[libFuzzer] remove stale code

llvm-svn: 352571
This commit is contained in:
Kostya Serebryany 2019-01-29 23:53:28 +00:00
parent 61d35249b1
commit 2891b257c2
6 changed files with 3 additions and 113 deletions

View File

@ -621,7 +621,6 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {
Options.PrintFinalStats = Flags.print_final_stats; Options.PrintFinalStats = Flags.print_final_stats;
Options.PrintCorpusStats = Flags.print_corpus_stats; Options.PrintCorpusStats = Flags.print_corpus_stats;
Options.PrintCoverage = Flags.print_coverage; Options.PrintCoverage = Flags.print_coverage;
Options.DumpCoverage = Flags.dump_coverage;
if (Flags.exit_on_src_pos) if (Flags.exit_on_src_pos)
Options.ExitOnSrcPos = Flags.exit_on_src_pos; Options.ExitOnSrcPos = Flags.exit_on_src_pos;
if (Flags.exit_on_item) if (Flags.exit_on_item)

View File

@ -43,8 +43,6 @@ EXT_FUNC(__sanitizer_get_module_and_offset_for_pc, int,
size_t module_path_len,void **pc_offset), false); size_t module_path_len,void **pc_offset), false);
EXT_FUNC(__sanitizer_set_death_callback, void, (void (*)(void)), true); EXT_FUNC(__sanitizer_set_death_callback, void, (void (*)(void)), true);
EXT_FUNC(__sanitizer_set_report_fd, void, (void*), false); EXT_FUNC(__sanitizer_set_report_fd, void, (void*), false);
EXT_FUNC(__sanitizer_dump_coverage, void, (const uintptr_t *, uintptr_t),
false);
EXT_FUNC(__msan_scoped_disable_interceptor_checks, void, (), false); EXT_FUNC(__msan_scoped_disable_interceptor_checks, void, (), false);
EXT_FUNC(__msan_scoped_enable_interceptor_checks, void, (), false); EXT_FUNC(__msan_scoped_enable_interceptor_checks, void, (), false);
EXT_FUNC(__msan_unpoison, void, (const volatile void *, size_t size), false); EXT_FUNC(__msan_unpoison, void, (const volatile void *, size_t size), false);

View File

@ -106,9 +106,7 @@ FUZZER_FLAG_INT(print_corpus_stats, 0,
"If 1, print statistics on corpus elements at exit.") "If 1, print statistics on corpus elements at exit.")
FUZZER_FLAG_INT(print_coverage, 0, "If 1, print coverage information as text" FUZZER_FLAG_INT(print_coverage, 0, "If 1, print coverage information as text"
" at exit.") " at exit.")
FUZZER_FLAG_INT(dump_coverage, 0, "Deprecated." FUZZER_FLAG_INT(dump_coverage, 0, "Deprecated.")
" If 1, dump coverage information as a"
" .sancov file at exit.")
FUZZER_FLAG_INT(handle_segv, 1, "If 1, try to intercept SIGSEGV.") FUZZER_FLAG_INT(handle_segv, 1, "If 1, try to intercept SIGSEGV.")
FUZZER_FLAG_INT(handle_bus, 1, "If 1, try to intercept SIGBUS.") FUZZER_FLAG_INT(handle_bus, 1, "If 1, try to intercept SIGBUS.")
FUZZER_FLAG_INT(handle_abrt, 1, "If 1, try to intercept SIGABRT.") FUZZER_FLAG_INT(handle_abrt, 1, "If 1, try to intercept SIGABRT.")

View File

@ -354,8 +354,6 @@ void Fuzzer::PrintStats(const char *Where, const char *End, size_t Units) {
void Fuzzer::PrintFinalStats() { void Fuzzer::PrintFinalStats() {
if (Options.PrintCoverage) if (Options.PrintCoverage)
TPC.PrintCoverage(); TPC.PrintCoverage();
if (Options.DumpCoverage)
TPC.DumpCoverage();
if (Options.PrintCorpusStats) if (Options.PrintCorpusStats)
Corpus.PrintStats(); Corpus.PrintStats();
if (!Options.PrintFinalStats) if (!Options.PrintFinalStats)

View File

@ -23,15 +23,6 @@
#include "FuzzerValueBitMap.h" #include "FuzzerValueBitMap.h"
#include <set> #include <set>
// The coverage counters and PCs.
// These are declared as global variables named "__sancov_*" to simplify
// experiments with inlined instrumentation.
alignas(64) ATTRIBUTE_INTERFACE
uint8_t __sancov_trace_pc_guard_8bit_counters[fuzzer::TracePC::kNumPCs];
ATTRIBUTE_INTERFACE
uintptr_t __sancov_trace_pc_pcs[fuzzer::TracePC::kNumPCs];
// Used by -fsanitize-coverage=stack-depth to track stack depth // Used by -fsanitize-coverage=stack-depth to track stack depth
ATTRIBUTES_INTERFACE_TLS_INITIAL_EXEC uintptr_t __sancov_lowest_stack; ATTRIBUTES_INTERFACE_TLS_INITIAL_EXEC uintptr_t __sancov_lowest_stack;
@ -39,22 +30,8 @@ namespace fuzzer {
TracePC TPC; TracePC TPC;
uint8_t *TracePC::Counters() const {
return __sancov_trace_pc_guard_8bit_counters;
}
uintptr_t *TracePC::PCs() const {
return __sancov_trace_pc_pcs;
}
size_t TracePC::GetTotalPCCoverage() { size_t TracePC::GetTotalPCCoverage() {
if (ObservedPCs.size())
return ObservedPCs.size(); return ObservedPCs.size();
size_t Res = 0;
for (size_t i = 1, N = GetNumPCs(); i < N; i++)
if (PCs()[i])
Res++;
return Res;
} }
@ -77,32 +54,7 @@ void TracePC::HandlePCsInit(const uintptr_t *Start, const uintptr_t *Stop) {
NumPCsInPCTables += E - B; NumPCsInPCTables += E - B;
} }
void TracePC::HandleInit(uint32_t *Start, uint32_t *Stop) {
if (Start == Stop || *Start) return;
assert(NumModules < sizeof(Modules) / sizeof(Modules[0]));
for (uint32_t *P = Start; P < Stop; P++) {
NumGuards++;
if (NumGuards == kNumPCs) {
RawPrint(
"WARNING: The binary has too many instrumented PCs.\n"
" You may want to reduce the size of the binary\n"
" for more efficient fuzzing and precise coverage data\n");
}
*P = NumGuards % kNumPCs;
}
Modules[NumModules].Start = Start;
Modules[NumModules].Stop = Stop;
NumModules++;
}
void TracePC::PrintModuleInfo() { void TracePC::PrintModuleInfo() {
if (NumGuards) {
Printf("INFO: Loaded %zd modules (%zd guards): ", NumModules, NumGuards);
for (size_t i = 0; i < NumModules; i++)
Printf("%zd [%p, %p), ", Modules[i].Stop - Modules[i].Start,
Modules[i].Start, Modules[i].Stop);
Printf("\n");
}
if (NumModulesWithInline8bitCounters) { if (NumModulesWithInline8bitCounters) {
Printf("INFO: Loaded %zd modules (%zd inline 8-bit counters): ", Printf("INFO: Loaded %zd modules (%zd inline 8-bit counters): ",
NumModulesWithInline8bitCounters, NumInline8bitCounters); NumModulesWithInline8bitCounters, NumInline8bitCounters);
@ -120,8 +72,7 @@ void TracePC::PrintModuleInfo() {
} }
Printf("\n"); Printf("\n");
if ((NumGuards && NumGuards != NumPCsInPCTables) || if (NumInline8bitCounters && NumInline8bitCounters != NumPCsInPCTables) {
(NumInline8bitCounters && NumInline8bitCounters != NumPCsInPCTables)) {
Printf("ERROR: The size of coverage PC tables does not match the\n" Printf("ERROR: The size of coverage PC tables does not match the\n"
"number of instrumented PCs. This might be a compiler bug,\n" "number of instrumented PCs. This might be a compiler bug,\n"
"please contact the libFuzzer developers.\n" "please contact the libFuzzer developers.\n"
@ -200,17 +151,6 @@ void TracePC::UpdateObservedPCs() {
if (Beg[j]) if (Beg[j])
Observe(ModulePCTable[i].Start[j]); Observe(ModulePCTable[i].Start[j]);
} }
} else if (NumGuards == NumPCsInPCTables) {
size_t GuardIdx = 1;
for (size_t i = 0; i < NumModules; i++) {
uint32_t *Beg = Modules[i].Start;
size_t Size = Modules[i].Stop - Beg;
assert(Size ==
(size_t)(ModulePCTable[i].Stop - ModulePCTable[i].Start));
for (size_t j = 0; j < Size; j++, GuardIdx++)
if (Counters()[GuardIdx])
Observe(ModulePCTable[i].Start[j]);
}
} }
} }
@ -322,15 +262,6 @@ void TracePC::PrintCoverage() {
IterateCoveredFunctions(CoveredFunctionCallback); IterateCoveredFunctions(CoveredFunctionCallback);
} }
void TracePC::DumpCoverage() {
if (EF->__sanitizer_dump_coverage) {
Vector<uintptr_t> PCsCopy(GetNumPCs());
for (size_t i = 0; i < GetNumPCs(); i++)
PCsCopy[i] = PCs()[i] ? GetPreviousInstructionPc(PCs()[i]) : 0;
EF->__sanitizer_dump_coverage(PCsCopy.data(), PCsCopy.size());
}
}
// Value profile. // Value profile.
// We keep track of various values that affect control flow. // We keep track of various values that affect control flow.
// These values are inserted into a bit-set-based hash map. // These values are inserted into a bit-set-based hash map.

View File

@ -69,11 +69,6 @@ struct MemMemTable {
class TracePC { class TracePC {
public: public:
static const size_t kNumPCs = 1 << 21;
// How many bits of PC are used from __sanitizer_cov_trace_pc.
static const size_t kTracePcBits = 18;
void HandleInit(uint32_t *Start, uint32_t *Stop);
void HandleInline8bitCountersInit(uint8_t *Start, uint8_t *Stop); void HandleInline8bitCountersInit(uint8_t *Start, uint8_t *Stop);
void HandlePCsInit(const uintptr_t *Start, const uintptr_t *Stop); void HandlePCsInit(const uintptr_t *Start, const uintptr_t *Stop);
void HandleCallerCallee(uintptr_t Caller, uintptr_t Callee); void HandleCallerCallee(uintptr_t Caller, uintptr_t Callee);
@ -88,8 +83,6 @@ class TracePC {
void ResetMaps() { void ResetMaps() {
ValueProfileMap.Reset(); ValueProfileMap.Reset();
if (NumModules)
memset(Counters(), 0, GetNumPCs());
ClearExtraCounters(); ClearExtraCounters();
ClearInlineCounters(); ClearInlineCounters();
} }
@ -102,7 +95,6 @@ class TracePC {
void PrintModuleInfo(); void PrintModuleInfo();
void PrintCoverage(); void PrintCoverage();
void DumpCoverage();
template<class CallBack> template<class CallBack>
void IterateCoveredFunctions(CallBack CB); void IterateCoveredFunctions(CallBack CB);
@ -115,14 +107,6 @@ class TracePC {
TableOfRecentCompares<Word, 32> TORCW; TableOfRecentCompares<Word, 32> TORCW;
MemMemTable<1024> MMT; MemMemTable<1024> MMT;
size_t GetNumPCs() const {
return NumGuards == 0 ? (1 << kTracePcBits) : Min(kNumPCs, NumGuards + 1);
}
uintptr_t GetPC(size_t Idx) {
assert(Idx < GetNumPCs());
return PCs()[Idx];
}
void RecordInitialStack(); void RecordInitialStack();
uintptr_t GetMaxStackOffset() const; uintptr_t GetMaxStackOffset() const;
@ -141,14 +125,6 @@ private:
bool DoPrintNewPCs = false; bool DoPrintNewPCs = false;
size_t NumPrintNewFuncs = 0; size_t NumPrintNewFuncs = 0;
struct Module {
uint32_t *Start, *Stop;
};
Module Modules[4096];
size_t NumModules; // linker-initialized.
size_t NumGuards; // linker-initialized.
struct { uint8_t *Start, *Stop; } ModuleCounters[4096]; struct { uint8_t *Start, *Stop; } ModuleCounters[4096];
size_t NumModulesWithInline8bitCounters; // linker-initialized. size_t NumModulesWithInline8bitCounters; // linker-initialized.
size_t NumInline8bitCounters; size_t NumInline8bitCounters;
@ -161,9 +137,6 @@ private:
size_t NumPCTables; size_t NumPCTables;
size_t NumPCsInPCTables; size_t NumPCsInPCTables;
uint8_t *Counters() const;
uintptr_t *PCs() const;
Set<uintptr_t> ObservedPCs; Set<uintptr_t> ObservedPCs;
std::unordered_map<uintptr_t, uintptr_t> ObservedFuncs; // PC => Counter. std::unordered_map<uintptr_t, uintptr_t> ObservedFuncs; // PC => Counter.
@ -230,8 +203,6 @@ template <class Callback> // void Callback(size_t Feature)
ATTRIBUTE_NO_SANITIZE_ADDRESS ATTRIBUTE_NO_SANITIZE_ADDRESS
ATTRIBUTE_NOINLINE ATTRIBUTE_NOINLINE
void TracePC::CollectFeatures(Callback HandleFeature) const { void TracePC::CollectFeatures(Callback HandleFeature) const {
uint8_t *Counters = this->Counters();
size_t N = GetNumPCs();
auto Handle8bitCounter = [&](size_t FirstFeature, auto Handle8bitCounter = [&](size_t FirstFeature,
size_t Idx, uint8_t Counter) { size_t Idx, uint8_t Counter) {
if (UseCounters) if (UseCounters)
@ -242,11 +213,6 @@ void TracePC::CollectFeatures(Callback HandleFeature) const {
size_t FirstFeature = 0; size_t FirstFeature = 0;
if (!NumInline8bitCounters) {
ForEachNonZeroByte(Counters, Counters + N, FirstFeature, Handle8bitCounter);
FirstFeature += N * 8;
}
if (NumInline8bitCounters) { if (NumInline8bitCounters) {
for (size_t i = 0; i < NumModulesWithInline8bitCounters; i++) { for (size_t i = 0; i < NumModulesWithInline8bitCounters; i++) {
ForEachNonZeroByte(ModuleCounters[i].Start, ModuleCounters[i].Stop, ForEachNonZeroByte(ModuleCounters[i].Start, ModuleCounters[i].Stop,