[libFuzzer] simplify the code for __sanitizer_cov_trace_pc_guard and make sure it is not asan/msan-instrumented

llvm-svn: 293125
2017-01-26 01:04:54 +00:00 · 2017-01-26 01:04:54 +00:00 · d0ecb4c69e
parent 5dd55e8405
commit d0ecb4c69e
5 changed files with 31 additions and 4 deletions
--- a/llvm/lib/Fuzzer/FuzzerDefs.h
+++ b/llvm/lib/Fuzzer/FuzzerDefs.h
@ -53,6 +53,11 @@
 #  define ALWAYS_INLINE
 #endif // __clang__

+#define ATTRIBUTE_NO_SANITIZE_ADDRESS __attribute__((no_sanitize_address))
+
+#define ATTRIBUTE_NO_SANITIZE_ALL ATTRIBUTE_NO_SANITIZE_ADDRESS ATTRIBUTE_NO_SANITIZE_MEMORY
+
+
 #if LIBFUZZER_WINDOWS
 #define ATTRIBUTE_INTERFACE __declspec(dllexport)
 #else
--- a/llvm/lib/Fuzzer/FuzzerIO.h
+++ b/llvm/lib/Fuzzer/FuzzerIO.h
@ -48,6 +48,9 @@ void CloseStdout();

 void Printf(const char *Fmt, ...);

+// Print using raw syscalls, useful when printing at early init stages.
+void RawPrint(const char *Str);
+
 // Platform specific functions:
 bool IsFile(const std::string &Path);

--- a/llvm/lib/Fuzzer/FuzzerIOPosix.cpp
+++ b/llvm/lib/Fuzzer/FuzzerIOPosix.cpp
@ -109,6 +109,11 @@ bool IsInterestingCoverageFile(const std::string &FileName) {
  return true;
 }

+
+void RawPrint(const char *Str) {
+  write(2, Str, strlen(Str));
+}
+
 }  // namespace fuzzer

 #endif // LIBFUZZER_POSIX
--- a/llvm/lib/Fuzzer/FuzzerIOWindows.cpp
+++ b/llvm/lib/Fuzzer/FuzzerIOWindows.cpp
@ -299,6 +299,11 @@ bool IsInterestingCoverageFile(const std::string &FileName) {
  return true;
 }

+void RawPrint(const char *Str) {
+  // Not tested, may or may not work. Fix if needed.
+  Printf("%s", Str);
+}
+
 }  // namespace fuzzer

 #endif // LIBFUZZER_WINDOWS
--- a/llvm/lib/Fuzzer/FuzzerTracePC.cpp
+++ b/llvm/lib/Fuzzer/FuzzerTracePC.cpp
@ -28,10 +28,10 @@ namespace fuzzer {

 TracePC TPC;

+ATTRIBUTE_NO_SANITIZE_ALL
 void TracePC::HandleTrace(uint32_t *Guard, uintptr_t PC) {
  uint32_t Idx = *Guard;
-  if (!Idx) return;
-  PCs[Idx % kNumPCs] = PC;
+  PCs[Idx] = PC;
  Counters[Idx % kNumCounters]++;
 }

@ -46,8 +46,16 @@ size_t TracePC::GetTotalPCCoverage() {
 void TracePC::HandleInit(uint32_t *Start, uint32_t *Stop) {
  if (Start == Stop || *Start) return;
  assert(NumModules < sizeof(Modules) / sizeof(Modules[0]));
-  for (uint32_t *P = Start; P < Stop; P++)
-    *P = ++NumGuards;
+  for (uint32_t *P = Start; P < Stop; P++) {
+    NumGuards++;
+    if (NumGuards == kNumPCs) {
+      RawPrint(
+          "WARNING: The binary has too many instrumented PCs.\n"
+          "         You may want to reduce the size of the binary\n"
+          "         for more efficient fuzzing and precise coverage data\n");
+    }
+    *P = NumGuards % kNumPCs;
+  }
  Modules[NumModules].Start = Start;
  Modules[NumModules].Stop = Stop;
  NumModules++;
@ -258,6 +266,7 @@ void TracePC::HandleCmp(uintptr_t PC, T Arg1, T Arg2) {

 extern "C" {
 ATTRIBUTE_INTERFACE
+ATTRIBUTE_NO_SANITIZE_ALL
 void __sanitizer_cov_trace_pc_guard(uint32_t *Guard) {
  uintptr_t PC = reinterpret_cast<uintptr_t>(__builtin_return_address(0));
  fuzzer::TPC.HandleTrace(Guard, PC);