This allows -fsanitize=fuzzer and -fsanitize=fuzzer-no-link for the MSVC toolchain (Windows).
It puts arrays for storing the PC table, 8 bit counters, and coverage guards, in their own sections, so their sizes can be determined (since ___start isn't supported by linkers targeting MSVC toolchain).
Details
Details
- Reviewers
morehouse
Diff Detail
Diff Detail
- Repository
- rL LLVM
Event Timeline
Comment Actions
Matt, could you please take a look at this?
This patch puts each array used by sancov/libFuzzer into a unique section.
The section names all begin with ".SCOV", the next letter in the name signifies what the section is used for (eg: in SCOVC$M, C stands for Counters).
The section names all end in $M so that libFuzzer will know the size and location of the arrays (this is how symbols such as __start___sancov_cntrs are set by the linker when targeting MSVC. This technique was first used for libFuzzer here)
This change needs my patch for compiler-rt (specifically this file) to make sense.
| lib/Transforms/Instrumentation/SanitizerCoverage.cpp | ||
|---|---|---|
| 813 | This naming scheme isn't great, but we need 3 unique names that are less than or equal to 8 chars (this the maximum section name length, see https://msdn.microsoft.com/en-us/library/7977wcck.aspx). | |
| 814 | Maybe I shouldn't rename the section used to store the guard array, since I am planning on leaving it in a broken state as per (what I think are) kcc's wishes, but I want to be consistent with the other section names. | |
Comment Actions
@kcc I'm abandoning this review and resubmitting this patch as part of [[ URL | https://reviews.llvm.org/D51022 ]] review, so that my changes to clang, llvm, and compiler-rt can be seen together where they make sense.
I added a lit test there.
This naming scheme isn't great, but we need 3 unique names that are less than or equal to 8 chars (this the maximum section name length, see https://msdn.microsoft.com/en-us/library/7977wcck.aspx).