From 0747700ce1621429fee5498b83c2349ae0c7a753 Mon Sep 17 00:00:00 2001 From: Vitaly Buka Date: Tue, 31 Oct 2017 20:50:07 +0000 Subject: [PATCH] [fuzzer] Script to detect unbalanced allocation in -trace_malloc output Reviewers: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39466 llvm-svn: 317036 --- .../lib/fuzzer/scripts/unbalanced_allocs.py | 93 ++++++++++++++++++++++ .../test/fuzzer/trace-malloc-unbalanced.test | 27 +++++++ 2 files changed, 120 insertions(+) create mode 100755 compiler-rt/lib/fuzzer/scripts/unbalanced_allocs.py create mode 100644 compiler-rt/test/fuzzer/trace-malloc-unbalanced.test diff --git a/compiler-rt/lib/fuzzer/scripts/unbalanced_allocs.py b/compiler-rt/lib/fuzzer/scripts/unbalanced_allocs.py new file mode 100755 index 0000000..a4ce187 --- /dev/null +++ b/compiler-rt/lib/fuzzer/scripts/unbalanced_allocs.py @@ -0,0 +1,93 @@ +#!/usr/bin/env python +#===- lib/fuzzer/scripts/unbalanced_allocs.py ------------------------------===# +# +# The LLVM Compiler Infrastructure +# +# This file is distributed under the University of Illinois Open Source +# License. See LICENSE.TXT for details. +# +#===------------------------------------------------------------------------===# +# +# Post-process -trace_malloc=2 output and printout only allocations and frees +# unbalanced inside of fuzzer runs. +# Usage: +# my_fuzzer -trace_malloc=2 -runs=10 2>&1 | unbalanced_allocs.py -skip=5 +# +#===------------------------------------------------------------------------===# + +import argparse +import sys + +_skip = 0 + +def PrintStack(line, stack): + global _skip + if _skip > 0: + return + print 'Unbalanced ' + line.rstrip(); + for l in stack: + print l.rstrip() + +def ProcessStack(line, f): + stack = [] + while line and line.startswith(' #'): + stack += [line] + line = f.readline() + return line, stack + +def ProcessFree(line, f, allocs): + if not line.startswith('FREE['): + return f.readline() + + addr = int(line.split()[1], 16) + next_line, stack = ProcessStack(f.readline(), f) + if addr in allocs: + del allocs[addr] + else: + PrintStack(line, stack) + return next_line + +def ProcessMalloc(line, f, allocs): + if not line.startswith('MALLOC['): + return ProcessFree(line, f, allocs) + + addr = int(line.split()[1], 16) + assert not addr in allocs + + next_line, stack = ProcessStack(f.readline(), f) + allocs[addr] = (line, stack) + return next_line + +def ProcessRun(line, f): + if not line.startswith('MallocFreeTracer: START'): + return ProcessMalloc(line, f, {}) + + allocs = {} + print line.rstrip() + line = f.readline() + while line: + if line.startswith('MallocFreeTracer: STOP'): + global _skip + _skip = _skip - 1 + for _, (l, s) in allocs.iteritems(): + PrintStack(l, s) + print line.rstrip() + return f.readline() + line = ProcessMalloc(line, f, allocs) + return line + +def ProcessFile(f): + line = f.readline() + while line: + line = ProcessRun(line, f); + +def main(argv): + parser = argparse.ArgumentParser() + parser.add_argument('--skip', default=0, help='number of runs to ignore') + args = parser.parse_args() + global _skip + _skip = int(args.skip) + 1 + ProcessFile(sys.stdin) + +if __name__ == '__main__': + main(sys.argv) diff --git a/compiler-rt/test/fuzzer/trace-malloc-unbalanced.test b/compiler-rt/test/fuzzer/trace-malloc-unbalanced.test new file mode 100644 index 0000000..53b83fb --- /dev/null +++ b/compiler-rt/test/fuzzer/trace-malloc-unbalanced.test @@ -0,0 +1,27 @@ +// FIXME: This test infinite loops on darwin because it crashes +// printing a stack trace repeatedly +UNSUPPORTED: darwin + +// Verifies lib/fuzzer/scripts/unbalanced_allocs.py script + +RUN: %cpp_compiler %S/TraceMallocTest.cpp -o %t-TraceMallocTest + +RUN: %t-TraceMallocTest -seed=1 -trace_malloc=1 -runs=100 2>&1 | \ +RUN: %libfuzzer_src/scripts/unbalanced_allocs.py --skip=5 | FileCheck %s + +RUN: %t-TraceMallocTest -seed=1 -trace_malloc=2 -runs=100 2>&1 | \ +RUN: %libfuzzer_src/scripts/unbalanced_allocs.py --skip=5 | FileCheck %s --check-prefixes=CHECK,CHECK2 + +CHECK: MallocFreeTracer: START +CHECK: Unbalanced MALLOC[{{[0-9]+}}] [[PTR:0x[0-9a-f]+]] 4 +CHECK2-NEXT: {{ #0 0x[0-9a-f]+ in }} +CHECK2-NEXT: {{ #1 0x[0-9a-f]+ in }} +CHECK2-NEXT: {{ #2 0x[0-9a-f]+ in }} +CHECK: MallocFreeTracer: STOP + +CHECK: MallocFreeTracer: START +CHECK: Unbalanced FREE[{{[0-9]+}}] [[PTR]] +CHECK2-NEXT: {{ #0 0x[0-9a-f]+ in }} +CHECK2-NEXT: {{ #1 0x[0-9a-f]+ in }} +CHECK2-NEXT: {{ #2 0x[0-9a-f]+ in }} +CHECK: MallocFreeTracer: STOP -- 2.7.4