[2] == '!') { - std::cout << "Found the target, exiting\n"; + std::cout << "BINGO; Found the target, exiting\n"; exit(0); } } diff --git a/lib/Fuzzer/test/dfsan/DFSanMemcmpTest.cpp b/lib/Fuzzer/test/dfsan/DFSanMemcmpTest.cpp index 8f909fcdba2..510a2439800 100644 --- a/lib/Fuzzer/test/dfsan/DFSanMemcmpTest.cpp +++ b/lib/Fuzzer/test/dfsan/DFSanMemcmpTest.cpp @@ -1,8 +1,12 @@ // Simple test for a fuzzer. The fuzzer must find a particular string. #include #include +#include +#include extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size >= 10 && memcmp(Data, "0123456789", 10) == 0) - __builtin_trap(); + if (Size >= 8 && memcmp(Data, "01234567", 8) == 0) { + fprintf(stderr, "BINGO\n"); + exit(1); + } } diff --git a/lib/Fuzzer/test/dfsan/DFSanSimpleCmpTest.cpp b/lib/Fuzzer/test/dfsan/DFSanSimpleCmpTest.cpp index d94d1defa00..ee378146dae 100644 --- a/lib/Fuzzer/test/dfsan/DFSanSimpleCmpTest.cpp +++ b/lib/Fuzzer/test/dfsan/DFSanSimpleCmpTest.cpp @@ -23,7 +23,7 @@ extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { z >= -10005 && z != -10003 && a == 4242) { - fprintf(stderr, "Found the target: size %zd (%zd, %zd, %d, %d), exiting.\n", + fprintf(stderr, "BINGO; Found the target: size %zd (%zd, %zd, %d, %d), exiting.\n", Size, x, y, z, a); exit(1); } diff --git a/lib/Fuzzer/test/fuzzer.test b/lib/Fuzzer/test/fuzzer.test index 2a0e95fbea2..5249110b9a6 100644 --- a/lib/Fuzzer/test/fuzzer.test +++ b/lib/Fuzzer/test/fuzzer.test @@ -1,5 +1,6 @@ -RUN: ./LLVMFuzzer-SimpleTest 2>&1 | FileCheck %s --check-prefix=SimpleTest -SimpleTest: Found the target, exiting +CHECK: BINGO + +RUN: ./LLVMFuzzer-SimpleTest 2>&1 | FileCheck %s RUN: not ./LLVMFuzzer-InfiniteTest -timeout=2 2>&1 | FileCheck %s --check-prefix=InfiniteTest InfiniteTest: ALARM: working on the last Unit for @@ -12,17 +13,15 @@ TimeoutTest: CRASHED; file written to timeout RUN: not ./LLVMFuzzer-NullDerefTest 2>&1 | FileCheck %s --check-prefix=NullDerefTest NullDerefTest: CRASHED; file written to crash- -RUN: not ./LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s --check-prefix=FullCoverageSetTest -FullCoverageSetTest: BINGO +RUN: not ./LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s + +RUN: not ./LLVMFuzzer-FourIndependentBranchesTest -timeout=15 -seed=1 -use_coverage_pairs=1 2>&1 | FileCheck %s + +RUN: not ./LLVMFuzzer-CounterTest -use_counters=1 -max_len=6 -seed=1 -timeout=15 2>&1 | FileCheck %s -RUN: not ./LLVMFuzzer-FourIndependentBranchesTest -timeout=15 -seed=1 -use_coverage_pairs=1 2>&1 | FileCheck %s --check-prefix=FourIndependentBranchesTest -FourIndependentBranchesTest: BINGO +RUN: not ./LLVMFuzzer-DFSanSimpleCmpTest -seed=1 -timeout=15 2>&1 | FileCheck %s -RUN: not ./LLVMFuzzer-CounterTest -use_counters=1 -max_len=6 -seed=1 -timeout=15 2>&1 | FileCheck %s --check-prefix=CounterTest -CounterTest: BINGO +RUN: not ./LLVMFuzzer-DFSanMemcmpTest -seed=1 -timeout=15 2>&1 | FileCheck %s -RUN: not ./LLVMFuzzer-DFSanSimpleCmpTest -seed=1 -timeout=15 2>&1 | FileCheck %s --check-prefix=DFSanSimpleCmpTest -DFSanSimpleCmpTest: Found the target: +RUN: not ./LLVMFuzzer-CxxTokensTest -seed=1 -timeout=15 -tokens=%S/../cxx_fuzzer_tokens.txt 2>&1 | FileCheck %s -RUN: not ./LLVMFuzzer-CxxTokensTest -seed=1 -timeout=15 -tokens=%S/../cxx_fuzzer_tokens.txt 2>&1 | FileCheck %s --check-prefix=CxxTokensTest -CxxTokensTest: Found the target, exiting -- 2.34.1