From: Dokyung Song Date: Thu, 16 Jul 2020 21:24:06 +0000 (+0000) Subject: [libFuzzer] Disable implicit builtin knowledge about memcmp-like functions when ... X-Git-Tag: llvmorg-13-init~17664 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=12d1124c49beec0fb79d36944960e5bf0f236d4c;p=platform%2Fupstream%2Fllvm.git [libFuzzer] Disable implicit builtin knowledge about memcmp-like functions when -fsanitize=fuzzer-no-link is given. Summary: This patch disables implicit builtin knowledge about memcmp-like functions when compiling the program for fuzzing, i.e., when -fsanitize=fuzzer(-no-link) is given. This allows libFuzzer to always intercept memcmp-like functions as it effectively disables optimizing calls to such functions into different forms. This is done by adding a set of flags (-fno-builtin-memcmp and others) in the clang driver. Individual -fno-builtin-* flags previously used in several libFuzzer tests are now removed, as it is now done automatically in the clang driver. Reviewers: morehouse, hctim Subscribers: cfe-commits, #sanitizers Tags: #clang, #sanitizers Differential Revision: https://reviews.llvm.org/D83987 --- diff --git a/clang/lib/Driver/SanitizerArgs.cpp b/clang/lib/Driver/SanitizerArgs.cpp index e4fda75..4af2466 100644 --- a/clang/lib/Driver/SanitizerArgs.cpp +++ b/clang/lib/Driver/SanitizerArgs.cpp @@ -1088,6 +1088,22 @@ void SanitizerArgs::addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args, Sanitizers.has(SanitizerKind::Address)) CmdArgs.push_back("-fno-assume-sane-operator-new"); + // libFuzzer wants to intercept calls to certain library functions, so the + // following -fno-builtin-* flags force the compiler to emit interposable + // libcalls to these functions. Other sanitizers effectively do the same thing + // by marking all library call sites with NoBuiltin attribute in their LLVM + // pass. (see llvm::maybeMarkSanitizerLibraryCallNoBuiltin) + if (Sanitizers.has(SanitizerKind::FuzzerNoLink)) { + CmdArgs.push_back("-fno-builtin-memcmp"); + CmdArgs.push_back("-fno-builtin-strncmp"); + CmdArgs.push_back("-fno-builtin-strcmp"); + CmdArgs.push_back("-fno-builtin-strncasecmp"); + CmdArgs.push_back("-fno-builtin-strcasecmp"); + CmdArgs.push_back("-fno-builtin-strstr"); + CmdArgs.push_back("-fno-builtin-strcasestr"); + CmdArgs.push_back("-fno-builtin-memmem"); + } + // Require -fvisibility= flag on non-Windows when compiling if vptr CFI is // enabled. if (Sanitizers.hasOneOf(CFIClasses) && !TC.getTriple().isOSWindows() && diff --git a/compiler-rt/test/fuzzer/memcmp.test b/compiler-rt/test/fuzzer/memcmp.test index 8859afb..fa995a2 100644 --- a/compiler-rt/test/fuzzer/memcmp.test +++ b/compiler-rt/test/fuzzer/memcmp.test @@ -2,7 +2,7 @@ UNSUPPORTED: freebsd RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest RUN: not %run %t-MemcmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s -RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp -o %t-NoAsanMemcmpTest +RUN: %cpp_compiler -fno-sanitize=address %S/MemcmpTest.cpp -o %t-NoAsanMemcmpTest RUN: not %run %t-MemcmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s CHECK: BINGO diff --git a/compiler-rt/test/fuzzer/memcmp64.test b/compiler-rt/test/fuzzer/memcmp64.test index fc9d023..ca8c8fe8 100644 --- a/compiler-rt/test/fuzzer/memcmp64.test +++ b/compiler-rt/test/fuzzer/memcmp64.test @@ -2,7 +2,7 @@ UNSUPPORTED: freebsd RUN: %cpp_compiler %S/Memcmp64BytesTest.cpp -o %t-Memcmp64BytesTest RUN: not %run %t-Memcmp64BytesTest -seed=1 -runs=1000000 2>&1 | FileCheck %s -RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/Memcmp64BytesTest.cpp -o %t-NoAsanMemcmp64BytesTest +RUN: %cpp_compiler -fno-sanitize=address %S/Memcmp64BytesTest.cpp -o %t-NoAsanMemcmp64BytesTest RUN: not %run %t-Memcmp64BytesTest -seed=1 -runs=1000000 2>&1 | FileCheck %s CHECK: BINGO diff --git a/compiler-rt/test/fuzzer/strcmp.test b/compiler-rt/test/fuzzer/strcmp.test index eebcf8e..61065de 100644 --- a/compiler-rt/test/fuzzer/strcmp.test +++ b/compiler-rt/test/fuzzer/strcmp.test @@ -2,7 +2,7 @@ UNSUPPORTED: freebsd RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-StrcmpTest RUN: not %run %t-StrcmpTest -seed=1 -runs=2000000 2>&1 | FileCheck %s -RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strcmp %S/StrcmpTest.cpp -o %t-NoAsanStrcmpTest +RUN: %cpp_compiler -fno-sanitize=address %S/StrcmpTest.cpp -o %t-NoAsanStrcmpTest RUN: not %run %t-StrcmpTest -seed=1 -runs=2000000 2>&1 | FileCheck %s CHECK: BINGO diff --git a/compiler-rt/test/fuzzer/strncmp.test b/compiler-rt/test/fuzzer/strncmp.test index f8ff929..1024510 100644 --- a/compiler-rt/test/fuzzer/strncmp.test +++ b/compiler-rt/test/fuzzer/strncmp.test @@ -2,7 +2,7 @@ UNSUPPORTED: freebsd RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-StrncmpTest RUN: not %run %t-StrncmpTest -seed=2 -runs=10000000 2>&1 | FileCheck %s -RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strncmp %S/StrncmpTest.cpp -o %t-NoAsanStrncmpTest +RUN: %cpp_compiler -fno-sanitize=address %S/StrncmpTest.cpp -o %t-NoAsanStrncmpTest RUN: not %run %t-StrncmpTest -seed=2 -runs=10000000 2>&1 | FileCheck %s CHECK: BINGO diff --git a/compiler-rt/test/fuzzer/strstr.test b/compiler-rt/test/fuzzer/strstr.test index 54a5abe..5c10805 100644 --- a/compiler-rt/test/fuzzer/strstr.test +++ b/compiler-rt/test/fuzzer/strstr.test @@ -2,7 +2,7 @@ UNSUPPORTED: freebsd RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-StrstrTest RUN: not %run %t-StrstrTest -seed=1 -runs=2000000 2>&1 | FileCheck %s -RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strstr %S/StrstrTest.cpp -o %t-NoAsanStrstrTest +RUN: %cpp_compiler -fno-sanitize=address %S/StrstrTest.cpp -o %t-NoAsanStrstrTest RUN: not %run %t-StrstrTest -seed=1 -runs=2000000 2>&1 | FileCheck %s CHECK: BINGO