forked from OSchip/llvm-project
46c7fc22cf
Summary: This commit fixes part of the issues with stack unwinding in fuchsia for arm64 and x86_64. It consists of multiple fixes: (1) The cfa_offset calculation was wrong, instead of pointing to the previous stack pointer, it was pointing to the current one. It worked in most of the cases because the crashing functions already had a prologue and had their cfa information relative to another register. The fix consists on adding a constant that can be used to calculate the crashing function's stack pointer, and base all the cfi information relative to that offset. (2) (arm64) Due to errors with the syntax for the dwarf information, most of the `OP_NUM` macros were not working. The problem was that they were referred to as `r##NUM` (like `r14`), when it should have been `x##num` (like `x14`), or even without the x. (3) (arm64) The link register was being considered a part of the main registers (`r30`), when in the real struct it has its own field. Given that the link register is in the same spot in the struct as r[30] would be, and that C++ doesn't care about anything, the calculation was still correct. (4) (x86_64) The stack doesn't need to be aligned to 16 bytes when we jump to the trampoline function, but it needs to be before performing call instructions. Encoding that logic in cfi information was tricky, so we decided to make the cfa information relative to `rbp` and align `rsp`. Note that this could have been done using another register directly, but it seems cleaner to make a new fake stack frame. There are some other minor changes like adding a `brk 1` instruction in arm64 to make sure that we never return to the crash trampoline (similar to what we do in x86_64). Sadly this commit does not fix unwinding for all use cases for arm64. Crashing functions that do not add information related to the return column in their cfi information will fail to unwind due to a bug in libunwinder. Reviewers: mcgrathr, jakehehrlich, phosek, kcc, aarongreen Subscribers: aprantl, kristof.beyls, #sanitizers, llvm-commits Tags: #sanitizers, #llvm Differential Revision: https://reviews.llvm.org/D69579 |
||
|---|---|---|
| .. | ||
| afl | ||
| dataflow | ||
| scripts | ||
| standalone | ||
| tests | ||
| CMakeLists.txt | ||
| FuzzerBuiltins.h | ||
| FuzzerBuiltinsMsvc.h | ||
| FuzzerCommand.h | ||
| FuzzerCorpus.h | ||
| FuzzerCrossOver.cpp | ||
| FuzzerDataFlowTrace.cpp | ||
| FuzzerDataFlowTrace.h | ||
| FuzzerDefs.h | ||
| FuzzerDictionary.h | ||
| FuzzerDriver.cpp | ||
| FuzzerExtFunctions.def | ||
| FuzzerExtFunctions.h | ||
| FuzzerExtFunctionsDlsym.cpp | ||
| FuzzerExtFunctionsWeak.cpp | ||
| FuzzerExtFunctionsWindows.cpp | ||
| FuzzerExtraCounters.cpp | ||
| FuzzerFlags.def | ||
| FuzzerFork.cpp | ||
| FuzzerFork.h | ||
| FuzzerIO.cpp | ||
| FuzzerIO.h | ||
| FuzzerIOPosix.cpp | ||
| FuzzerIOWindows.cpp | ||
| FuzzerInterface.h | ||
| FuzzerInternal.h | ||
| FuzzerLoop.cpp | ||
| FuzzerMain.cpp | ||
| FuzzerMerge.cpp | ||
| FuzzerMerge.h | ||
| FuzzerMutate.cpp | ||
| FuzzerMutate.h | ||
| FuzzerOptions.h | ||
| FuzzerRandom.h | ||
| FuzzerSHA1.cpp | ||
| FuzzerSHA1.h | ||
| FuzzerTracePC.cpp | ||
| FuzzerTracePC.h | ||
| FuzzerUtil.cpp | ||
| FuzzerUtil.h | ||
| FuzzerUtilDarwin.cpp | ||
| FuzzerUtilFuchsia.cpp | ||
| FuzzerUtilLinux.cpp | ||
| FuzzerUtilPosix.cpp | ||
| FuzzerUtilWindows.cpp | ||
| FuzzerValueBitMap.h | ||
| README.txt | ||
| build.sh | ||
README.txt
See http://llvm.org/docs/LibFuzzer.html