morehouse created this revision.
morehouse added reviewers: kcc, vitalybuka.
Disables certain CMP optimizations to improve fuzzing signal under -O1
and -O2.
Switches all fuzzer tests to -O2 except for a few leak tests where the
leak is optimized out under -O2.
https://reviews.llvm.org/D44798
Files:
clang/lib/CodeGen/CodeGenFunction.cpp
compiler-rt/test/fuzzer/SimpleCmpTest.cpp
compiler-rt/test/fuzzer/SwapCmpTest.cpp
compiler-rt/test/fuzzer/fuzzer-leak.test
compiler-rt/test/fuzzer/lit.cfg
compiler-rt/test/fuzzer/trace-malloc-threaded.test
Index: compiler-rt/test/fuzzer/trace-malloc-threaded.test
===================================================================
--- compiler-rt/test/fuzzer/trace-malloc-threaded.test
+++ compiler-rt/test/fuzzer/trace-malloc-threaded.test
@@ -2,7 +2,9 @@
// printing a stack trace repeatedly
UNSUPPORTED: darwin
-RUN: %cpp_compiler %S/TraceMallocThreadedTest.cpp -o %t-TraceMallocThreadedTest
+// Avoid optimizing since it causes the malloc to go away.
+RUN: %no_opt_cpp_compiler %S/TraceMallocThreadedTest.cpp -o \
+RUN: %t-TraceMallocThreadedTest
RUN: %t-TraceMallocThreadedTest -trace_malloc=2 -runs=1 2>&1 | FileCheck %s
CHECK: {{MALLOC\[[0-9]+] +0x[0-9]+ 5639}}
Index: compiler-rt/test/fuzzer/lit.cfg
===================================================================
--- compiler-rt/test/fuzzer/lit.cfg
+++ compiler-rt/test/fuzzer/lit.cfg
@@ -49,23 +49,25 @@
libfuzzer_src_root = os.path.join(config.compiler_rt_src_root, "lib", "fuzzer")
config.substitutions.append(('%libfuzzer_src', libfuzzer_src_root))
-def generate_compiler_cmd(is_cpp=True, fuzzer_enabled=True):
+def generate_compiler_cmd(is_cpp=True, fuzzer_enabled=True, optimize=True):
compiler_cmd = config.c_compiler
if config.clang and config.stdlib == 'libc++':
link_cmd = '-stdlib=libc++ -Wl,-rpath=%s' % config.llvm_library_dir
elif config.clang and config.stdlib == 'static-libc++':
link_cmd = '-stdlib=libc++ -lc++abi -static-libstdc++ -Wl,-rpath=%s' % config.llvm_library_dir
else:
link_cmd = '-lc++' if any(x in config.target_triple for x in ('darwin', 'freebsd')) else '-lstdc++'
std_cmd = '--driver-mode=g++ -std=c++11' if is_cpp else ''
+ opt_cmd = '-O2' if optimize else '-O0'
sanitizers = ['address']
if fuzzer_enabled:
sanitizers.append('fuzzer')
sanitizers_cmd = ('-fsanitize=%s' % ','.join(sanitizers))
isysroot_cmd = config.osx_sysroot_flag if config.osx_sysroot_flag else ''
include_cmd = '-I%s' % libfuzzer_src_root
- return '%s %s %s -gline-tables-only %s %s %s' % (
- compiler_cmd, std_cmd, link_cmd, isysroot_cmd, sanitizers_cmd, include_cmd)
+ return '%s %s %s %s -gline-tables-only %s %s %s' % (
+ compiler_cmd, std_cmd, opt_cmd, link_cmd, isysroot_cmd, sanitizers_cmd,
+ include_cmd)
config.substitutions.append(('%cpp_compiler',
generate_compiler_cmd(is_cpp=True, fuzzer_enabled=True)
@@ -82,3 +84,11 @@
config.substitutions.append(('%no_fuzzer_c_compiler',
generate_compiler_cmd(is_cpp=False, fuzzer_enabled=False)
))
+
+config.substitutions.append(('%no_opt_cpp_compiler',
+ generate_compiler_cmd(is_cpp=True, fuzzer_enabled=True, optimize=False)
+ ))
+
+config.substitutions.append(('%no_opt_c_compiler',
+ generate_compiler_cmd(is_cpp=False, fuzzer_enabled=True, optimize=False)
+ ))
Index: compiler-rt/test/fuzzer/fuzzer-leak.test
===================================================================
--- compiler-rt/test/fuzzer/fuzzer-leak.test
+++ compiler-rt/test/fuzzer/fuzzer-leak.test
@@ -1,6 +1,9 @@
REQUIRES: lsan
-RUN: %cpp_compiler %S/LeakTest.cpp -o %t-LeakTest
-RUN: %cpp_compiler %S/ThreadedLeakTest.cpp -o %t-ThreadedLeakTest
+
+// Avoid optimizing since it causes these leaks to go away.
+RUN: %no_opt_cpp_compiler %S/LeakTest.cpp -o %t-LeakTest
+RUN: %no_opt_cpp_compiler %S/ThreadedLeakTest.cpp -o %t-ThreadedLeakTest
+
RUN: %cpp_compiler %S/LeakTimeoutTest.cpp -o %t-LeakTimeoutTest
RUN: rm -rf %t-corpus && mkdir -p %t-corpus
Index: compiler-rt/test/fuzzer/SwapCmpTest.cpp
===================================================================
--- compiler-rt/test/fuzzer/SwapCmpTest.cpp
+++ compiler-rt/test/fuzzer/SwapCmpTest.cpp
@@ -11,22 +11,22 @@
if (Size < 14) return 0;
uint64_t x = 0;
uint32_t y = 0;
- uint16_t z = 0;
+ uint32_t z = 0;
memcpy(&x, Data, sizeof(x));
memcpy(&y, Data + Size / 2, sizeof(y));
memcpy(&z, Data + Size - sizeof(z), sizeof(z));
x = __builtin_bswap64(x);
y = __builtin_bswap32(y);
- z = __builtin_bswap16(z);
+ z = __builtin_bswap32(z);
const bool k32bit = sizeof(void*) == 4;
if ((k32bit || x == 0x46555A5A5A5A5546ULL) &&
z == 0x4F4B &&
y == 0x66757A7A &&
true
) {
- if (Data[Size - 3] == 'z') {
+ if (Data[Size - 5] == 'z') {
fprintf(stderr, "BINGO; Found the target\n");
exit(1);
}
Index: compiler-rt/test/fuzzer/SimpleCmpTest.cpp
===================================================================
--- compiler-rt/test/fuzzer/SimpleCmpTest.cpp
+++ compiler-rt/test/fuzzer/SimpleCmpTest.cpp
@@ -17,15 +17,15 @@
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
- if (Size != 22) return 0;
+ if (Size != 24) return 0;
uint64_t x = 0;
int64_t y = 0;
int32_t z = 0;
- uint16_t a = 0;
+ uint32_t a = 0;
memcpy(&x, Data, 8); // 8
memcpy(&y, Data + 8, 8); // 16
memcpy(&z, Data + 16, sizeof(z)); // 20
- memcpy(&a, Data + 20, sizeof(a)); // 22
+ memcpy(&a, Data + 20, sizeof(a)); // 24
const bool k32bit = sizeof(void*) == 4;
if ((k32bit || x > 1234567890) && PrintOnce(__LINE__) &&
Index: clang/lib/CodeGen/CodeGenFunction.cpp
===================================================================
--- clang/lib/CodeGen/CodeGenFunction.cpp
+++ clang/lib/CodeGen/CodeGenFunction.cpp
@@ -862,6 +862,10 @@
if (SanOpts.has(SanitizerKind::SafeStack))
Fn->addFnAttr(llvm::Attribute::SafeStack);
+ // Apply fuzzing attribute to the function.
+ if (SanOpts.hasOneOf(SanitizerKind::Fuzzer | SanitizerKind::FuzzerNoLink))
+ Fn->addFnAttr(llvm::Attribute::OptForFuzzing);
+
// Ignore TSan memory acesses from within ObjC/ObjC++ dealloc, initialize,
// .cxx_destruct, __destroy_helper_block_ and all of their calees at run time.
if (SanOpts.has(SanitizerKind::Thread)) {
_______________________________________________
cfe-commits mailing list
[email protected]
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
