[lib/Fuzzer] add dfsan_weak_hook_memcmp, enable the test that uses it, simplify the test runner

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@236683 91177308-0d34-0410-b5e6-96231b3b80d8
2025-04-05 01:31:05 +00:00 · 2015-05-07 00:11:33 +00:00 · 2015-05-07 00:11:33 +00:00 · 49204878d7
commit 49204878d7
parent a94bd7a780
6 changed files with 35 additions and 17 deletions
--- a/lib/Fuzzer/FuzzerDFSan.cpp
+++ b/lib/Fuzzer/FuzzerDFSan.cpp
@ -81,6 +81,8 @@ __attribute__((weak))
 void dfsan_add_label(dfsan_label label, void *addr, size_t size);
 __attribute__((weak))
 const struct dfsan_label_info *dfsan_get_label_info(dfsan_label label);
+__attribute__((weak))
+dfsan_label dfsan_read_label(const void *addr, size_t size);
 }  // extern "C"

 namespace {
@ -272,4 +274,17 @@ void __dfsw___sanitizer_cov_trace_cmp(uint64_t SizeAndType, uint64_t Arg1,
  uint64_t Type = (SizeAndType << 32) >> 32;
  DFSan->DFSanCmpCallback(PC, CmpSize, Type, Arg1, Arg2, L1, L2);
 }
+
+void dfsan_weak_hook_memcmp(void *caller_pc, const void *s1, const void *s2,
+                            size_t n, dfsan_label s1_label,
+                            dfsan_label s2_label, dfsan_label n_label) {
+  uintptr_t PC = reinterpret_cast<uintptr_t>(caller_pc);
+  uint64_t S1, S2;
+  // Simplification: handle only first 8 bytes.
+  memcpy(&S1, s1, std::min(n, sizeof(S1)));
+  memcpy(&S2, s2, std::min(n, sizeof(S2)));
+  dfsan_label L1 = dfsan_read_label(s1, n);
+  dfsan_label L2 = dfsan_read_label(s2, n);
+  DFSan->DFSanCmpCallback(PC, n, ICMP_EQ, S1, S2, L1, L2);
+}
 }  // extern "C"
--- a/lib/Fuzzer/test/CxxTokensTest.cpp
+++ b/lib/Fuzzer/test/CxxTokensTest.cpp
@ -6,7 +6,7 @@
 #include <iostream>

 static void Found() {
-  std::cout << "Found the target, exiting\n";
+  std::cout << "BINGO; Found the target, exiting\n";
  exit(1);
 }

--- a/lib/Fuzzer/test/SimpleTest.cpp
+++ b/lib/Fuzzer/test/SimpleTest.cpp
@ -12,7 +12,7 @@ extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
    if (Size > 1 && Data[1] == 'i') {
      Sink = 2;
      if (Size > 2 && Data[2] == '!') {
-        std::cout << "Found the target, exiting\n";
+        std::cout << "BINGO; Found the target, exiting\n";
        exit(0);
      }
    }
--- a/lib/Fuzzer/test/dfsan/DFSanMemcmpTest.cpp
+++ b/lib/Fuzzer/test/dfsan/DFSanMemcmpTest.cpp
@ -1,8 +1,12 @@
 // Simple test for a fuzzer. The fuzzer must find a particular string.
 #include <cstring>
 #include <cstdint>
+#include <cstdio>
+#include <cstdlib>

 extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
-  if (Size >= 10 && memcmp(Data, "0123456789", 10) == 0)
-    __builtin_trap();
+  if (Size >= 8 && memcmp(Data, "01234567", 8) == 0) {
+    fprintf(stderr, "BINGO\n");
+    exit(1);
+  }
 }
--- a/lib/Fuzzer/test/dfsan/DFSanSimpleCmpTest.cpp
+++ b/lib/Fuzzer/test/dfsan/DFSanSimpleCmpTest.cpp
@ -23,7 +23,7 @@ extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
      z >= -10005 &&
      z != -10003 &&
      a == 4242) {
-    fprintf(stderr, "Found the target: size %zd (%zd, %zd, %d, %d), exiting.\n",
+    fprintf(stderr, "BINGO; Found the target: size %zd (%zd, %zd, %d, %d), exiting.\n",
            Size, x, y, z, a);
    exit(1);
  }
--- a/lib/Fuzzer/test/fuzzer.test
+++ b/lib/Fuzzer/test/fuzzer.test
@ -1,5 +1,6 @@
-RUN: ./LLVMFuzzer-SimpleTest 2>&1 | FileCheck %s --check-prefix=SimpleTest
-SimpleTest: Found the target, exiting
+CHECK: BINGO
+
+RUN: ./LLVMFuzzer-SimpleTest 2>&1 | FileCheck %s

 RUN: not ./LLVMFuzzer-InfiniteTest -timeout=2 2>&1 | FileCheck %s --check-prefix=InfiniteTest
 InfiniteTest: ALARM: working on the last Unit for
@ -12,17 +13,15 @@ TimeoutTest: CRASHED; file written to timeout
 RUN: not ./LLVMFuzzer-NullDerefTest 2>&1 | FileCheck %s --check-prefix=NullDerefTest
 NullDerefTest: CRASHED; file written to crash-

-RUN: not ./LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s --check-prefix=FullCoverageSetTest
-FullCoverageSetTest: BINGO
+RUN: not ./LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s

-RUN: not ./LLVMFuzzer-FourIndependentBranchesTest -timeout=15 -seed=1 -use_coverage_pairs=1 2>&1 | FileCheck %s --check-prefix=FourIndependentBranchesTest
-FourIndependentBranchesTest: BINGO
+RUN: not ./LLVMFuzzer-FourIndependentBranchesTest -timeout=15 -seed=1 -use_coverage_pairs=1 2>&1 | FileCheck %s

-RUN: not ./LLVMFuzzer-CounterTest -use_counters=1 -max_len=6 -seed=1 -timeout=15 2>&1 | FileCheck %s --check-prefix=CounterTest
-CounterTest: BINGO
+RUN: not ./LLVMFuzzer-CounterTest -use_counters=1 -max_len=6 -seed=1 -timeout=15 2>&1 | FileCheck %s

-RUN: not ./LLVMFuzzer-DFSanSimpleCmpTest -seed=1 -timeout=15 2>&1 | FileCheck %s --check-prefix=DFSanSimpleCmpTest
-DFSanSimpleCmpTest: Found the target:
+RUN: not ./LLVMFuzzer-DFSanSimpleCmpTest -seed=1 -timeout=15 2>&1 | FileCheck %s
+
+RUN: not ./LLVMFuzzer-DFSanMemcmpTest -seed=1 -timeout=15 2>&1 | FileCheck %s
+
+RUN: not ./LLVMFuzzer-CxxTokensTest -seed=1 -timeout=15 -tokens=%S/../cxx_fuzzer_tokens.txt 2>&1 | FileCheck %s

-RUN: not ./LLVMFuzzer-CxxTokensTest -seed=1 -timeout=15 -tokens=%S/../cxx_fuzzer_tokens.txt 2>&1 | FileCheck %s --check-prefix=CxxTokensTest
-CxxTokensTest: Found the target, exiting