From b76a2a550362b5e82962c0fdac10caa609153853 Mon Sep 17 00:00:00 2001 From: Kostya Serebryany Date: Fri, 9 Sep 2016 02:38:28 +0000 Subject: [PATCH] [libFuzzer] improve -print_pcs to not print new PCs coming from libFuzzer itself llvm-svn: 281016 --- llvm/lib/Fuzzer/FuzzerInternal.h | 5 ++--- llvm/lib/Fuzzer/FuzzerLoop.cpp | 22 +++++++++++++++++----- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/llvm/lib/Fuzzer/FuzzerInternal.h b/llvm/lib/Fuzzer/FuzzerInternal.h index a83d64f..06e2005 100644 --- a/llvm/lib/Fuzzer/FuzzerInternal.h +++ b/llvm/lib/Fuzzer/FuzzerInternal.h @@ -374,14 +374,12 @@ public: PCMapBits = 0; VPMap.Reset(); VPMapBits = 0; - PcBufferPos = 0; } std::string DebugString() const; size_t BlockCoverage; size_t CallerCalleeCoverage; - size_t PcBufferPos; // Precalculated number of bits in CounterBitmap. size_t CounterBitmapBits; std::vector CounterBitmap; @@ -486,6 +484,7 @@ private: void DeathCallback(); void ResetEdgeCoverage(); + void ResetCounters(); void PrepareCounters(Fuzzer::Coverage *C); bool RecordMaxCoverage(Fuzzer::Coverage *C); @@ -518,7 +517,7 @@ private: // For -print_pcs uintptr_t* PcBuffer = nullptr; size_t PcBufferLen = 0; - size_t PrevPcBufferPos; + size_t PcBufferPos = 0, PrevPcBufferPos = 0; // Need to know our own thread. static thread_local bool IsMyThread; diff --git a/llvm/lib/Fuzzer/FuzzerLoop.cpp b/llvm/lib/Fuzzer/FuzzerLoop.cpp index caae98e..017ea03 100644 --- a/llvm/lib/Fuzzer/FuzzerLoop.cpp +++ b/llvm/lib/Fuzzer/FuzzerLoop.cpp @@ -57,6 +57,14 @@ void Fuzzer::ResetEdgeCoverage() { EF->__sanitizer_reset_coverage(); } +void Fuzzer::ResetCounters() { + if (Options.UseCounters) { + EF->__sanitizer_update_counter_bitset_and_clear_counters(0); + } + if (EF->__sanitizer_get_coverage_pc_buffer_pos) + PcBufferPos = EF->__sanitizer_get_coverage_pc_buffer_pos(); +} + void Fuzzer::PrepareCounters(Fuzzer::Coverage *C) { if (Options.UseCounters) { size_t NumCounters = EF->__sanitizer_get_number_of_counters(); @@ -109,9 +117,9 @@ bool Fuzzer::RecordMaxCoverage(Fuzzer::Coverage *C) { if (EF->__sanitizer_get_coverage_pc_buffer_pos) { uint64_t NewPcBufferPos = EF->__sanitizer_get_coverage_pc_buffer_pos(); - if (NewPcBufferPos > C->PcBufferPos) { + if (NewPcBufferPos > PcBufferPos) { Res = true; - C->PcBufferPos = NewPcBufferPos; + PcBufferPos = NewPcBufferPos; } if (PcBufferLen && NewPcBufferPos >= PcBufferLen) { @@ -417,7 +425,7 @@ void Fuzzer::ShuffleAndMinimize() { } bool Fuzzer::UpdateMaxCoverage() { - PrevPcBufferPos = MaxCoverage.PcBufferPos; + PrevPcBufferPos = PcBufferPos; bool Res = RecordMaxCoverage(&MaxCoverage); return Res; @@ -470,6 +478,7 @@ void Fuzzer::ExecuteCallback(const uint8_t *Data, size_t Size) { AssignTaintLabels(DataCopy, Size); CurrentUnitSize = Size; AllocTracer.Start(); + ResetCounters(); // Reset coverage right before the callback. int Res = CB(DataCopy, Size); (void)Res; HasMoreMallocsThanFrees = AllocTracer.Stop(); @@ -535,12 +544,15 @@ void Fuzzer::PrintStatusForNewUnit(const Unit &U) { } void Fuzzer::PrintNewPCs() { - if (Options.PrintNewCovPcs && PrevPcBufferPos != MaxCoverage.PcBufferPos) { - for (size_t I = PrevPcBufferPos; I < MaxCoverage.PcBufferPos; ++I) { + if (Options.PrintNewCovPcs && PrevPcBufferPos != PcBufferPos) { + int NumPrinted = 0; + for (size_t I = PrevPcBufferPos; I < PcBufferPos; ++I) { + if (NumPrinted++ > 30) break; // Don't print too many new PCs. if (EF->__sanitizer_symbolize_pc) { char PcDescr[1024]; EF->__sanitizer_symbolize_pc(reinterpret_cast(PcBuffer[I]), "%p %F %L", PcDescr, sizeof(PcDescr)); + PcDescr[sizeof(PcDescr) - 1] = 0; // Just in case. Printf("\tNEW_PC: %s\n", PcDescr); } else { Printf("\tNEW_PC: %p\n", PcBuffer[I]); -- 2.7.4