From: Kostya Serebryany <kcc@google.com>
Date: Fri, 4 Aug 2017 23:49:53 +0000 (+0000)
Subject: [libFuzzer] use the in-binary pc table (instead of PCs captured at run-time) to imple... 
X-Git-Tag: android-x86-7.1-r4~12518
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=dea6df776523228bd7fd5178a5f44fb6d4cd7415;p=android-x86%2Fexternal-llvm.git

[libFuzzer] use the in-binary pc table (instead of PCs captured at run-time) to implement -exit_on_src_pos

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@310151 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/Fuzzer/FuzzerLoop.cpp b/lib/Fuzzer/FuzzerLoop.cpp
index 41fd213a653..2064783f340 100644
--- a/lib/Fuzzer/FuzzerLoop.cpp
+++ b/lib/Fuzzer/FuzzerLoop.cpp
@@ -328,17 +328,16 @@ void Fuzzer::SetMaxMutationLen(size_t MaxMutationLen) {
 void Fuzzer::CheckExitOnSrcPosOrItem() {
   if (!Options.ExitOnSrcPos.empty()) {
     static auto *PCsSet = new std::set<uintptr_t>;
-    for (size_t i = 1, N = TPC.GetNumPCs(); i < N; i++) {
-      uintptr_t PC = TPC.GetPC(i);
-      if (!PC) continue;
-      if (!PCsSet->insert(PC).second) continue;
-      std::string Descr = DescribePC("%L", PC);
+    auto HandlePC = [&](uintptr_t PC) {
+      if (!PCsSet->insert(PC).second) return;
+      std::string Descr = DescribePC("%F %L", PC + 1);
       if (Descr.find(Options.ExitOnSrcPos) != std::string::npos) {
         Printf("INFO: found line matching '%s', exiting.\n",
                Options.ExitOnSrcPos.c_str());
         _Exit(0);
       }
-    }
+    };
+    TPC.ForEachObservedPC(HandlePC);
   }
   if (!Options.ExitOnItem.empty()) {
     if (Corpus.HasUnit(Options.ExitOnItem)) {
diff --git a/lib/Fuzzer/FuzzerTracePC.h b/lib/Fuzzer/FuzzerTracePC.h
index ad832d7b2d4..d5d2985d62c 100644
--- a/lib/Fuzzer/FuzzerTracePC.h
+++ b/lib/Fuzzer/FuzzerTracePC.h
@@ -133,6 +133,13 @@ class TracePC {
   }
   uintptr_t GetMaxStackOffset() const { return InitialStack - LowestStack; }
 
+  template<class CallBack>
+  void ForEachObservedPC(CallBack CB) {
+    if (ObservedPCs)
+      for (auto PC : *ObservedPCs)
+        CB(PC);
+  }
+
 private:
   bool UseCounters = false;
   bool UseValueProfile = false;
diff --git a/lib/Fuzzer/test/ShrinkControlFlowTest.cpp b/lib/Fuzzer/test/ShrinkControlFlowTest.cpp
index d0954296362..1957c1f90fc 100644
--- a/lib/Fuzzer/test/ShrinkControlFlowTest.cpp
+++ b/lib/Fuzzer/test/ShrinkControlFlowTest.cpp
@@ -10,6 +10,10 @@
 
 static volatile int Sink;
 
+void Foo() {
+  Sink++;
+}
+
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
   int8_t Ids[256];
   memset(Ids, -1, sizeof(Ids));
@@ -20,8 +24,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
   int U = Ids[(unsigned char)'U'];
   int Z = Ids[(unsigned char)'Z'];
   if (F >= 0 && U > F && Z > U) {
-    Sink++;
-    //fprintf(stderr, "IDS: %d %d %d\n", F, U, Z);
+    Foo();
   }
   return 0;
 }
diff --git a/lib/Fuzzer/test/exit_on_src_pos.test b/lib/Fuzzer/test/exit_on_src_pos.test
new file mode 100644
index 00000000000..6a42c7ae953
--- /dev/null
+++ b/lib/Fuzzer/test/exit_on_src_pos.test
@@ -0,0 +1,8 @@
+# Temporary use -mllvm -use-unknown-locations=Disable so that
+# all instructions have debug info (file line numbers) attached.
+RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest -mllvm -use-unknown-locations=Disable
+RUN: %cpp_compiler %S/ShrinkControlFlowTest.cpp -o %t-ShrinkControlFlowTest
+
+RUN: %t-SimpleTest  -exit_on_src_pos=SimpleTest.cpp:18                 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
+RUN: %t-ShrinkControlFlowTest  -exit_on_src_pos=Foo 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
+EXIT_ON_SRC_POS: INFO: found line matching '{{.*}}', exiting.
diff --git a/lib/Fuzzer/test/fuzzer.test b/lib/Fuzzer/test/fuzzer.test
index 82daad10f07..e506fcbee56 100644
--- a/lib/Fuzzer/test/fuzzer.test
+++ b/lib/Fuzzer/test/fuzzer.test
@@ -11,7 +11,6 @@ RUN: %cpp_compiler %S/InitializeTest.cpp -o %t-InitializeTest
 RUN: %cpp_compiler %S/NotinstrumentedTest.cpp -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard -o %t-NotinstrumentedTest-NoCoverage
 RUN: %cpp_compiler %S/NullDerefOnEmptyTest.cpp -o %t-NullDerefOnEmptyTest
 RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest
-RUN: %cpp_compiler %S/ShrinkControlFlowTest.cpp -o %t-ShrinkControlFlowTest
 RUN: %cpp_compiler %S/SimpleCmpTest.cpp -o %t-SimpleCmpTest
 RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest
 RUN: %cpp_compiler %S/StrncmpOOBTest.cpp -o %t-StrncmpOOBTest
@@ -62,10 +61,6 @@ RUN: not %t-DSOTest 2>&1 | FileCheck %s --check-prefix=DSO
 DSO: INFO: Loaded 3 modules
 DSO: BINGO
 
-RUN: %t-SimpleTest  -exit_on_src_pos=SimpleTest.cpp:18                 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
-RUN: %t-ShrinkControlFlowTest  -exit_on_src_pos=ShrinkControlFlowTest.cpp:23 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
-EXIT_ON_SRC_POS: INFO: found line matching '{{.*}}', exiting.
-
 RUN: env ASAN_OPTIONS=strict_string_checks=1 not %t-StrncmpOOBTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=STRNCMP
 STRNCMP: AddressSanitizer: heap-buffer-overflow
 STRNCMP-NOT: __sanitizer_weak_hook_strncmp