This is an archive of the discontinued LLVM Phabricator instance.

Differential D83494

[libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.
ClosedPublic

Authored by dokyungs on Jul 9 2020, 10:34 AM.

Details

Reviewers
kcc
morehouse
hctim
Commits
rG831ae45e3dc6: Recommit "[libFuzzer] Link libFuzzer's own interceptors when other compiler…
rGf78d9fceea73: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are…
Summary

libFuzzer intercepts certain library functions such as memcmp/strcmp by defining weak hooks. Weak hooks, however, are called only when other runtimes such as ASan is linked. This patch defines libFuzzer's own interceptors, which is linked into the libFuzzer executable when other runtimes are not linked, i.e., when -fsanitize=fuzzer is given, but not others.

The patch once landed but was reverted in 8ef9e2bf355d05bc81d8b0fe1e5333eec59a0a91 due to an assertion failure caused by calling an intercepted function, strncmp, while initializing the interceptors in fuzzerInit(). This issue is now fixed by calling internal_strncmp() when the fuzzer has not been initialized yet, instead of recursively calling fuzzerInit() again.

Diff Detail

Unit TestsFailed

TimeTest
500 mslinux > AddressSanitizer-x86_64-linux.TestCases/Linux::Unknown Unit Message ("")
450 mslinux > SanitizerCommon-asan-x86_64-Linux.Linux::Unknown Unit Message ("")
290 mslinux > SanitizerCommon-lsan-x86_64-Linux.Linux::Unknown Unit Message ("")
380 mslinux > SanitizerCommon-msan-x86_64-Linux.Linux::Unknown Unit Message ("")
450 mslinux > SanitizerCommon-tsan-x86_64-Linux.Linux::Unknown Unit Message ("")
View Full Test Results (6 Failed)

Event Timeline

dokyungs created this revision.Jul 9 2020, 10:34 AM
Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptJul 9 2020, 10:34 AM
Herald added subscribers: Restricted Project, cfe-commits, mgorny. · View Herald Transcript
dokyungs added reviewers: kcc, morehouse, hctim.Jul 9 2020, 10:39 AM
Harbormaster failed remote builds in B63611: Diff 276776!Jul 9 2020, 11:02 AM
morehouse added a comment.Jul 9 2020, 1:42 PM

Seems like the general approach we want.

Could you:

  • Fix the lint warnings
  • Find out why the unit tests failed
  • Add strcmp
  • Modify the memcmp/strcmp unit tests to show that we can solve them with/without ASan

After that I'll take a closer look.

dokyungs updated this revision to Diff 277462.Jul 13 2020, 9:31 AM

Add interceptors for all the functions libFuzzer has a weak interceptor for, and duplicate existing interceptor test cases with new compiler flags (-fno-sanitize=address).

Builtin libfunc optimizations may transform memcmp and strcmp-like functions. To disable such optimizations, -fno-builtin= flag was additionally added in compiling new test cases. FWIW, the original test cases didn't require such flags since other sanitizers including ASan disables those optimizations in their LLVM pass by dropping libfunc attribute in the call instructions.

Harbormaster failed remote builds in B63981: Diff 277462!Jul 13 2020, 11:11 AM
hctim added a comment.Jul 13 2020, 11:38 AM
In D83494#2147608, @dokyungs wrote:

Builtin libfunc optimizations may transform memcmp and strcmp-like functions. To disable such optimizations, -fno-builtin= flag was additionally added in compiling new test cases. FWIW, the original test cases didn't require such flags since other sanitizers including ASan disables those optimizations in their LLVM pass by dropping libfunc attribute in the call instructions.

It sounds like we need to add -fno-builtin in the clang driver when building with sancov as well. Otherwise, users won't get any benefit of this patch without doing clang++ -fsanitize=fuzzer my_fuzz_target.cpp -fno-builtin-strstr -fno-builtin-strncmp -fno-builtin-strcmp -fno-builtin-memcmp?

dokyungs added a comment.Jul 13 2020, 12:08 PM
In D83494#2148043, @hctim wrote:
In D83494#2147608, @dokyungs wrote:

Builtin libfunc optimizations may transform memcmp and strcmp-like functions. To disable such optimizations, -fno-builtin= flag was additionally added in compiling new test cases. FWIW, the original test cases didn't require such flags since other sanitizers including ASan disables those optimizations in their LLVM pass by dropping libfunc attribute in the call instructions.

It sounds like we need to add -fno-builtin in the clang driver when building with sancov as well. Otherwise, users won't get any benefit of this patch without doing clang++ -fsanitize=fuzzer my_fuzz_target.cpp -fno-builtin-strstr -fno-builtin-strncmp -fno-builtin-strcmp -fno-builtin-memcmp?

Right. Apparently with -O2 many calls to memcmp-like functions are removed. I just wondered, though, what makes more sense: disabling such optimization when building (i) with sancov, or (ii) with -fsanitize=fuzzer? If we go for (i), would it make sense to do it in the SanitizerCoverage module pass like other sanitizers do? What do you think? Also, can it be addressed in a follow-up patch?

morehouse added a comment.EditedJul 13 2020, 12:12 PM
In D83494#2148164, @dokyungs wrote:
In D83494#2148043, @hctim wrote:
In D83494#2147608, @dokyungs wrote:

Builtin libfunc optimizations may transform memcmp and strcmp-like functions. To disable such optimizations, -fno-builtin= flag was additionally added in compiling new test cases. FWIW, the original test cases didn't require such flags since other sanitizers including ASan disables those optimizations in their LLVM pass by dropping libfunc attribute in the call instructions.

It sounds like we need to add -fno-builtin in the clang driver when building with sancov as well. Otherwise, users won't get any benefit of this patch without doing clang++ -fsanitize=fuzzer my_fuzz_target.cpp -fno-builtin-strstr -fno-builtin-strncmp -fno-builtin-strcmp -fno-builtin-memcmp?

Right. Apparently with -O2 many calls to memcmp-like functions are removed. I just wondered, though, what makes more sense: disabling such optimization when building (i) with sancov, or (ii) with -fsanitize=fuzzer? If we go for (i), would it make sense to do it in the SanitizerCoverage module pass like other sanitizers do? What do you think? Also, can it be addressed in a follow-up patch?

My opinion is to make it part of -fsanitize=fuzzer, or maybe disable parts of the builtin optimization pass for functions with the OptForFuzzing attribute.

And I think a follow-up patch is easier to review.

dokyungs updated this revision to Diff 277530.Jul 13 2020, 12:25 PM

Fixed a few LINT warnings by defining some macros that resemble the ones used in other sanitizer interception code.

Harbormaster failed remote builds in B64030: Diff 277530!Jul 13 2020, 12:30 PM
hctim added a comment.Jul 13 2020, 12:41 PM
In D83494#2148180, @morehouse wrote:
In D83494#2148164, @dokyungs wrote:

Right. Apparently with -O2 many calls to memcmp-like functions are removed. I just wondered, though, what makes more sense: disabling such optimization when building (i) with sancov, or (ii) with -fsanitize=fuzzer? If we go for (i), would it make sense to do it in the SanitizerCoverage module pass like other sanitizers do? What do you think? Also, can it be addressed in a follow-up patch?

My opinion is to make it part of -fsanitize=fuzzer, or maybe disable parts of the builtin optimization pass for functions with the OptForFuzzing attribute.

And I think a follow-up patch is easier to review.

Agreed with Matt on all of the above.

morehouse added inline comments.Jul 13 2020, 3:23 PM
compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
15

We should include FuzzerDefs.h to use this, not FuzzerBuiltins.h.

26

Any reason not to use uintptr_t instead?

42

Nit: I think we should prefer C++ constructs, so reinterpret_cast<uintptr_t> here.

117

Why extern "C++"? I don't think we want that here.

124

Also why extern "C++" here?

141

Nit: reinterpret_cast<uintptr_t>()

160

Nit: Please add this comment:

} // extern "C"
compiler-rt/test/fuzzer/no-asan-strstr.test
5 ↗(On Diff #277530)

Since these "no-asan" cases are pretty small, can we just add them to the existing *cmp tests?

dokyungs updated this revision to Diff 277620.Jul 13 2020, 5:09 PM

Addressed Matt's comments.

A major change in this round that needs explanation is introduction of FuzzerPlatform.h. Previously I defined strstr and strcasestr with extern "C++" to workaround conflicting definition errors resulting from including <string.h>. But since including it is not necessary when compiling this interceptor module, this patch now separates out platform related macros from FuzzerDef.h into FuzzerPlatform.h, and the module includes FuzzerPlatform.h, not FuzzerDef.h.

Herald added a subscriber: krytarowski. · View Herald TranscriptJul 13 2020, 5:09 PM
dokyungs marked 9 inline comments as done.Jul 13 2020, 5:13 PM
dokyungs added inline comments.
compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
117

Removed by not including #include <string>.

124

Removed by not including #include <string>.

dokyungs marked 3 inline comments as done.Jul 13 2020, 5:17 PM
dokyungs updated this revision to Diff 277624.Jul 13 2020, 5:21 PM

strncmp test should include -fno-builtin-strncmp, not -fno-builtin-strcmp

dokyungs updated this revision to Diff 277625.Jul 13 2020, 5:36 PM
dokyungs added a comment.Jul 13 2020, 5:36 PM

Use unique output file name for each subtest, and add no-asan subtest in memcmp64.test

Harbormaster failed remote builds in B64075: Diff 277620!Jul 13 2020, 5:52 PM
Harbormaster failed remote builds in B64077: Diff 277624!
Harbormaster failed remote builds in B64078: Diff 277625!Jul 13 2020, 6:07 PM
morehouse added a comment.Jul 14 2020, 9:00 AM
In D83494#2148868, @dokyungs wrote:

Addressed Matt's comments.

A major change in this round that needs explanation is introduction of FuzzerPlatform.h. Previously I defined strstr and strcasestr with extern "C++" to workaround conflicting definition errors resulting from including <string.h>. But since including it is not necessary when compiling this interceptor module, this patch now separates out platform related macros from FuzzerDef.h into FuzzerPlatform.h, and the module includes FuzzerPlatform.h, not FuzzerDef.h.

What was the conflicting definition error? Does string.h have inline definitions for those functions?

compiler-rt/test/fuzzer/memcmp.test
8

CHECK1 and CHECK2 is unnecessary. Let's use the same CHECK for both.

hctim added inline comments.Jul 14 2020, 9:55 AM
clang/lib/Driver/SanitizerArgs.cpp
242

HWASan doesn't have interceptors - we actually want fuzzer interceptors under needsFuzzer() && needsHwasanRt() (just remove the !needsHwasanRt()).

compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
52

Why not #include <sanitizer/common_interface_defs.h> (and below)?

compiler-rt/lib/fuzzer/FuzzerPlatform.h
1

Nit - name change

8

Nit - remove blank comment

compiler-rt/test/fuzzer/memcmp.test
8

No need to have different CHECK's throughout this patchset (in both tests we're checking for the same thing.

UNSUPPORTED: freebsd
RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest
RUN: not %run %t-MemcmpTest               -seed=1 -runs=10000000   2>&1 | FileCheck %s

RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp -o %t-NoAsanMemcmpTest
RUN: not %run %t-MemcmpTest               -seed=1 -runs=10000000   2>&1 | FileCheck %s

CHECK: BINGO
dokyungs added a comment.Jul 14 2020, 10:38 AM
In D83494#2150643, @morehouse wrote:
In D83494#2148868, @dokyungs wrote:

Addressed Matt's comments.

A major change in this round that needs explanation is introduction of FuzzerPlatform.h. Previously I defined strstr and strcasestr with extern "C++" to workaround conflicting definition errors resulting from including <string.h>. But since including it is not necessary when compiling this interceptor module, this patch now separates out platform related macros from FuzzerDef.h into FuzzerPlatform.h, and the module includes FuzzerPlatform.h, not FuzzerDef.h.

What was the conflicting definition error? Does string.h have inline definitions for those functions?

I was misled; the error is actually ambiguating new "declarations", not definitions. The exact error message goes like:

error: ambiguating new declaration of ‘char* strcasestr(const char*, const char*)’
  104 | ATTRIBUTE_INTERFACE char *strcasestr(const char *s1, const char *s2) {
      |                           ^~~~~~~~~~
In file included from include/c++/v1/string.h:60,
                 from include/c++/v1/cstring:60,
                 from include/c++/v1/algorithm:641,
                 from include/c++/v1/__string:57,
                 from include/c++/v1/string_view:175,
                 from include/c++/v1/string:506,
                 from FuzzerInterceptors.cpp:14:
/usr/include/string.h:356:26: note: old declaration ‘const char* strcasestr(const char*, const char*)’
  356 | extern "C++" const char *strcasestr (const char *__haystack,
      |                          ^~~~~~~~~~

C++'s declarations of strstr/strcasestr each have two different versions (const v. non const), and neither of them matches C's strstr/strcasestr declarations. So I could either (i) make libFuzzer's declarations of strstr/strcasestr match one of C++ versions (for this reason there was "extern C++ ..."), or (ii) make them match C declarations of strstr/strcasestr and remove C++ declarations by not including string.h. I realized that (ii) is a simpler solution, so I changed the code that way.

dokyungs updated this revision to Diff 277901.Jul 14 2020, 10:54 AM

Addressed comments.

morehouse added a comment.Jul 14 2020, 10:56 AM
In D83494#2150946, @dokyungs wrote:

I was misled; the error is actually ambiguating new "declarations", not definitions. The exact error message goes like:

error: ambiguating new declaration of ‘char* strcasestr(const char*, const char*)’
  104 | ATTRIBUTE_INTERFACE char *strcasestr(const char *s1, const char *s2) {
      |                           ^~~~~~~~~~
In file included from include/c++/v1/string.h:60,
                 from include/c++/v1/cstring:60,
                 from include/c++/v1/algorithm:641,
                 from include/c++/v1/__string:57,
                 from include/c++/v1/string_view:175,
                 from include/c++/v1/string:506,
                 from FuzzerInterceptors.cpp:14:
/usr/include/string.h:356:26: note: old declaration ‘const char* strcasestr(const char*, const char*)’
  356 | extern "C++" const char *strcasestr (const char *__haystack,
      |                          ^~~~~~~~~~

C++'s declarations of strstr/strcasestr each have two different versions (const v. non const), and neither of them matches C's strstr/strcasestr declarations. So I could either (i) make libFuzzer's declarations of strstr/strcasestr match one of C++ versions (for this reason there was "extern C++ ..."), or (ii) make them match C declarations of strstr/strcasestr and remove C++ declarations by not including string.h. I realized that (ii) is a simpler solution, so I changed the code that way.

Got it. We only need to intercept the libc version of strstr. We don't care about libc++ since that one just forwards to libc. So I think this is the right approach.

compiler-rt/lib/fuzzer/FuzzerDefs.h
23

Nit: we should really not include this here. Instead, we should include it directly in any libFuzzer file that needs the platform macros.

Of course, that will add some noise to this patch. Could you splice this change into a separate patch that we can submit first?

dokyungs updated this revision to Diff 277904.Jul 14 2020, 11:04 AM
dokyungs marked 5 inline comments as done.

Use one CHECK for two subtests

Harbormaster failed remote builds in B64189: Diff 277901!Jul 14 2020, 11:26 AM
Harbormaster failed remote builds in B64193: Diff 277904!Jul 14 2020, 11:37 AM
dokyungs updated this revision to Diff 277996.Jul 14 2020, 3:13 PM

Addressed comments.

morehouse accepted this revision.Jul 14 2020, 3:20 PM

LGTM

This revision is now accepted and ready to land.Jul 14 2020, 3:20 PM
hctim accepted this revision.Jul 14 2020, 3:29 PM
hctim marked an inline comment as done.

LGTM

compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
52

The comment above is obsolete - please mark as done before closing out the patch.

dokyungs marked an inline comment as done.Jul 14 2020, 4:03 PM
Harbormaster failed remote builds in B64243: Diff 277996!Jul 14 2020, 4:24 PM
morehouse added a comment.Jul 15 2020, 10:36 AM

I applied this patch locally and ran the fuzzer tests. I get a segfault:

$ clang++ -fsanitize=fuzzer -g -m32 SimpleHashTest.cpp
$ gdb --args ./a.out -seed=1
...
(gdb) run
...
Program received signal SIGSEGV, Segmentation fault. 
0x00000000 in ?? ()
(gdb) bt
#0  0x00000000 in ?? ()
#1  0x080800b5 in strstr () at /usr/local/google/home/mascasa/code/llvm-project/compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:96
#2  0xf7cc7bf5 in __pthread_initialize_minimal () from /lib/i386-linux-gnu/libpthread.so.0
#3  0xf7cc7014 in _init () from /lib/i386-linux-gnu/libpthread.so.0
#4  0x00000055 in ?? ()
#5  0xf7fcc6a0 in ?? ()

It looks like the REAL(strstr) isn't set up before it's called. Could you please take a look?

dokyungs updated this revision to Diff 278341.EditedJul 15 2020, 5:34 PM

Ensure the fuzzer RT module is initialized at the beginning of the interceptors.

Interceptors can be called before __fuzzer_init is called. So I added a check at the beginning of the interceptors, which ensures that __fuzzer_init has been called before proceeding.

Harbormaster failed remote builds in B64442: Diff 278341!Jul 15 2020, 6:09 PM
morehouse added inline comments.Jul 16 2020, 9:52 AM
compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
54

These are in the global namespace, and have C mangling, which is unnecessary. Please either put them in a namespace or make them static.

56

This also doesn't need C mangling.

64

Let's prefer a function rather than a macro for this.

144

Let's use true/false rather than 1/0 for bools.

morehouse added inline comments.Jul 16 2020, 9:55 AM
compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
18

Nit: Let's move this down with the other defines.

31

Nit: Can we move the other includes down by this one?

dokyungs updated this revision to Diff 278565.Jul 16 2020, 11:54 AM

Addressed comments.

dokyungs marked 6 inline comments as done.Jul 16 2020, 11:55 AM
morehouse added inline comments.Jul 16 2020, 12:11 PM
compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
52

Sorry, one last nit:

If we're preferring LLVM style, let's capitalize variable names.

dokyungs updated this revision to Diff 278589.Jul 16 2020, 1:09 PM

Addressed comments.

dokyungs marked an inline comment as done.Jul 16 2020, 1:10 PM
Harbormaster failed remote builds in B64573: Diff 278565!Jul 16 2020, 1:19 PM
morehouse accepted this revision.Jul 16 2020, 1:25 PM
Closed by commit rGf78d9fceea73: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are… (authored by dokyungs, committed by morehouse). · Explain WhyJul 16 2020, 1:26 PM
This revision was automatically updated to reflect the committed changes.
Harbormaster failed remote builds in B64587: Diff 278589!Jul 16 2020, 1:53 PM
dokyungs reopened this revision.Jul 17 2020, 1:30 PM
This revision is now accepted and ready to land.Jul 17 2020, 1:30 PM
dokyungs updated this revision to Diff 278892.Jul 17 2020, 1:33 PM

Introduce internal_(memcmp|strncmp|strstr) and use them before interceptors are fully initialized.

dokyungs edited the summary of this revision. (Show Details)Jul 17 2020, 1:44 PM
dokyungs edited the summary of this revision. (Show Details)
Harbormaster failed remote builds in B64750: Diff 278892!Jul 17 2020, 2:04 PM
morehouse added inline comments.Jul 17 2020, 2:24 PM
compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
63

Can we use size_t instead of uintptr_t?

78

Can we use uint8_t and static_cast?

120

I think ensureFuzzerInited is no longer useful here.

compiler-rt/test/fuzzer/CustomAllocatorTest.cpp
15 ↗(On Diff #278892)

Do we need this file? Can we use EmptyTest.cpp instead?

compiler-rt/test/fuzzer/custom-allocator.test
2 ↗(On Diff #278892)

Why do we need each of these flags?

compiler-rt/test/fuzzer/memcmp.test
8

Why is the custom allocator test here useful?

dokyungs updated this revision to Diff 278923.Jul 17 2020, 4:03 PM

Addressed comments.

dokyungs updated this revision to Diff 278924.Jul 17 2020, 4:05 PM
dokyungs marked 2 inline comments as done.

Removed CustomAllocatorTest.cpp. Instead, use EmptyTest.cpp.

dokyungs marked 4 inline comments as done.Jul 17 2020, 4:26 PM
dokyungs added inline comments.
compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
120

Fixed also in strncmp and strstr interceptors.

compiler-rt/test/fuzzer/custom-allocator.test
2 ↗(On Diff #278892)

With all the flags, I designed this test for the recent failure scenario in which tcmalloc calls strncmp (+memcmp/strstr) when the fuzzer interceptor library is linked into the libFuzzer executable.

As such, we need to turn off ASan (-fno-sanitize=address) when building the executable to let the fuzzer interceptor library be linked.

As to the flags used to build the allocator shared library, I wanted to disable ASan and Fuzzer (via -fno-sanitize=all) because allocator libraries are typically not instrumented for OOB/UAF errors or coverage. I also wanted to prevent the compiler from optimizing out our calls to strncmp(+memcmp/strstr) by giving -fno-builtin; calls to these functions must go to the fuzzer interceptor library to comply with the scenario.

compiler-rt/test/fuzzer/memcmp.test
8

To make sure exercise the path where memcmp is called (i) in the calloc context, and (ii) then again in the LLVMFuzzerTestOneInput context. %t-NoAsanCustomAllocatorTest only tests (i), and %t-NoAsanMemcmpTest only tests (ii).

Harbormaster failed remote builds in B64771: Diff 278923!Jul 17 2020, 4:38 PM
Harbormaster failed remote builds in B64772: Diff 278924!Jul 17 2020, 4:48 PM
morehouse added inline comments.Jul 20 2020, 9:13 AM
compiler-rt/test/fuzzer/custom-allocator.test
2 ↗(On Diff #278892)

Yes, those flags make sense. What about -fPIC %ld_flags_rpath_so1 -O0 -shared?

dokyungs updated this revision to Diff 279946.Jul 22 2020, 2:38 PM
dokyungs marked an inline comment as done.

Introduce internal_strcmp and update tests accordingly.

dokyungs marked 4 inline comments as done.Jul 22 2020, 2:40 PM
dokyungs added inline comments.
compiler-rt/test/fuzzer/custom-allocator.test
2 ↗(On Diff #278892)

Removed unnecessary use of a shared library for testing custom allocator. Instead, compile and statically link the allocator into the test.

Harbormaster failed remote builds in B65292: Diff 279946!Jul 22 2020, 3:14 PM
morehouse added inline comments.Jul 22 2020, 4:28 PM
compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
87

Lot's of common code with internal_strncmp. Let's factor it out into a helper function.

dokyungs updated this revision to Diff 279982.Jul 22 2020, 5:33 PM

Introduced a helper function to reduce duplicated code.

dokyungs marked 2 inline comments as done.Jul 22 2020, 5:35 PM
dokyungs added inline comments.
compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
87

Factored it out into a new function: internal_strcmp_strncmp

morehouse accepted this revision.Jul 22 2020, 5:35 PM

LGTM

Harbormaster failed remote builds in B65313: Diff 279982!Jul 22 2020, 6:07 PM
Closed by commit rG831ae45e3dc6: Recommit "[libFuzzer] Link libFuzzer's own interceptors when other compiler… (authored by dokyungs). · Explain WhyJul 23 2020, 9:01 AM
This revision was automatically updated to reflect the committed changes.
dokyungs marked an inline comment as done.
dmajor added a subscriber: dmajor.Jul 23 2020, 3:19 PM

After this commit, several of our builds are failing with FuzzerInterceptors.cpp:30:10: fatal error: 'sanitizer/common_interface_defs.h' file not found. This is odd because the file certainly seems like it exists. Is there a missing include path somewhere, perhaps?

dokyungs added a comment.Jul 23 2020, 3:53 PM
In D83494#2170838, @dmajor wrote:

After this commit, several of our builds are failing with FuzzerInterceptors.cpp:30:10: fatal error: 'sanitizer/common_interface_defs.h' file not found. This is odd because the file certainly seems like it exists. Is there a missing include path somewhere, perhaps?

There seems to be a missing include_directories in CMakeLists.txt. I will send out a patch for review shortly.

Revision Contents

PathSize
clang/
include/
clang/
Driver/
1 line
lib/
Driver/
5 lines
ToolChains/
3 lines
compiler-rt/
lib/
fuzzer/
18 lines
151 lines
163 lines
FuzzerPlatform.h
FuzzerDefs.h
123 lines
test/
fuzzer/
8 lines
8 lines
7 lines
8 lines
8 lines

Diff 277625

clang/include/clang/Driver/SanitizerArgs.h

Show First 20 LinesShow All 68 Lines▼ Show 20 Lines public:
bool needsTsanRt() const { return Sanitizers.has(SanitizerKind::Thread); } bool needsTsanRt() const { return Sanitizers.has(SanitizerKind::Thread); }
bool needsMsanRt() const { return Sanitizers.has(SanitizerKind::Memory); } bool needsMsanRt() const { return Sanitizers.has(SanitizerKind::Memory); }
bool needsFuzzer() const { return Sanitizers.has(SanitizerKind::Fuzzer); } bool needsFuzzer() const { return Sanitizers.has(SanitizerKind::Fuzzer); }
bool needsLsanRt() const { bool needsLsanRt() const {
return Sanitizers.has(SanitizerKind::Leak) && return Sanitizers.has(SanitizerKind::Leak) &&
!Sanitizers.has(SanitizerKind::Address) && !Sanitizers.has(SanitizerKind::Address) &&
!Sanitizers.has(SanitizerKind::HWAddress); !Sanitizers.has(SanitizerKind::HWAddress);
} }
bool needsFuzzerInterceptors() const;
bool needsUbsanRt() const; bool needsUbsanRt() const;
bool requiresMinimalRuntime() const { return MinimalRuntime; } bool requiresMinimalRuntime() const { return MinimalRuntime; }
bool needsDfsanRt() const { return Sanitizers.has(SanitizerKind::DataFlow); } bool needsDfsanRt() const { return Sanitizers.has(SanitizerKind::DataFlow); }
bool needsSafeStackRt() const { return SafeStackRuntime; } bool needsSafeStackRt() const { return SafeStackRuntime; }
bool needsCfiRt() const; bool needsCfiRt() const;
bool needsCfiDiagRt() const; bool needsCfiDiagRt() const;
bool needsStatsRt() const { return Stats; } bool needsStatsRt() const { return Stats; }
bool needsScudoRt() const { return Sanitizers.has(SanitizerKind::Scudo); } bool needsScudoRt() const { return Sanitizers.has(SanitizerKind::Scudo); }
Show All 16 Lines

clang/lib/Driver/SanitizerArgs.cpp

Show First 20 LinesShow All 232 Lines▼ Show 20 Linesstatic SanitizerMask parseSanitizeTrapArgs(const Driver &D,
} }
// Apply default trapping behavior. // Apply default trapping behavior.
TrappingKinds |= TrappingDefault & ~TrapRemove; TrappingKinds |= TrappingDefault & ~TrapRemove;
return TrappingKinds; return TrappingKinds;
} }
bool SanitizerArgs::needsFuzzerInterceptors() const {
return needsFuzzer() && !needsAsanRt() && !needsHwasanRt() &&
hctimUnsubmitted
Done
ReplyInline Actions

HWASan doesn't have interceptors - we actually want fuzzer interceptors under needsFuzzer() && needsHwasanRt() (just remove the !needsHwasanRt()).

hctim: HWASan doesn't have interceptors - we actually want fuzzer interceptors under `needsFuzzer() &&…
!needsTsanRt() && !needsMsanRt();
}
bool SanitizerArgs::needsUbsanRt() const { bool SanitizerArgs::needsUbsanRt() const {
// All of these include ubsan. // All of these include ubsan.
if (needsAsanRt() || needsMsanRt() || needsHwasanRt() || needsTsanRt() || if (needsAsanRt() || needsMsanRt() || needsHwasanRt() || needsTsanRt() ||
needsDfsanRt() || needsLsanRt() || needsCfiDiagRt() || needsDfsanRt() || needsLsanRt() || needsCfiDiagRt() ||
(needsScudoRt() && !requiresMinimalRuntime())) (needsScudoRt() && !requiresMinimalRuntime()))
return false; return false;
return (Sanitizers.Mask & NeedsUbsanRt & ~TrapSanitizers.Mask) || return (Sanitizers.Mask & NeedsUbsanRt & ~TrapSanitizers.Mask) ||
▲ Show 20 LinesShow All 949 LinesShow Last 20 Lines

clang/lib/Driver/ToolChains/CommonArgs.cpp

Show First 20 LinesShow All 773 Lines▼ Show 20 Lines collectSanitizerRuntimes(TC, Args, SharedRuntimes, StaticRuntimes,
RequiredSymbols); RequiredSymbols);
const SanitizerArgs &SanArgs = TC.getSanitizerArgs(); const SanitizerArgs &SanArgs = TC.getSanitizerArgs();
// Inject libfuzzer dependencies. // Inject libfuzzer dependencies.
if (SanArgs.needsFuzzer() && SanArgs.linkRuntimes() && if (SanArgs.needsFuzzer() && SanArgs.linkRuntimes() &&
!Args.hasArg(options::OPT_shared)) { !Args.hasArg(options::OPT_shared)) {
addSanitizerRuntime(TC, Args, CmdArgs, "fuzzer", false, true); addSanitizerRuntime(TC, Args, CmdArgs, "fuzzer", false, true);
if (SanArgs.needsFuzzerInterceptors())
addSanitizerRuntime(TC, Args, CmdArgs, "fuzzer_interceptors", false,
true);
if (!Args.hasArg(clang::driver::options::OPT_nostdlibxx)) if (!Args.hasArg(clang::driver::options::OPT_nostdlibxx))
TC.AddCXXStdlibLibArgs(Args, CmdArgs); TC.AddCXXStdlibLibArgs(Args, CmdArgs);
} }
for (auto RT : SharedRuntimes) for (auto RT : SharedRuntimes)
addSanitizerRuntime(TC, Args, CmdArgs, RT, true, false); addSanitizerRuntime(TC, Args, CmdArgs, RT, true, false);
for (auto RT : HelperStaticRuntimes) for (auto RT : HelperStaticRuntimes)
addSanitizerRuntime(TC, Args, CmdArgs, RT, false, true); addSanitizerRuntime(TC, Args, CmdArgs, RT, false, true);
▲ Show 20 LinesShow All 618 LinesShow Last 20 Lines

compiler-rt/lib/fuzzer/CMakeLists.txt

Show First 20 LinesShow All 93 Lines▼ Show 20 Lines
add_compiler_rt_object_libraries(RTfuzzer_main add_compiler_rt_object_libraries(RTfuzzer_main
OS ${FUZZER_SUPPORTED_OS} OS ${FUZZER_SUPPORTED_OS}
ARCHS ${FUZZER_SUPPORTED_ARCH} ARCHS ${FUZZER_SUPPORTED_ARCH}
SOURCES FuzzerMain.cpp SOURCES FuzzerMain.cpp
CFLAGS ${LIBFUZZER_CFLAGS} CFLAGS ${LIBFUZZER_CFLAGS}
DEPS ${LIBFUZZER_DEPS}) DEPS ${LIBFUZZER_DEPS})
add_compiler_rt_object_libraries(RTfuzzer_interceptors
OS ${FUZZER_SUPPORTED_OS}
ARCHS ${FUZZER_SUPPORTED_ARCH}
SOURCES FuzzerInterceptors.cpp
CFLAGS ${LIBFUZZER_CFLAGS}
DEPS ${LIBFUZZER_DEPS})
add_compiler_rt_runtime(clang_rt.fuzzer add_compiler_rt_runtime(clang_rt.fuzzer
STATIC STATIC
OS ${FUZZER_SUPPORTED_OS} OS ${FUZZER_SUPPORTED_OS}
ARCHS ${FUZZER_SUPPORTED_ARCH} ARCHS ${FUZZER_SUPPORTED_ARCH}
OBJECT_LIBS RTfuzzer RTfuzzer_main OBJECT_LIBS RTfuzzer RTfuzzer_main
CFLAGS ${LIBFUZZER_CFLAGS} CFLAGS ${LIBFUZZER_CFLAGS}
PARENT_TARGET fuzzer) PARENT_TARGET fuzzer)
add_compiler_rt_runtime(clang_rt.fuzzer_no_main add_compiler_rt_runtime(clang_rt.fuzzer_no_main
STATIC STATIC
OS ${FUZZER_SUPPORTED_OS} OS ${FUZZER_SUPPORTED_OS}
ARCHS ${FUZZER_SUPPORTED_ARCH} ARCHS ${FUZZER_SUPPORTED_ARCH}
OBJECT_LIBS RTfuzzer OBJECT_LIBS RTfuzzer
CFLAGS ${LIBFUZZER_CFLAGS} CFLAGS ${LIBFUZZER_CFLAGS}
PARENT_TARGET fuzzer) PARENT_TARGET fuzzer)
add_compiler_rt_runtime(clang_rt.fuzzer_interceptors
STATIC
OS ${FUZZER_SUPPORTED_OS}
ARCHS ${FUZZER_SUPPORTED_ARCH}
OBJECT_LIBS RTfuzzer_interceptors
CFLAGS ${LIBFUZZER_CFLAGS}
PARENT_TARGET fuzzer)
if(OS_NAME MATCHES "Linux|Fuchsia" AND if(OS_NAME MATCHES "Linux|Fuchsia" AND
COMPILER_RT_LIBCXX_PATH AND COMPILER_RT_LIBCXX_PATH AND
COMPILER_RT_LIBCXXABI_PATH) COMPILER_RT_LIBCXXABI_PATH)
macro(partially_link_libcxx name dir arch) macro(partially_link_libcxx name dir arch)
if(${arch} MATCHES "i386") if(${arch} MATCHES "i386")
set(EMULATION_ARGUMENT "-m" "elf_i386") set(EMULATION_ARGUMENT "-m" "elf_i386")
else() else()
set(EMULATION_ARGUMENT "") set(EMULATION_ARGUMENT "")
Show All 17 Lines add_custom_libcxx(libcxx_fuzzer_${arch} ${LIBCXX_${arch}_PREFIX}
CMAKE_ARGS -DCMAKE_CXX_COMPILER_WORKS=ON CMAKE_ARGS -DCMAKE_CXX_COMPILER_WORKS=ON
-DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCMAKE_POSITION_INDEPENDENT_CODE=ON
-DLIBCXXABI_ENABLE_EXCEPTIONS=OFF -DLIBCXXABI_ENABLE_EXCEPTIONS=OFF
-DLIBCXX_ABI_NAMESPACE=__Fuzzer) -DLIBCXX_ABI_NAMESPACE=__Fuzzer)
target_compile_options(RTfuzzer.${arch} PRIVATE -isystem ${LIBCXX_${arch}_PREFIX}/include/c++/v1) target_compile_options(RTfuzzer.${arch} PRIVATE -isystem ${LIBCXX_${arch}_PREFIX}/include/c++/v1)
add_dependencies(RTfuzzer.${arch} libcxx_fuzzer_${arch}-build) add_dependencies(RTfuzzer.${arch} libcxx_fuzzer_${arch}-build)
target_compile_options(RTfuzzer_main.${arch} PRIVATE -isystem ${LIBCXX_${arch}_PREFIX}/include/c++/v1) target_compile_options(RTfuzzer_main.${arch} PRIVATE -isystem ${LIBCXX_${arch}_PREFIX}/include/c++/v1)
add_dependencies(RTfuzzer_main.${arch} libcxx_fuzzer_${arch}-build) add_dependencies(RTfuzzer_main.${arch} libcxx_fuzzer_${arch}-build)
target_compile_options(RTfuzzer_interceptors.${arch} PRIVATE -isystem ${LIBCXX_${arch}_PREFIX}/include/c++/v1)
add_dependencies(RTfuzzer_interceptors.${arch} libcxx_fuzzer_${arch}-build)
partially_link_libcxx(fuzzer_no_main ${LIBCXX_${arch}_PREFIX} ${arch}) partially_link_libcxx(fuzzer_no_main ${LIBCXX_${arch}_PREFIX} ${arch})
partially_link_libcxx(fuzzer_interceptors ${LIBCXX_${arch}_PREFIX} ${arch})
partially_link_libcxx(fuzzer ${LIBCXX_${arch}_PREFIX} ${arch}) partially_link_libcxx(fuzzer ${LIBCXX_${arch}_PREFIX} ${arch})
endforeach() endforeach()
endif() endif()
if(COMPILER_RT_INCLUDE_TESTS) if(COMPILER_RT_INCLUDE_TESTS)
add_subdirectory(tests) add_subdirectory(tests)
endif() endif()

compiler-rt/lib/fuzzer/FuzzerDefs.h

  • This file was copied to compiler-rt/lib/fuzzer/FuzzerPlatform.h.
Show All 14 Lines
#include <cstddef> #include <cstddef>
#include <cstdint> #include <cstdint>
#include <cstring> #include <cstring>
#include <memory> #include <memory>
#include <set> #include <set>
#include <string> #include <string>
#include <vector> #include <vector>
#include "FuzzerPlatform.h"
morehouseUnsubmitted
Not Done
ReplyInline Actions

Nit: we should really not include this here. Instead, we should include it directly in any libFuzzer file that needs the platform macros.

Of course, that will add some noise to this patch. Could you splice this change into a separate patch that we can submit first?

morehouse: Nit: we should really not include this here. Instead, we should include it directly in any…
// Platform detection.
#ifdef __linux__
#define LIBFUZZER_APPLE 0
#define LIBFUZZER_FUCHSIA 0
#define LIBFUZZER_LINUX 1
#define LIBFUZZER_NETBSD 0
#define LIBFUZZER_FREEBSD 0
#define LIBFUZZER_OPENBSD 0
#define LIBFUZZER_WINDOWS 0
#define LIBFUZZER_EMSCRIPTEN 0
#elif __APPLE__
#define LIBFUZZER_APPLE 1
#define LIBFUZZER_FUCHSIA 0
#define LIBFUZZER_LINUX 0
#define LIBFUZZER_NETBSD 0
#define LIBFUZZER_FREEBSD 0
#define LIBFUZZER_OPENBSD 0
#define LIBFUZZER_WINDOWS 0
#define LIBFUZZER_EMSCRIPTEN 0
#elif __NetBSD__
#define LIBFUZZER_APPLE 0
#define LIBFUZZER_FUCHSIA 0
#define LIBFUZZER_LINUX 0
#define LIBFUZZER_NETBSD 1
#define LIBFUZZER_FREEBSD 0
#define LIBFUZZER_OPENBSD 0
#define LIBFUZZER_WINDOWS 0
#define LIBFUZZER_EMSCRIPTEN 0
#elif __FreeBSD__
#define LIBFUZZER_APPLE 0
#define LIBFUZZER_FUCHSIA 0
#define LIBFUZZER_LINUX 0
#define LIBFUZZER_NETBSD 0
#define LIBFUZZER_FREEBSD 1
#define LIBFUZZER_OPENBSD 0
#define LIBFUZZER_WINDOWS 0
#define LIBFUZZER_EMSCRIPTEN 0
#elif __OpenBSD__
#define LIBFUZZER_APPLE 0
#define LIBFUZZER_FUCHSIA 0
#define LIBFUZZER_LINUX 0
#define LIBFUZZER_NETBSD 0
#define LIBFUZZER_FREEBSD 0
#define LIBFUZZER_OPENBSD 1
#define LIBFUZZER_WINDOWS 0
#define LIBFUZZER_EMSCRIPTEN 0
#elif _WIN32
#define LIBFUZZER_APPLE 0
#define LIBFUZZER_FUCHSIA 0
#define LIBFUZZER_LINUX 0
#define LIBFUZZER_NETBSD 0
#define LIBFUZZER_FREEBSD 0
#define LIBFUZZER_OPENBSD 0
#define LIBFUZZER_WINDOWS 1
#define LIBFUZZER_EMSCRIPTEN 0
#elif __Fuchsia__
#define LIBFUZZER_APPLE 0
#define LIBFUZZER_FUCHSIA 1
#define LIBFUZZER_LINUX 0
#define LIBFUZZER_NETBSD 0
#define LIBFUZZER_FREEBSD 0
#define LIBFUZZER_OPENBSD 0
#define LIBFUZZER_WINDOWS 0
#define LIBFUZZER_EMSCRIPTEN 0
#elif __EMSCRIPTEN__
#define LIBFUZZER_APPLE 0
#define LIBFUZZER_FUCHSIA 0
#define LIBFUZZER_LINUX 0
#define LIBFUZZER_NETBSD 0
#define LIBFUZZER_FREEBSD 0
#define LIBFUZZER_OPENBSD 0
#define LIBFUZZER_WINDOWS 0
#define LIBFUZZER_EMSCRIPTEN 1
#else
#error "Support for your platform has not been implemented"
#endif
#if defined(_MSC_VER) && !defined(__clang__)
// MSVC compiler is being used.
#define LIBFUZZER_MSVC 1
#else
#define LIBFUZZER_MSVC 0
#endif
#ifndef __has_attribute
# define __has_attribute(x) 0
#endif
#define LIBFUZZER_POSIX \
(LIBFUZZER_APPLE || LIBFUZZER_LINUX || LIBFUZZER_NETBSD || \
LIBFUZZER_FREEBSD || LIBFUZZER_OPENBSD || LIBFUZZER_EMSCRIPTEN)
#ifdef __x86_64
# if __has_attribute(target)
# define ATTRIBUTE_TARGET_POPCNT __attribute__((target("popcnt")))
# else
# define ATTRIBUTE_TARGET_POPCNT
# endif
#else
# define ATTRIBUTE_TARGET_POPCNT
#endif
#ifdef __clang__ // avoid gcc warning.
# if __has_attribute(no_sanitize)
# define ATTRIBUTE_NO_SANITIZE_MEMORY __attribute__((no_sanitize("memory")))
# else
# define ATTRIBUTE_NO_SANITIZE_MEMORY
# endif
# define ALWAYS_INLINE __attribute__((always_inline))
#else
# define ATTRIBUTE_NO_SANITIZE_MEMORY
# define ALWAYS_INLINE
#endif // __clang__
#if LIBFUZZER_WINDOWS
#define ATTRIBUTE_NO_SANITIZE_ADDRESS
#else
#define ATTRIBUTE_NO_SANITIZE_ADDRESS __attribute__((no_sanitize_address))
#endif
#if LIBFUZZER_WINDOWS
#define ATTRIBUTE_ALIGNED(X) __declspec(align(X))
#define ATTRIBUTE_INTERFACE __declspec(dllexport)
// This is used for __sancov_lowest_stack which is needed for
// -fsanitize-coverage=stack-depth. That feature is not yet available on
// Windows, so make the symbol static to avoid linking errors.
#define ATTRIBUTES_INTERFACE_TLS_INITIAL_EXEC static
#define ATTRIBUTE_NOINLINE __declspec(noinline)
#else
#define ATTRIBUTE_ALIGNED(X) __attribute__((aligned(X)))
#define ATTRIBUTE_INTERFACE __attribute__((visibility("default")))
#define ATTRIBUTES_INTERFACE_TLS_INITIAL_EXEC \
ATTRIBUTE_INTERFACE __attribute__((tls_model("initial-exec"))) thread_local
#define ATTRIBUTE_NOINLINE __attribute__((noinline))
#endif
#if defined(__has_feature)
# if __has_feature(address_sanitizer)
# define ATTRIBUTE_NO_SANITIZE_ALL ATTRIBUTE_NO_SANITIZE_ADDRESS
# elif __has_feature(memory_sanitizer)
# define ATTRIBUTE_NO_SANITIZE_ALL ATTRIBUTE_NO_SANITIZE_MEMORY
# else
# define ATTRIBUTE_NO_SANITIZE_ALL
# endif
#else
# define ATTRIBUTE_NO_SANITIZE_ALL
#endif
namespace fuzzer { namespace fuzzer {
template <class T> T Min(T a, T b) { return a < b ? a : b; } template <class T> T Min(T a, T b) { return a < b ? a : b; }
template <class T> T Max(T a, T b) { return a > b ? a : b; } template <class T> T Max(T a, T b) { return a > b ? a : b; }
class Random; class Random;
class Dictionary; class Dictionary;
▲ Show 20 LinesShow All 45 LinesShow Last 20 Lines

compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp

  • This file was added.
//===-- FuzzerInterceptors.cpp --------------------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
// Intercept certain libc functions to aid fuzzing.
// Linked only when other RTs that define their own interceptors are not linked.
//===----------------------------------------------------------------------===//
#include <cstdint>
#include "FuzzerPlatform.h"
morehouseUnsubmitted
Done
ReplyInline Actions

We should include FuzzerDefs.h to use this, not FuzzerBuiltins.h.

morehouse: We should include FuzzerDefs.h to use this, not FuzzerBuiltins.h.
#define GET_CALLER_PC() __builtin_return_address(0)
#if LIBFUZZER_LINUX
morehouseUnsubmitted
Done
ReplyInline Actions

Nit: Let's move this down with the other defines.

morehouse: Nit: Let's move this down with the other defines.
#define PTR_TO_REAL(x) real_##x
#define REAL(x) __interception::PTR_TO_REAL(x)
#define FUNC_TYPE(x) x##_type
#define DEFINE_REAL(ret_type, func, ...) \
typedef ret_type (*FUNC_TYPE(func))(__VA_ARGS__); \
namespace __interception { \
FUNC_TYPE(func) PTR_TO_REAL(func); \
morehouseUnsubmitted
Done
ReplyInline Actions

Any reason not to use uintptr_t instead?

morehouse: Any reason not to use `uintptr_t` instead?
}
#include <dlfcn.h> // for dlsym()
static void *GetFuncAddr(const char *name, uintptr_t wrapper_addr) {
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: invalid case style for function 'GetFuncAddr' [readability-identifier-naming]
not useful
clang-tidy: warning: invalid case style for parameter 'name' [readability-identifier-naming]
not useful
clang-tidy: warning: invalid case style for parameter 'wrapper_addr' [readability-identifier-naming]
not useful

Lint: Pre-merge checks: clang-tidy: warning: invalid case style for function 'GetFuncAddr' [readability-identifier…
morehouseUnsubmitted
Done
ReplyInline Actions

Nit: Can we move the other includes down by this one?

morehouse: Nit: Can we move the other includes down by this one?
void *addr = dlsym(RTLD_NEXT, name);
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: invalid case style for variable 'addr' [readability-identifier-naming]
not useful

Lint: Pre-merge checks: clang-tidy: warning: invalid case style for variable 'addr' [readability-identifier-naming]…
if (!addr) {
// If the lookup using RTLD_NEXT failed, the sanitizer runtime library is
// later in the library search order than the DSO that we are trying to
// intercept, which means that we cannot intercept this function. We still
// want the address of the real definition, though, so look it up using
// RTLD_DEFAULT.
addr = dlsym(RTLD_DEFAULT, name);
// In case `name' is not loaded, dlsym ends up finding the actual wrapper.
// We don't want to intercept the wrapper and have it point to itself.
morehouseUnsubmitted
Done
ReplyInline Actions

Nit: I think we should prefer C++ constructs, so reinterpret_cast<uintptr_t> here.

morehouse: Nit: I think we should prefer C++ constructs, so `reinterpret_cast<uintptr_t>` here.
if (reinterpret_cast<uintptr_t>(addr) == wrapper_addr)
addr = nullptr;
}
return addr;
}
extern "C" {
// NOLINTNEXTLINE
void __sanitizer_weak_hook_memcmp(void *, const void *, const void *, size_t,
hctimUnsubmitted
Done
ReplyInline Actions

Why not #include <sanitizer/common_interface_defs.h> (and below)?

hctim: Why not `#include <sanitizer/common_interface_defs.h>` (and below)?
morehouseUnsubmitted
Done
ReplyInline Actions

Sorry, one last nit:

If we're preferring LLVM style, let's capitalize variable names.

morehouse: Sorry, one last nit: If we're preferring LLVM style, let's [capitalize](https://llvm.
hctimUnsubmitted
Done
ReplyInline Actions

The comment above is obsolete - please mark as done before closing out the patch.

hctim: The comment above is obsolete - please mark as done before closing out the patch.
int);
// NOLINTNEXTLINE
morehouseUnsubmitted
Done
ReplyInline Actions

These are in the global namespace, and have C mangling, which is unnecessary. Please either put them in a namespace or make them static.

morehouse: These are in the global namespace, and have C mangling, which is unnecessary. Please either…
void __sanitizer_weak_hook_strncmp(void *, const char *, const char *, size_t,
int);
morehouseUnsubmitted
Done
ReplyInline Actions

This also doesn't need C mangling.

morehouse: This also doesn't need C mangling.
// NOLINTNEXTLINE
void __sanitizer_weak_hook_strcmp(void *, const char *, const char *, int);
// NOLINTNEXTLINE
void __sanitizer_weak_hook_strncasecmp(void *, const char *, const char *,
size_t, int);
// NOLINTNEXTLINE
void __sanitizer_weak_hook_strcasecmp(void *, const char *, const char *, int);
morehouseUnsubmitted
Done
ReplyInline Actions

Can we use size_t instead of uintptr_t?

morehouse: Can we use `size_t` instead of `uintptr_t`?
// NOLINTNEXTLINE
morehouseUnsubmitted
Done
ReplyInline Actions

Let's prefer a function rather than a macro for this.

morehouse: Let's prefer a function rather than a macro for this.
void __sanitizer_weak_hook_strstr(void *, const char *, const char *, char *);
// NOLINTNEXTLINE
void __sanitizer_weak_hook_strcasestr(void *, const char *, const char *,
char *);
// NOLINTNEXTLINE
void __sanitizer_weak_hook_memmem(void *, const void *, size_t, const void *,
size_t, void *);
DEFINE_REAL(int, memcmp, const void *, const void *, size_t)
DEFINE_REAL(int, strncmp, const char *, const char *, size_t)
DEFINE_REAL(int, strcmp, const char *, const char *)
DEFINE_REAL(int, strncasecmp, const char *, const char *, size_t)
DEFINE_REAL(int, strcasecmp, const char *, const char *)
DEFINE_REAL(char *, strstr, const char *, const char *)
morehouseUnsubmitted
Done
ReplyInline Actions

Can we use uint8_t and static_cast?

morehouse: Can we use `uint8_t` and `static_cast`?
DEFINE_REAL(char *, strcasestr, const char *, const char *)
DEFINE_REAL(void *, memmem, const void *, size_t, const void *, size_t)
ATTRIBUTE_INTERFACE int memcmp(const void *s1, const void *s2, size_t n) {
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: invalid case style for parameter 's1' [readability-identifier-naming]
not useful
clang-tidy: warning: invalid case style for parameter 's2' [readability-identifier-naming]
not useful
clang-tidy: warning: invalid case style for parameter 'n' [readability-identifier-naming]
not useful

Lint: Pre-merge checks: clang-tidy: warning: invalid case style for parameter 's1' [readability-identifier-naming]…
int result = REAL(memcmp)(s1, s2, n);
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: invalid case style for variable 'result' [readability-identifier-naming]
not useful

Lint: Pre-merge checks: clang-tidy: warning: invalid case style for variable 'result' [readability-identifier-naming]…
__sanitizer_weak_hook_memcmp(GET_CALLER_PC(), s1, s2, n, result);
return result;
}
morehouseUnsubmitted
Done
ReplyInline Actions

Lot's of common code with internal_strncmp. Let's factor it out into a helper function.

morehouse: Lot's of common code with `internal_strncmp`. Let's factor it out into a helper function.
dokyungsAuthorUnsubmitted
Done
ReplyInline Actions

Factored it out into a new function: internal_strcmp_strncmp

dokyungs: Factored it out into a new function: `internal_strcmp_strncmp`
ATTRIBUTE_INTERFACE int strncmp(const char *s1, const char *s2, size_t n) {
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: invalid case style for parameter 's1' [readability-identifier-naming]
not useful
clang-tidy: warning: invalid case style for parameter 's2' [readability-identifier-naming]
not useful
clang-tidy: warning: invalid case style for parameter 'n' [readability-identifier-naming]
not useful

Lint: Pre-merge checks: clang-tidy: warning: invalid case style for parameter 's1' [readability-identifier-naming]…
int result = REAL(strncmp)(s1, s2, n);
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: invalid case style for variable 'result' [readability-identifier-naming]
not useful

Lint: Pre-merge checks: clang-tidy: warning: invalid case style for variable 'result' [readability-identifier-naming]…
__sanitizer_weak_hook_strncmp(GET_CALLER_PC(), s1, s2, n, result);
return result;
}
ATTRIBUTE_INTERFACE int strcmp(const char *s1, const char *s2) {
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: invalid case style for parameter 's1' [readability-identifier-naming]
not useful
clang-tidy: warning: invalid case style for parameter 's2' [readability-identifier-naming]
not useful

Lint: Pre-merge checks: clang-tidy: warning: invalid case style for parameter 's1' [readability-identifier-naming]…
int result = REAL(strcmp)(s1, s2);
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: invalid case style for variable 'result' [readability-identifier-naming]
not useful

Lint: Pre-merge checks: clang-tidy: warning: invalid case style for variable 'result' [readability-identifier-naming]…
__sanitizer_weak_hook_strcmp(GET_CALLER_PC(), s1, s2, result);
return result;
}
ATTRIBUTE_INTERFACE int strncasecmp(const char *s1, const char *s2, size_t n) {
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: invalid case style for parameter 's1' [readability-identifier-naming]
not useful
clang-tidy: warning: invalid case style for parameter 's2' [readability-identifier-naming]
not useful
clang-tidy: warning: invalid case style for parameter 'n' [readability-identifier-naming]
not useful

Lint: Pre-merge checks: clang-tidy: warning: invalid case style for parameter 's1' [readability-identifier-naming]…
int result = REAL(strncasecmp)(s1, s2, n);
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: invalid case style for variable 'result' [readability-identifier-naming]
not useful

Lint: Pre-merge checks: clang-tidy: warning: invalid case style for variable 'result' [readability-identifier-naming]…
__sanitizer_weak_hook_strncasecmp(GET_CALLER_PC(), s1, s2, n, result);
return result;
}
ATTRIBUTE_INTERFACE int strcasecmp(const char *s1, const char *s2) {
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: invalid case style for parameter 's1' [readability-identifier-naming]
not useful
clang-tidy: warning: invalid case style for parameter 's2' [readability-identifier-naming]
not useful

Lint: Pre-merge checks: clang-tidy: warning: invalid case style for parameter 's1' [readability-identifier-naming]…
int result = REAL(strcasecmp)(s1, s2);
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: invalid case style for variable 'result' [readability-identifier-naming]
not useful

Lint: Pre-merge checks: clang-tidy: warning: invalid case style for variable 'result' [readability-identifier-naming]…
__sanitizer_weak_hook_strcasecmp(GET_CALLER_PC(), s1, s2, result);
return result;
}
ATTRIBUTE_INTERFACE char *strstr(const char *s1, const char *s2) {
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: invalid case style for parameter 's1' [readability-identifier-naming]
not useful
clang-tidy: warning: invalid case style for parameter 's2' [readability-identifier-naming]
not useful

Lint: Pre-merge checks: clang-tidy: warning: invalid case style for parameter 's1' [readability-identifier-naming]…
morehouseUnsubmitted
Done
ReplyInline Actions

Why extern "C++"? I don't think we want that here.

morehouse: Why `extern "C++"`? I don't think we want that here.
dokyungsAuthorUnsubmitted
Done
ReplyInline Actions

Removed by not including #include <string>.

dokyungs: Removed by not including `#include <string>`.
char *result = REAL(strstr)(s1, s2);
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: invalid case style for variable 'result' [readability-identifier-naming]
not useful

Lint: Pre-merge checks: clang-tidy: warning: invalid case style for variable 'result' [readability-identifier-naming]…
__sanitizer_weak_hook_strstr(GET_CALLER_PC(), s1, s2, result);
morehouseUnsubmitted
Done
ReplyInline Actions

I think ensureFuzzerInited is no longer useful here.

morehouse: I think `ensureFuzzerInited` is no longer useful here.
dokyungsAuthorUnsubmitted
Done
ReplyInline Actions

Fixed also in strncmp and strstr interceptors.

dokyungs: Fixed also in `strncmp` and `strstr` interceptors.
return result;
}
ATTRIBUTE_INTERFACE char *strcasestr(const char *s1, const char *s2) {
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: invalid case style for parameter 's1' [readability-identifier-naming]
not useful
clang-tidy: warning: invalid case style for parameter 's2' [readability-identifier-naming]
not useful

Lint: Pre-merge checks: clang-tidy: warning: invalid case style for parameter 's1' [readability-identifier-naming]…
morehouseUnsubmitted
Done
ReplyInline Actions

Also why extern "C++" here?

morehouse: Also why `extern "C++"` here?
dokyungsAuthorUnsubmitted
Done
ReplyInline Actions

Removed by not including #include <string>.

dokyungs: Removed by not including `#include <string>`.
char *result = REAL(strcasestr)(s1, s2);
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: invalid case style for variable 'result' [readability-identifier-naming]
not useful

Lint: Pre-merge checks: clang-tidy: warning: invalid case style for variable 'result' [readability-identifier-naming]…
__sanitizer_weak_hook_strcasestr(GET_CALLER_PC(), s1, s2, result);
return result;
}
ATTRIBUTE_INTERFACE
void *memmem(const void *s1, size_t len1, const void *s2, size_t len2) {
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: invalid case style for parameter 's1' [readability-identifier-naming]
not useful
clang-tidy: warning: invalid case style for parameter 'len1' [readability-identifier-naming]
not useful
clang-tidy: warning: invalid case style for parameter 's2' [readability-identifier-naming]
not useful
clang-tidy: warning: invalid case style for parameter 'len2' [readability-identifier-naming]
not useful

Lint: Pre-merge checks: clang-tidy: warning: invalid case style for parameter 's1' [readability-identifier-naming]…
void *result = REAL(memmem)(s1, len1, s2, len2);
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: invalid case style for variable 'result' [readability-identifier-naming]
not useful

Lint: Pre-merge checks: clang-tidy: warning: invalid case style for variable 'result' [readability-identifier-naming]…
__sanitizer_weak_hook_memmem(GET_CALLER_PC(), s1, len1, s2, len2, result);
return result;
}
static void __fuzzer_init() {
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: invalid case style for function '__fuzzer_init' [readability-identifier-naming]
not useful

Lint: Pre-merge checks: clang-tidy: warning: invalid case style for function '__fuzzer_init' [readability-identifier…
REAL(memcmp) = reinterpret_cast<memcmp_type>(
GetFuncAddr("memcmp", reinterpret_cast<uintptr_t>(&memcmp)));
morehouseUnsubmitted
Done
ReplyInline Actions

Nit: reinterpret_cast<uintptr_t>()

morehouse: Nit: `reinterpret_cast<uintptr_t>()`
REAL(strncmp) = reinterpret_cast<strncmp_type>(
GetFuncAddr("strncmp", reinterpret_cast<uintptr_t>(&strncmp)));
REAL(strcmp) = reinterpret_cast<strcmp_type>(
morehouseUnsubmitted
Done
ReplyInline Actions

Let's use true/false rather than 1/0 for bools.

morehouse: Let's use true/false rather than 1/0 for bools.
GetFuncAddr("strcmp", reinterpret_cast<uintptr_t>(&strcmp)));
REAL(strncasecmp) = reinterpret_cast<strncasecmp_type>(
GetFuncAddr("strncasecmp", reinterpret_cast<uintptr_t>(&strncasecmp)));
REAL(strcasecmp) = reinterpret_cast<strcasecmp_type>(
GetFuncAddr("strcasecmp", reinterpret_cast<uintptr_t>(&strcasecmp)));
REAL(strstr) = reinterpret_cast<strstr_type>(
GetFuncAddr("strstr", reinterpret_cast<uintptr_t>(&strstr)));
REAL(strcasestr) = reinterpret_cast<strcasestr_type>(
GetFuncAddr("strcasestr", reinterpret_cast<uintptr_t>(&strcasestr)));
REAL(memmem) = reinterpret_cast<memmem_type>(
GetFuncAddr("memmem", reinterpret_cast<uintptr_t>(&memmem)));
}
__attribute__((section(".preinit_array"), used)) static void (
*__local_fuzzer_preinit)(void) = __fuzzer_init;
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: invalid case style for variable '__local_fuzzer_preinit' [readability-identifier-naming]
not useful

Lint: Pre-merge checks: clang-tidy: warning: invalid case style for variable '__local_fuzzer_preinit' [readability…
morehouseUnsubmitted
Done
ReplyInline Actions

Nit: Please add this comment:

} // extern "C"
morehouse: Nit: Please add this comment: ``` } // extern "C" ```
} // extern "C"
#endif

compiler-rt/lib/fuzzer/FuzzerPlatform.h

  • This file was copied from compiler-rt/lib/fuzzer/FuzzerDefs.h.
//===- FuzzerDefs.h - Internal header for the Fuzzer ------------*- C++ -* ===// //===-- FuzzerInterceptors.cpp --------------------------------------------===//
hctimUnsubmitted
Done
ReplyInline Actions

Nit - name change

hctim: Nit - name change
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// Basic definitions. //
hctimUnsubmitted
Done
ReplyInline Actions

Nit - remove blank comment

hctim: Nit - remove blank comment
// Common platform macros.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef LLVM_FUZZER_DEFS_H #ifndef LLVM_FUZZER_PLATFORM_H
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: header guard does not follow preferred style [llvm-header-guard]
not useful

Lint: Pre-merge checks: clang-tidy: warning: header guard does not follow preferred style [llvm-header-guard] [[https…
#define LLVM_FUZZER_DEFS_H #define LLVM_FUZZER_PLATFORM_H
#include <cassert>
#include <cstddef>
#include <cstdint>
#include <cstring>
#include <memory>
#include <set>
#include <string>
#include <vector>
// Platform detection. // Platform detection.
#ifdef __linux__ #ifdef __linux__
#define LIBFUZZER_APPLE 0 #define LIBFUZZER_APPLE 0
#define LIBFUZZER_FUCHSIA 0 #define LIBFUZZER_FUCHSIA 0
#define LIBFUZZER_LINUX 1 #define LIBFUZZER_LINUX 1
#define LIBFUZZER_NETBSD 0 #define LIBFUZZER_NETBSD 0
#define LIBFUZZER_FREEBSD 0 #define LIBFUZZER_FREEBSD 0
▲ Show 20 LinesShow All 70 Lines▼ Show 20 Lines
#if defined(_MSC_VER) && !defined(__clang__) #if defined(_MSC_VER) && !defined(__clang__)
// MSVC compiler is being used. // MSVC compiler is being used.
#define LIBFUZZER_MSVC 1 #define LIBFUZZER_MSVC 1
#else #else
#define LIBFUZZER_MSVC 0 #define LIBFUZZER_MSVC 0
#endif #endif
#ifndef __has_attribute #ifndef __has_attribute
# define __has_attribute(x) 0 #define __has_attribute(x) 0
#endif #endif
#define LIBFUZZER_POSIX \ #define LIBFUZZER_POSIX \
(LIBFUZZER_APPLE || LIBFUZZER_LINUX || LIBFUZZER_NETBSD || \ (LIBFUZZER_APPLE || LIBFUZZER_LINUX || LIBFUZZER_NETBSD || \
LIBFUZZER_FREEBSD || LIBFUZZER_OPENBSD || LIBFUZZER_EMSCRIPTEN) LIBFUZZER_FREEBSD || LIBFUZZER_OPENBSD || LIBFUZZER_EMSCRIPTEN)
#ifdef __x86_64 #ifdef __x86_64
# if __has_attribute(target) #if __has_attribute(target)
# define ATTRIBUTE_TARGET_POPCNT __attribute__((target("popcnt"))) #define ATTRIBUTE_TARGET_POPCNT __attribute__((target("popcnt")))
# else #else
# define ATTRIBUTE_TARGET_POPCNT #define ATTRIBUTE_TARGET_POPCNT
# endif #endif
#else #else
# define ATTRIBUTE_TARGET_POPCNT #define ATTRIBUTE_TARGET_POPCNT
#endif #endif
#ifdef __clang__ // avoid gcc warning. #ifdef __clang__ // avoid gcc warning.
# if __has_attribute(no_sanitize) #if __has_attribute(no_sanitize)
# define ATTRIBUTE_NO_SANITIZE_MEMORY __attribute__((no_sanitize("memory"))) #define ATTRIBUTE_NO_SANITIZE_MEMORY __attribute__((no_sanitize("memory")))
# else #else
# define ATTRIBUTE_NO_SANITIZE_MEMORY #define ATTRIBUTE_NO_SANITIZE_MEMORY
# endif #endif
# define ALWAYS_INLINE __attribute__((always_inline)) #define ALWAYS_INLINE __attribute__((always_inline))
#else #else
# define ATTRIBUTE_NO_SANITIZE_MEMORY #define ATTRIBUTE_NO_SANITIZE_MEMORY
# define ALWAYS_INLINE #define ALWAYS_INLINE
#endif // __clang__ #endif // __clang__
#if LIBFUZZER_WINDOWS #if LIBFUZZER_WINDOWS
#define ATTRIBUTE_NO_SANITIZE_ADDRESS #define ATTRIBUTE_NO_SANITIZE_ADDRESS
#else #else
#define ATTRIBUTE_NO_SANITIZE_ADDRESS __attribute__((no_sanitize_address)) #define ATTRIBUTE_NO_SANITIZE_ADDRESS __attribute__((no_sanitize_address))
#endif #endif
#if LIBFUZZER_WINDOWS #if LIBFUZZER_WINDOWS
#define ATTRIBUTE_ALIGNED(X) __declspec(align(X)) #define ATTRIBUTE_ALIGNED(X) __declspec(align(X))
#define ATTRIBUTE_INTERFACE __declspec(dllexport) #define ATTRIBUTE_INTERFACE __declspec(dllexport)
// This is used for __sancov_lowest_stack which is needed for // This is used for __sancov_lowest_stack which is needed for
// -fsanitize-coverage=stack-depth. That feature is not yet available on // -fsanitize-coverage=stack-depth. That feature is not yet available on
// Windows, so make the symbol static to avoid linking errors. // Windows, so make the symbol static to avoid linking errors.
#define ATTRIBUTES_INTERFACE_TLS_INITIAL_EXEC static #define ATTRIBUTES_INTERFACE_TLS_INITIAL_EXEC static
#define ATTRIBUTE_NOINLINE __declspec(noinline) #define ATTRIBUTE_NOINLINE __declspec(noinline)
#else #else
#define ATTRIBUTE_ALIGNED(X) __attribute__((aligned(X))) #define ATTRIBUTE_ALIGNED(X) __attribute__((aligned(X)))
#define ATTRIBUTE_INTERFACE __attribute__((visibility("default"))) #define ATTRIBUTE_INTERFACE __attribute__((visibility("default")))
#define ATTRIBUTES_INTERFACE_TLS_INITIAL_EXEC \ #define ATTRIBUTES_INTERFACE_TLS_INITIAL_EXEC \
ATTRIBUTE_INTERFACE __attribute__((tls_model("initial-exec"))) thread_local ATTRIBUTE_INTERFACE __attribute__((tls_model("initial-exec"))) thread_local
#define ATTRIBUTE_NOINLINE __attribute__((noinline)) #define ATTRIBUTE_NOINLINE __attribute__((noinline))
#endif #endif
#if defined(__has_feature) #if defined(__has_feature)
# if __has_feature(address_sanitizer) #if __has_feature(address_sanitizer)
# define ATTRIBUTE_NO_SANITIZE_ALL ATTRIBUTE_NO_SANITIZE_ADDRESS #define ATTRIBUTE_NO_SANITIZE_ALL ATTRIBUTE_NO_SANITIZE_ADDRESS
# elif __has_feature(memory_sanitizer) #elif __has_feature(memory_sanitizer)
# define ATTRIBUTE_NO_SANITIZE_ALL ATTRIBUTE_NO_SANITIZE_MEMORY #define ATTRIBUTE_NO_SANITIZE_ALL ATTRIBUTE_NO_SANITIZE_MEMORY
# else #else
# define ATTRIBUTE_NO_SANITIZE_ALL #define ATTRIBUTE_NO_SANITIZE_ALL
# endif #endif
#else #else
# define ATTRIBUTE_NO_SANITIZE_ALL #define ATTRIBUTE_NO_SANITIZE_ALL
#endif #endif
namespace fuzzer { #endif // LLVM_FUZZER_PLATFORM_H
template <class T> T Min(T a, T b) { return a < b ? a : b; }
template <class T> T Max(T a, T b) { return a > b ? a : b; }
class Random;
class Dictionary;
class DictionaryEntry;
class MutationDispatcher;
struct FuzzingOptions;
class InputCorpus;
struct InputInfo;
struct ExternalFunctions;
// Global interface to functions that may or may not be available.
extern ExternalFunctions *EF;
// We are using a custom allocator to give a different symbol name to STL
// containers in order to avoid ODR violations.
template<typename T>
class fuzzer_allocator: public std::allocator<T> {
public:
fuzzer_allocator() = default;
template<class U>
fuzzer_allocator(const fuzzer_allocator<U>&) {}
template<class Other>
struct rebind { typedef fuzzer_allocator<Other> other; };
};
template<typename T>
using Vector = std::vector<T, fuzzer_allocator<T>>;
template<typename T>
using Set = std::set<T, std::less<T>, fuzzer_allocator<T>>;
typedef Vector<uint8_t> Unit;
typedef Vector<Unit> UnitVector;
typedef int (*UserCallback)(const uint8_t *Data, size_t Size);
int FuzzerDriver(int *argc, char ***argv, UserCallback Callback);
uint8_t *ExtraCountersBegin();
uint8_t *ExtraCountersEnd();
void ClearExtraCounters();
extern bool RunningUserCallback;
} // namespace fuzzer
#endif // LLVM_FUZZER_DEFS_H

compiler-rt/test/fuzzer/memcmp.test

UNSUPPORTED: freebsd UNSUPPORTED: freebsd
RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest
RUN: not %run %t-MemcmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s RUN: not %run %t-MemcmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s --check-prefix=CHECK1
CHECK: BINGO CHECK1: BINGO
RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp -o %t-NoAsanMemcmpTest
RUN: not %run %t-MemcmpTest -seed=1 -runs=10000000 2>&1 | FileCheck %s --check-prefix=CHECK2
CHECK2: BINGO
morehouseUnsubmitted
Done
ReplyInline Actions

CHECK1 and CHECK2 is unnecessary. Let's use the same CHECK for both.

morehouse: CHECK1 and CHECK2 is unnecessary. Let's use the same CHECK for both.
hctimUnsubmitted
Done
ReplyInline Actions

No need to have different CHECK's throughout this patchset (in both tests we're checking for the same thing.

UNSUPPORTED: freebsd
RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest
RUN: not %run %t-MemcmpTest               -seed=1 -runs=10000000   2>&1 | FileCheck %s

RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp -o %t-NoAsanMemcmpTest
RUN: not %run %t-MemcmpTest               -seed=1 -runs=10000000   2>&1 | FileCheck %s

CHECK: BINGO
hctim: No need to have different `CHECK`'s throughout this patchset (in both tests we're checking for…
morehouseUnsubmitted
Done
ReplyInline Actions

Why is the custom allocator test here useful?

morehouse: Why is the custom allocator test here useful?
dokyungsAuthorUnsubmitted
Done
ReplyInline Actions

To make sure exercise the path where memcmp is called (i) in the calloc context, and (ii) then again in the LLVMFuzzerTestOneInput context. %t-NoAsanCustomAllocatorTest only tests (i), and %t-NoAsanMemcmpTest only tests (ii).

dokyungs: To make sure exercise the path where memcmp is called (i) in the calloc context, and (ii) then…

compiler-rt/test/fuzzer/memcmp64.test

UNSUPPORTED: freebsd UNSUPPORTED: freebsd
RUN: %cpp_compiler %S/Memcmp64BytesTest.cpp -o %t-Memcmp64BytesTest RUN: %cpp_compiler %S/Memcmp64BytesTest.cpp -o %t-Memcmp64BytesTest
RUN: not %run %t-Memcmp64BytesTest -seed=1 -runs=1000000 2>&1 | FileCheck %s RUN: not %run %t-Memcmp64BytesTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=CHECK1
CHECK: BINGO CHECK1: BINGO
RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/Memcmp64BytesTest.cpp -o %t-NoAsanMemcmp64BytesTest
RUN: not %run %t-Memcmp64BytesTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=CHECK2
CHECK2: BINGO

compiler-rt/test/fuzzer/strcmp.test

UNSUPPORTED: freebsd UNSUPPORTED: freebsd
RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-StrcmpTest RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-StrcmpTest
RUN: not %run %t-StrcmpTest -seed=1 -runs=2000000 2>&1 | FileCheck %s RUN: not %run %t-StrcmpTest -seed=1 -runs=2000000 2>&1 | FileCheck %s --check-prefix=CHECK1
CHECK: BINGO CHECK1: BINGO
RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strcmp %S/StrcmpTest.cpp -o %t-NoAsanStrcmpTest
RUN: not %run %t-StrcmpTest -seed=1 -runs=2000000 2>&1 | FileCheck %s --check-prefix=CHECK2
CHECK2: BINGO

compiler-rt/test/fuzzer/strncmp.test

UNSUPPORTED: freebsd UNSUPPORTED: freebsd
RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-StrncmpTest RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-StrncmpTest
RUN: not %run %t-StrncmpTest -seed=2 -runs=10000000 2>&1 | FileCheck %s RUN: not %run %t-StrncmpTest -seed=2 -runs=10000000 2>&1 | FileCheck %s --check-prefix=CHECK1
CHECK: BINGO CHECK1: BINGO
RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strncmp %S/StrncmpTest.cpp -o %t-NoAsanStrncmpTest
RUN: not %run %t-StrncmpTest -seed=2 -runs=10000000 2>&1 | FileCheck %s --check-prefix=CHECK2
CHECK2: BINGO

compiler-rt/test/fuzzer/strstr.test

UNSUPPORTED: freebsd UNSUPPORTED: freebsd
RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-StrstrTest RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-StrstrTest
RUN: not %run %t-StrstrTest -seed=1 -runs=2000000 2>&1 | FileCheck %s RUN: not %run %t-StrstrTest -seed=1 -runs=2000000 2>&1 | FileCheck %s --check-prefix=CHECK1
CHECK: BINGO CHECK1: BINGO
RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strstr %S/StrstrTest.cpp -o %t-NoAsanStrstrTest
RUN: not %run %t-StrstrTest -seed=1 -runs=2000000 2>&1 | FileCheck %s --check-prefix=CHECK2
CHECK2: BINGO