This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
compiler-rt/trunk/
-
trunk/
-
lib/fuzzer/
-
fuzzer/
-
FuzzerShmemPosix.cpp
-
test/fuzzer/
-
fuzzer/
-
equivalence-signals.test

Differential D46622

wrong usages of sem_open in the libFuzzer
ClosedPublic

Authored by tomsun.0.7 on May 8 2018, 7:27 PM.

Download Raw Diff

Details

Reviewers

vitalybuka
krytarowski
kcc

Commits

rGaee7b0f20921: wrong usages of sem_open in the libFuzzer
rCRT332003: wrong usages of sem_open in the libFuzzer
rL332003: wrong usages of sem_open in the libFuzzer

Summary

Fixed two non-standard usages of sem_open in the libFuzzer library and
one NetBSD-related modification with test script.

The return value to indicate error should be SEM_FAILED instead of (void *)-1 (please refer to "RETURN VALUE" section in this page). Actually, SEM_FAILED != (void *)-1 holds in NetBSD.
The SharedMemoryRegion::SemName function should return name starting with slash. Because the behaviour of name which does not start with slash is unspecified as the "DESCRIPTION" section specified:

If name does not begin with the <slash> character, the effect is implementation-defined.

The length of name is limited to 14 in NetBSD, it is suggested to reduce the length of equivalence server name in the test script.

Diff Detail

Repository: rL LLVM

Event Timeline

tomsun.0.7 created this revision.May 8 2018, 7:27 PM

Herald added a subscriber: llvm-commits. · View Herald TranscriptMay 8 2018, 7:27 PM

tomsun.0.7 edited the summary of this revision. (Show Details)May 8 2018, 7:29 PM

It looks good to me, but I will wait for the final word from @vitalybuka

BTW.
We usually want to see a diff as a result of git diff -U9999 for larger context.
Also the description shall be manually formatted for restricted number of columns,
otherwise we will get very long lines in a commit description.

In D46622#1092416, @krytarowski wrote:

It looks good to me, but I will wait for the final word from @vitalybuka

BTW.
We usually want to see a diff as a result of git diff -U9999 for larger context.
Also the description shall be manually formatted for restricted number of columns,
otherwise we will get very long lines in a commit description.

Updated, thanks for the suggestions!

I don't mind, but just a FYI: it's likely that I will delete this code in near future.

lib/fuzzer/FuzzerShmemPosix.cpp
35 ↗	(On Diff #145845)	please explain in a comment

tomsun.0.7 updated this revision to Diff 146072.May 9 2018, 11:46 PM

LGTM

This revision is now accepted and ready to land.May 10 2018, 10:05 AM

Closed by commit rL332003: wrong usages of sem_open in the libFuzzer (authored by kamil). · Explain WhyMay 10 2018, 10:34 AM

This revision was automatically updated to reflect the committed changes.

Herald added a subscriber: delcypher. · View Herald TranscriptMay 10 2018, 10:34 AM

Revision Contents

Path

Size

compiler-rt/

trunk/

lib/

fuzzer/

FuzzerShmemPosix.cpp

9 lines

test/

fuzzer/

equivalence-signals.test

4 lines

Diff 146154

compiler-rt/trunk/lib/fuzzer/FuzzerShmemPosix.cpp

	Show All 26 Lines
	namespace fuzzer {			namespace fuzzer {

	std::string SharedMemoryRegion::Path(const char *Name) {			std::string SharedMemoryRegion::Path(const char *Name) {
	return DirPlusFile(TmpDir(), Name);			return DirPlusFile(TmpDir(), Name);
	}			}

	std::string SharedMemoryRegion::SemName(const char *Name, int Idx) {			std::string SharedMemoryRegion::SemName(const char *Name, int Idx) {
	std::string Res(Name);			std::string Res(Name);
				// When passing a name without a leading <slash> character to
				// sem_open, the behaviour is unspecified in POSIX. Add a leading
				// <slash> character for the name if there is no such one.
				if (!Res.empty() && Res[0] != '/')
				Res.insert(Res.begin(), '/');
	return Res + (char)('0' + Idx);			return Res + (char)('0' + Idx);
	}			}

	bool SharedMemoryRegion::Map(int fd) {			bool SharedMemoryRegion::Map(int fd) {
	Data =			Data =
	(uint8_t *)mmap(0, kShmemSize, PROT_WRITE \| PROT_READ, MAP_SHARED, fd, 0);			(uint8_t *)mmap(0, kShmemSize, PROT_WRITE \| PROT_READ, MAP_SHARED, fd, 0);
	if (Data == (uint8_t*)-1)			if (Data == (uint8_t*)-1)
	return false;			return false;
	return true;			return true;
	}			}

	bool SharedMemoryRegion::Create(const char *Name) {			bool SharedMemoryRegion::Create(const char *Name) {
	int fd = open(Path(Name).c_str(), O_CREAT \| O_RDWR, 0777);			int fd = open(Path(Name).c_str(), O_CREAT \| O_RDWR, 0777);
	if (fd < 0) return false;			if (fd < 0) return false;
	if (ftruncate(fd, kShmemSize) < 0) return false;			if (ftruncate(fd, kShmemSize) < 0) return false;
	if (!Map(fd))			if (!Map(fd))
	return false;			return false;
	for (int i = 0; i < 2; i++) {			for (int i = 0; i < 2; i++) {
	sem_unlink(SemName(Name, i).c_str());			sem_unlink(SemName(Name, i).c_str());
	Semaphore[i] = sem_open(SemName(Name, i).c_str(), O_CREAT, 0644, 0);			Semaphore[i] = sem_open(SemName(Name, i).c_str(), O_CREAT, 0644, 0);
	if (Semaphore[i] == (void *)-1)			if (Semaphore[i] == SEM_FAILED)
	return false;			return false;
	}			}
	IAmServer = true;			IAmServer = true;
	return true;			return true;
	}			}

	bool SharedMemoryRegion::Open(const char *Name) {			bool SharedMemoryRegion::Open(const char *Name) {
	int fd = open(Path(Name).c_str(), O_RDWR);			int fd = open(Path(Name).c_str(), O_RDWR);
	if (fd < 0) return false;			if (fd < 0) return false;
	struct stat stat_res;			struct stat stat_res;
	if (0 != fstat(fd, &stat_res))			if (0 != fstat(fd, &stat_res))
	return false;			return false;
	assert(stat_res.st_size == kShmemSize);			assert(stat_res.st_size == kShmemSize);
	if (!Map(fd))			if (!Map(fd))
	return false;			return false;
	for (int i = 0; i < 2; i++) {			for (int i = 0; i < 2; i++) {
	Semaphore[i] = sem_open(SemName(Name, i).c_str(), 0);			Semaphore[i] = sem_open(SemName(Name, i).c_str(), 0);
	if (Semaphore[i] == (void *)-1)			if (Semaphore[i] == SEM_FAILED)
	return false;			return false;
	}			}
	IAmServer = false;			IAmServer = false;
	return true;			return true;
	}			}

	bool SharedMemoryRegion::Destroy(const char *Name) {			bool SharedMemoryRegion::Destroy(const char *Name) {
	return 0 == unlink(Path(Name).c_str());			return 0 == unlink(Path(Name).c_str());
	Show All 22 Lines

compiler-rt/trunk/test/fuzzer/equivalence-signals.test

	# Run EquivalenceATest against itself with a small timeout			# Run EquivalenceATest against itself with a small timeout
	# to stress the signal handling and ensure that shmem doesn't mind			# to stress the signal handling and ensure that shmem doesn't mind
	# the signals.			# the signals.
	UNSUPPORTED: freebsd			UNSUPPORTED: freebsd

	# The test is not supported on Darwin			# The test is not supported on Darwin
	UNSUPPORTED: darwin			UNSUPPORTED: darwin

	RUN: %cpp_compiler %S/EquivalenceATest.cpp -o %t-EquivalenceATest			RUN: %cpp_compiler %S/EquivalenceATest.cpp -o %t-EquivalenceATest
	RUN: %t-EquivalenceATest -timeout=1 -run_equivalence_server=EQUIV_SIG_TEST & export APID=$!			RUN: %t-EquivalenceATest -timeout=1 -run_equivalence_server=EQ_SIG_TEST & export APID=$!
	RUN: sleep 3			RUN: sleep 3
	RUN: %t-EquivalenceATest -timeout=1 -use_equivalence_server=EQUIV_SIG_TEST -runs=500000 2>&1			RUN: %t-EquivalenceATest -timeout=1 -use_equivalence_server=EQ_SIG_TEST -runs=500000 2>&1
	RUN: kill -9 $APID			RUN: kill -9 $APID