trace comparison instructions and switch statements
On 09/19/2017 03:14 PM, Tamar Christina wrote:
> it's fine at O1, O2 and O3 though. Should the test be running for O0?
It's a known issue:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82183
Martin
On 09/19/2017 03:14 PM, Tamar Christina wrote:
> it's fine at O1, O2 and O3 though. Should the test be running for O0?
It's a known issue:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82183
Martin
uesday, September 12, 2017 5:35 PM
To: Dmitry Vyukov
Cc: 吴潍浠(此彼); Jakub Jelinek; gcc-patches; Jeff Law; wishwu007; Alexander
Potapenko; andreyknvl
Subject: Re: Add support to trace comparison instructions and switch statements
On Tue, Sep 12, 2017 at 7:32 AM, Dmitry Vyukov wrote:
> On Thu, Sep 7,
cial handling for exit, if someone explains why
this is interesting (in a separate thread, perhaps).
Also, gcc already has -finstrument-functions
>>
>> How do you think Dmitry ?
>>
>> Wish Wu
>>
>> ------------------
>> From:Jakub Jelinek
>> Ti
e level of stack to past existed
>> stack.
>> Adding __sanitizer_cov_trace_pc_{enter,exit} is easy , but it is not
>> standard of llvm.
>>
>> How do you think Dmitry ?
>>
>> Wish Wu
>>
>> ------------------
s easy , but it is not standard
> of llvm.
>
> How do you think Dmitry ?
>
> Wish Wu
>
> --
> From:Jakub Jelinek
> Time:2017 Sep 6 (Wed) 22:37
> To:Wish Wu
> Cc:Dmitry Vyukov ; gcc-patches ;
> Je
Hi David,
> On Thu, Sep 7, 2017 at 6:57 PM, Rainer Orth
> wrote:
>> Jakub Jelinek writes:
>>
>>> On Wed, Sep 06, 2017 at 10:08:01PM +0200, David Edelsohn wrote:
This change broke bootstrap on AIX because sancov.c now references a
macro that is defined as a function on AIX. sancov.c n
On Thu, Sep 7, 2017 at 6:57 PM, Rainer Orth
wrote:
> Jakub Jelinek writes:
>
>> On Wed, Sep 06, 2017 at 10:08:01PM +0200, David Edelsohn wrote:
>>> This change broke bootstrap on AIX because sancov.c now references a
>>> macro that is defined as a function on AIX. sancov.c needs to include
>>>
Jakub Jelinek writes:
> On Wed, Sep 06, 2017 at 10:08:01PM +0200, David Edelsohn wrote:
>> This change broke bootstrap on AIX because sancov.c now references a
>> macro that is defined as a function on AIX. sancov.c needs to include
>> tm_p.h to pull in the target-dependent prototypes. The foll
--
From:Jakub Jelinek
Time:2017 Sep 6 (Wed) 22:37
To:Wish Wu
Cc:Dmitry Vyukov ; gcc-patches ;
Jeff Law ; wishwu007
Subject:Re: Add support to trace comparison instructions and switch statements
On Wed, Sep 06, 2017 at 07:47:29PM +0800, 吴潍浠(此彼) wrote:
> Hi Jakub
> I compiled li
On Wed, Sep 06, 2017 at 10:08:01PM +0200, David Edelsohn wrote:
> This change broke bootstrap on AIX because sancov.c now references a
> macro that is defined as a function on AIX. sancov.c needs to include
> tm_p.h to pull in the target-dependent prototypes. The following
> patch works for me.
This change broke bootstrap on AIX because sancov.c now references a
macro that is defined as a function on AIX. sancov.c needs to include
tm_p.h to pull in the target-dependent prototypes. The following
patch works for me. Is this okay?
* sancov.c: Include tm_p.h.
Index: sancov.c
On Wed, Sep 06, 2017 at 04:37:18PM +0200, Jakub Jelinek wrote:
> Ok. Please make sure those entrypoints make it into the various example
> __sanitier_cov_trace* fuzzer implementations though, so that people using
> -fsanitize-coverage=trace-cmp in GCC will not need to hack stuff themselves.
> At l
On Wed, Sep 06, 2017 at 07:47:29PM +0800, 吴潍浠(此彼) wrote:
> Hi Jakub
> I compiled libjpeg-turbo and libdng_sdk with options "-g -O3 -Wall
> -fsanitize-coverage=trace-pc,trace-cmp -fsanitize=address".
> And run my fuzzer with pc and cmp feedbacks for hours. It works fine.
> About __sanitizer_cov_tra
upport to trace comparison instructions and switch statements
On Tue, Sep 05, 2017 at 09:03:52PM +0800, 吴潍浠(此彼) wrote:
> Attachment is my updated path.
> The implementation of parse_sanitizer_options is not elegance enough. Mixing
> handling flags of fsanitize is easy to make mistakes.
T
On Tue, Sep 05, 2017 at 09:03:52PM +0800, 吴潍浠(此彼) wrote:
> Attachment is my updated path.
> The implementation of parse_sanitizer_options is not elegance enough. Mixing
> handling flags of fsanitize is easy to make mistakes.
To avoid too many further iterations, I took the liberty to tweak your
p
--
From:Jakub Jelinek
Time:2017 Sep 5 (Tue) 01:34
To:Wish Wu
Cc:Dmitry Vyukov ; gcc-patches ;
Jeff Law ; wishwu007
Subject:Re: Add support to trace comparison instructions and switch statements
On Mon, Sep 04, 2017 at 09:36:40PM +0800
On Mon, Sep 04, 2017 at 09:36:40PM +0800, 吴潍浠(此彼) wrote:
> gcc/ChangeLog:
>
> 2017-09-04 Wish Wu
>
> * asan.c (initialize_sanitizer_builtins):
> * builtin-types.def (BT_FN_VOID_UINT8
expression for
comparison.
Wish Wu
--
From:Dmitry Vyukov
Time:2017 Sep 3 (Sun) 19:05
To:Wish Wu
Cc:Jakub Jelinek ; gcc ; gcc-patches
; Jeff Law ; wishwu007
Subject:Re: Add support to trace comparison instructions and switch stat
rison.
Wish Wu
--
From:Dmitry Vyukov
Time:2017 Sep 3 (Sun) 19:05
To:Wish Wu
Cc:Jakub Jelinek ; gcc ; gcc-patches
; Jeff Law ; wishwu007
Subject:Re: Add support to trace comparison instructions and switch statements
On Sun, Sep 3, 2017 at 12:38 PM, 吴潍浠(此
.
> Wish Wu
>
> --
> From:Dmitry Vyukov
> Time:2017 Sep 3 (Sun) 18:21
> To:Jakub Jelinek
> Cc:Wish Wu ; gcc ; gcc-patches
> ; Jeff Law ; wishwu007
>
> Subject:Re: Add support to trace comparison instructions and switch statements
>
; Jeff Law ; wishwu007
Subject:Re: Add support to trace comparison instructions and switch statements
On Sun, Sep 3, 2017 at 12:19 PM, Dmitry Vyukov wrote:
> On Sun, Sep 3, 2017 at 12:01 PM, Jakub Jelinek wrote:
>> On Sun, Sep 03, 2017 at 10:50:16AM +0200, Dmitry Vyukov wrote:
&g
On Sun, Sep 3, 2017 at 12:19 PM, Dmitry Vyukov wrote:
> On Sun, Sep 3, 2017 at 12:01 PM, Jakub Jelinek wrote:
>> On Sun, Sep 03, 2017 at 10:50:16AM +0200, Dmitry Vyukov wrote:
>>> What we instrument in LLVM is _comparisons_ rather than control
>>> structures. So that would be:
>>> _4 = x_8(D)
On Sun, Sep 3, 2017 at 12:01 PM, Jakub Jelinek wrote:
> On Sun, Sep 03, 2017 at 10:50:16AM +0200, Dmitry Vyukov wrote:
>> What we instrument in LLVM is _comparisons_ rather than control
>> structures. So that would be:
>> _4 = x_8(D) == 98;
>> For example, result of the comparison can be store
On Sun, Sep 03, 2017 at 10:50:16AM +0200, Dmitry Vyukov wrote:
> What we instrument in LLVM is _comparisons_ rather than control
> structures. So that would be:
> _4 = x_8(D) == 98;
> For example, result of the comparison can be stored into a bool struct
> field, and then used in branching long
On Fri, Sep 1, 2017 at 6:23 PM, Jakub Jelinek wrote:
> On Fri, Jul 21, 2017 at 01:38:17PM +0800, 吴潍浠(此彼) wrote:
>> Hi Jeff
>>
>> I have signed the copyright assignment, and used the name 'Wish Wu' .
>> Should I send you a copy of my assignment ?
>>
>> The attachment is my new patch with small chan
On Fri, Jul 21, 2017 at 01:38:17PM +0800, 吴潍浠(此彼) wrote:
> Hi Jeff
>
> I have signed the copyright assignment, and used the name 'Wish Wu' .
> Should I send you a copy of my assignment ?
>
> The attachment is my new patch with small changes.
> Codes are checked by ./contrib/check_GNU_style.sh, e
---
> From:Wish Wu
> Time:2017 Jul 21 (Fri) 13:38
> To:gcc ; gcc-patches ; Jeff Law
>
> Cc:wishwu007
> Subject:Re: Add support to trace comparison instructions and switch statements
>
>
> Hi Jeff
>
> I have signed the copyright assignment, and used the name '
21 (Fri) 13:38
To:gcc ; gcc-patches ; Jeff Law
Cc:wishwu007
Subject:Re: Add support to trace comparison instructions and switch statements
Hi Jeff
I have signed the copyright assignment, and used the name 'Wish Wu' .
Should I send you a copy of my assignment ?
The attachment is my
On Fri, Jul 21, 2017 at 1:38 AM, 吴潍浠(此彼) wrote:
> Hi Jeff
>
> I have signed the copyright assignment, and used the name 'Wish Wu' .
> Should I send you a copy of my assignment ?
Your assignment now is on file in the FSF Copyright Assignment list
where Jeff, I and other maintainers can see it. We
les.
With
--
From:Jeff Law
Time:2017 Jul 14 (Fri) 15:37
To:Wish Wu ; gcc ; gcc-patches
Cc:wishwu007
Subject:Re: Add support to trace comparison instructions and switch statements
On 07/10/2017 06:07 AM, 吴潍浠(此彼) wrote:
> Hi
>
> I write some codes to make gcc
gt; --
> From:Dmitry Vyukov
> Time:2017 Jul 15 (Sat) 13:41
> To:Kostya Serebryany
> Cc:Wish Wu ; gcc ; gcc-patches
> ; Wish Wu ; Alexander
> Potapenko ; andreyknvl ; Victor
> Chibotaru ; Yuri Gribov
> Su
Add support to trace comparison instructions and switch statements
On Fri, Jul 14, 2017 at 11:17 PM, Kostya Serebryany wrote:
>>>> > Hi
>>>> >
>>>> > I wrote a test for "-fsanitize-coverage=trace-cmp" .
>>>> >
>>>> &
On Fri, Jul 14, 2017 at 11:17 PM, Kostya Serebryany wrote:
> Hi
>
> I wrote a test for "-fsanitize-coverage=trace-cmp" .
>
> Is there anybody tells me if these codes could be merged into gcc ?
Nice!
We are currently working on Linux kernel fuzzing
On Fri, Jul 14, 2017 at 5:23 AM, Dmitry Vyukov wrote:
> On Thu, Jul 13, 2017 at 11:18 PM, Kostya Serebryany wrote:
>>> > Hi
>>> >
>>> > I wrote a test for "-fsanitize-coverage=trace-cmp" .
>>> >
>>> > Is there anybody tells me if these codes could be merged into gcc ?
>>>
>>>
>>> Nice!
>>>
>>> We
On Thu, Jul 13, 2017 at 11:18 PM, Kostya Serebryany wrote:
>> > Hi
>> >
>> > I wrote a test for "-fsanitize-coverage=trace-cmp" .
>> >
>> > Is there anybody tells me if these codes could be merged into gcc ?
>>
>>
>> Nice!
>>
>> We are currently working on Linux kernel fuzzing that use the
>> comp
On 07/10/2017 06:07 AM, 吴潍浠(此彼) wrote:
> Hi
>
> I write some codes to make gcc support comparison-guided fuzzing.
> It is very like
> http://clang.llvm.org/docs/SanitizerCoverage.html#tracing-data-flow .
> With -fsanitize-coverage=trace-cmp the compiler will insert extra
> instrumentation around
On Thu, Jul 13, 2017 at 12:41 PM, Wish Wu wrote:
> Hi
>
> In fact, under linux with "return address" and file "/proc/self/maps",
> we can give unique id for every comparison.
Yes, it's doable. But you expressed worries about performance hit of
merging callbacks for different sizes. Mapping pc + i
Hi
In fact, under linux with "return address" and file "/proc/self/maps",
we can give unique id for every comparison.
For fuzzing, we may give 3 bits for every comparison as marker of if
"<", "==" or ">" is showed. :D
With Regards
Wish Wu of Ant-financial Light-Year Security Lab
On Thu, Jul 13,
Hi
In my perspective:
1. Do we need to assign unique id for every comparison ?
Yes, I suggest to implement it like -fsanitize-coverage=trace-pc-guard .
Because some fuzzing targets may invoke dlopen() like functions to
load libraries(modules) after fork(), while these libraries are
compil
On Tue, Jul 11, 2017 at 1:59 PM, Wish Wu wrote:
> Hi
>
> I wrote a test for "-fsanitize-coverage=trace-cmp" .
>
> Is there anybody tells me if these codes could be merged into gcc ?
Nice!
We are currently working on Linux kernel fuzzing that use the
comparison tracing. We use clang at the momen
Hi
I wrote a test for "-fsanitize-coverage=trace-cmp" .
Is there anybody tells me if these codes could be merged into gcc ?
Index: gcc/testsuite/gcc.dg/sancov/basic3.c
===
--- gcc/testsuite/gcc.dg/sancov/basic3.c (nonexistent)
+++ g
Hi
I write some codes to make gcc support comparison-guided fuzzing.
It is very like
http://clang.llvm.org/docs/SanitizerCoverage.html#tracing-data-flow .
With -fsanitize-coverage=trace-cmp the compiler will insert extra
instrumentation around comparison instructions and switch statements.
I thi
43 matches
Mail list logo
