[LibFuzzer]

Work around crashes in ``__sanitizer_malloc_hook()`` under Mac OSX.

Under Mac OSX we intercept calls to malloc before thread local
storage is initialised leading to a crash when accessing
``AllocTracer``. To workaround this ``AllocTracer`` is only accessed
in the hook under Linux. For symmetry ``__sanitizer_free_hook()``
is also modified in the same way.

To support this change a set of new macros
LIBFUZZER_LINUX and LIBFUZZER_APPLE has been defined which can be
used to check the target being compiled for.

Differential Revision: http://reviews.llvm.org/D20402

llvm-svn: 270145

llvm/lib/Fuzzer/FuzzerInternal.h

@@ -27,6 +27,17 @@
 #include "FuzzerInterface.h"
 #include "FuzzerTracePC.h"
 
+// Platform detection.
+#ifdef __linux__
+#define LIBFUZZER_LINUX 1
+#define LIBFUZZER_APPLE 0
+#elif __APPLE__
+#define LIBFUZZER_LINUX 0
+#define LIBFUZZER_APPLE 1
+#else
+#error "Support for your platform has not been implemented"
+#endif
+
 namespace fuzzer {
 
 typedef int (*UserCallback)(const uint8_t *Data, size_t Size);

llvm/lib/Fuzzer/FuzzerLoop.cpp

@@ -437,9 +437,19 @@ struct MallocFreeTracer {
 
 static thread_local MallocFreeTracer AllocTracer;
 
+// FIXME: The hooks only count on Linux because
+// on Mac OSX calls to malloc are intercepted before
+// thread local storage is initialised leading to
+// crashes when accessing ``AllocTracer``.
 extern "C" {
-void __sanitizer_malloc_hook(void *ptr, size_t size) { AllocTracer.Mallocs++; }
-void __sanitizer_free_hook(void *ptr) { AllocTracer.Frees++; }
+void __sanitizer_malloc_hook(void *ptr, size_t size) {
+  if (!LIBFUZZER_APPLE)
+    AllocTracer.Mallocs++;
+}
+void __sanitizer_free_hook(void *ptr) {
+  if (!LIBFUZZER_APPLE)
+    AllocTracer.Frees++;
+}
 }  // extern "C"
 
 void Fuzzer::ExecuteCallback(const uint8_t *Data, size_t Size) {