Page MenuHomePhabricator

morehouse (Matt Morehouse)
User

Projects

User does not belong to any projects.

User Details

User Since
Jun 28 2017, 4:27 PM (198 w, 6 d)

Recent Activity

Fri, Apr 16

morehouse committed rG827ccc93b8f3: [fuzzer] Print reloaded file paths (authored by SweetVishnya).
[fuzzer] Print reloaded file paths
Fri, Apr 16, 10:01 AM
morehouse closed D100303: [fuzzer] Print reloaded file paths.
Fri, Apr 16, 10:00 AM · Restricted Project
morehouse added a comment to D98926: [sanitizer] Simplify GetTls with dl_iterate_phdr on Linux and use it on musl/FreeBSD.

PPC bots are also segfaulting during some MSan test after this patch: https://lab.llvm.org/buildbot/#/builders/19/builds/3665, https://lab.llvm.org/buildbot/#/builders/105/builds/8438

Fri, Apr 16, 8:54 AM · Restricted Project
morehouse added inline comments to D98926: [sanitizer] Simplify GetTls with dl_iterate_phdr on Linux and use it on musl/FreeBSD.
Fri, Apr 16, 8:49 AM · Restricted Project

Thu, Apr 15

morehouse accepted D100303: [fuzzer] Print reloaded file paths.

LGTM

Thu, Apr 15, 7:53 AM · Restricted Project

Wed, Apr 14

morehouse added a comment to D100303: [fuzzer] Print reloaded file paths.

We integrated our dynamic symbolic execution tool (Sydr) with libFuzzer. We feed generated inputs from Sydr to libFuzzer corpus. We need to know loaded (good) inputs to:

  1. Evaluate symbolic execution profit. We want to know which files were taken from Sydr.
  2. We should delete files that were not loaded by libFuzzer to keep corpus neat.
  3. Also, we want to know which files exactly made the profit (RELOAD -> +cov/+feature).
Wed, Apr 14, 12:02 PM · Restricted Project
morehouse added a comment to D100303: [fuzzer] Print reloaded file paths.

What are you trying to do with symbolic execution that requires this patch?

Wed, Apr 14, 9:18 AM · Restricted Project
morehouse added a comment to D100161: Redistribute energy for Corpus.

At this point I am not convinced this patch will provide benefit for the default use case when -entropic=1. I am hesitant to add complexity to the code for unsure benefit.

Wed, Apr 14, 9:06 AM · Restricted Project, Restricted Project

Tue, Apr 13

morehouse committed rGb351590baed5: [libFuzzer] Fix fuzzer-oom.test. (authored by morehouse).
[libFuzzer] Fix fuzzer-oom.test.
Tue, Apr 13, 11:34 AM
morehouse committed rG423024904825: [libFuzzer] Fix MSan false positives with custom mutators. (authored by morehouse).
[libFuzzer] Fix MSan false positives with custom mutators.
Tue, Apr 13, 10:50 AM
morehouse closed D100355: [libFuzzer] Fix MSan false positives with custom mutators..
Tue, Apr 13, 10:50 AM · Restricted Project
morehouse added a comment to D100161: Redistribute energy for Corpus.

If the effect is similar to entropic, why do we need this patch as well?

Tue, Apr 13, 9:30 AM · Restricted Project, Restricted Project

Mon, Apr 12

morehouse requested review of D100355: [libFuzzer] Fix MSan false positives with custom mutators..
Mon, Apr 12, 5:35 PM · Restricted Project
morehouse added a comment to D100161: Redistribute energy for Corpus.

Also, the descriptions states:

Mon, Apr 12, 10:39 AM · Restricted Project, Restricted Project
morehouse updated subscribers of D100161: Redistribute energy for Corpus.

Thanks for sharing your data. Took a quick look and seems promising.

Mon, Apr 12, 10:37 AM · Restricted Project, Restricted Project
morehouse added inline comments to D100220: [ASan] Allow new/delete replacement by making interceptors weak.
Mon, Apr 12, 8:48 AM · Restricted Project

Fri, Apr 9

morehouse added a comment to D100161: Redistribute energy for Corpus.

Thanks for the patch! Would you mind sharing the experimental data/results you obtained for this patch?

Fri, Apr 9, 8:37 AM · Restricted Project, Restricted Project

Fri, Apr 2

morehouse added a comment to D94517: Extract and expose FuzzerMonitor C interface..

Sorry if I'm misunderstanding the design. But how will we prevent stack trace skew from signals being delivered asynchronously?

i.e. We need a stack trace *now*, so we send a signal to that process. But by the time that process receives the signal, the IP is somewhere else, maybe a different function. So our stack trace is wrong.

You're correct. I've addressed this in both the implementations I've done so far, but I haven't stipulated it in the interface and I probably need to. On both Linux and Fuchsia, if an error callback is invoked, the calling thread in the remote process takes over handling responses from the engine process. It then sits in a loop handling any requests that come in until the connection is reset, at which point it exits. In this way, the code never returns from the stack frame above the error callback, and the stack trace is correct (modulo missing the actual call to, e.g., fuzzer::Fuzzer::LeakCallback). I'll add that requirement to the comments in FuzzerMonitor.h; if an implementer fails to do so, it should be obvious when the llvm-lit tests fail.

Fri, Apr 2, 8:57 AM · Restricted Project

Wed, Mar 31

morehouse accepted D94514: Support module-relative values in FuzzerMerge.

Please remove fuzzer-test and libFuzzer.a from the diff.

Wed, Mar 31, 12:59 PM · Restricted Project
morehouse added a comment to D94514: Support module-relative values in FuzzerMerge.

Fine with me if it reduces performance issues.

Okay; I've reworked this. It doesn't have any dependency on FuzzerModuleRelative now, and distinguishes between "FT/COV" and "FT_REL/COV_REL". It also doesn't touch FuzzerFork, as discussed.

In terms of performance, the smallest of microbenchmarks are kinda of apples-to-oranges due to various loop refactors, etc. Still most steps are +/- 10 microseconds. All told, it adds up to about 199 microseconds added to the average 27 *milliseconds* spent in CrashResistantMerge over 10k iterations (excluding measurements more than 10x the stdev; the outer loop's syscalls led to some aggressive outliers both before and after the change). This represents a performance increase of about 0.7%. I have a few ideas how to possibly squeeze even more; but I suspect we're in the realm of good enough.

Wed, Mar 31, 9:39 AM · Restricted Project

Mon, Mar 29

morehouse added a comment to D94514: Support module-relative values in FuzzerMerge.

I'm playing a bit with a version that introduces new markers: "FT_REL" and "COV_REL". I'll finish that up soon, post it, and collect some more perf numbers.

As for Fork; I'm *really* tempted to simply drop the fork-related changes, and say -fork=1 doesn't work with -remote=1, which would be enforced in D94522. WDYT?

Mon, Mar 29, 5:09 PM · Restricted Project

Thu, Mar 25

morehouse committed rG8e0bb21931db: [HWASan] Mention x86_64 aliasing mode in design doc. (authored by morehouse).
[HWASan] Mention x86_64 aliasing mode in design doc.
Thu, Mar 25, 2:22 PM
morehouse closed D98892: [HWASan] Mention x86_64 aliasing mode in design doc..
Thu, Mar 25, 2:22 PM · Restricted Project
morehouse committed rG96a4167b4c7e: [HWASan] Use page aliasing on x86_64. (authored by morehouse).
[HWASan] Use page aliasing on x86_64.
Thu, Mar 25, 7:05 AM
morehouse closed D98875: [HWASan] Use page aliasing on x86_64..
Thu, Mar 25, 7:04 AM · Restricted Project, Restricted Project
morehouse updated the diff for D98875: [HWASan] Use page aliasing on x86_64..
  • Add back UNTAGs for Linux syscalls.
Thu, Mar 25, 6:31 AM · Restricted Project, Restricted Project
morehouse reopened D98875: [HWASan] Use page aliasing on x86_64..
Thu, Mar 25, 6:31 AM · Restricted Project, Restricted Project

Wed, Mar 24

morehouse added a comment to D98875: [HWASan] Use page aliasing on x86_64..

Removing all the UNTAGs from tests caused an aarch64 bot (presumably without TBI) to fail: https://lab.llvm.org/buildbot/#/builders/53/builds/1634

Wed, Mar 24, 4:20 PM · Restricted Project, Restricted Project
morehouse committed rGc8ef98e5de0e: Revert "[HWASan] Use page aliasing on x86_64." (authored by morehouse).
Revert "[HWASan] Use page aliasing on x86_64."
Wed, Mar 24, 4:19 PM
morehouse added a reverting change for rG63f73c3eb971: [HWASan] Use page aliasing on x86_64.: rGc8ef98e5de0e: Revert "[HWASan] Use page aliasing on x86_64.".
Wed, Mar 24, 4:19 PM
morehouse added a reverting change for D98875: [HWASan] Use page aliasing on x86_64.: rGc8ef98e5de0e: Revert "[HWASan] Use page aliasing on x86_64.".
Wed, Mar 24, 4:19 PM · Restricted Project, Restricted Project
morehouse accepted D99295: [dfsan] Test dfsan_flush with origins.

LGTM

Wed, Mar 24, 1:47 PM · Restricted Project
morehouse committed rG63f73c3eb971: [HWASan] Use page aliasing on x86_64. (authored by morehouse).
[HWASan] Use page aliasing on x86_64.
Wed, Mar 24, 11:44 AM
morehouse closed D98875: [HWASan] Use page aliasing on x86_64..
Wed, Mar 24, 11:44 AM · Restricted Project, Restricted Project
morehouse accepted D98966: [dfsan] Add Origin ABI Wrappers.
Wed, Mar 24, 9:53 AM · Restricted Project
morehouse committed rG391b85bb0344: [sanitizer] Fix Solaris build. (authored by morehouse).
[sanitizer] Fix Solaris build.
Wed, Mar 24, 9:11 AM
morehouse added a comment to D98369: [sanitizer] Implement MapDynamicShadowAndAliases..
In D98369#2647334, @ro wrote:

This patch broke the Solaris buildbots (Solaris/sparcv9 and Solaris/amd64:

FAILED: projects/compiler-rt/lib/sanitizer_common/CMakeFiles/RTSanitizerCommonLibc.i386.dir/sanitizer_linux_libcdep.cpp.o
[...]
/vol/llvm/src/llvm-project/dist/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp: In function ‘__sanitizer::uptr __sanitizer::MremapCreateAlias(__sanitizer::uptr, __sanitizer::uptr, __sanitizer::uptr)’:
/vol/llvm/src/llvm-project/dist/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp:928:26: error: ‘MREMAP_MAYMOVE’ was not declared in this scope
  928 |                          MREMAP_MAYMOVE | MREMAP_FIXED,
      |                          ^~~~~~~~~~~~~~
/vol/llvm/src/llvm-project/dist/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp:928:43: error: ‘MREMAP_FIXED’ was not declared in this scope; did you mean ‘MAP_FIXED’?
  928 |                          MREMAP_MAYMOVE | MREMAP_FIXED,
      |                                           ^~~~~~~~~~~~
      |                                           MAP_FIXED

Despite its name, sanitizer_linux_libcdep.cpp is shared between FreeBSD, Linux, NetBSD, and Solaris, while according to the Linux manpage, mremap is Linux-only.

Wed, Mar 24, 8:46 AM · Restricted Project
morehouse committed rG643d87ebab78: [sanitizer] Fix Solaris build. (authored by morehouse).
[sanitizer] Fix Solaris build.
Wed, Mar 24, 8:44 AM

Tue, Mar 23

morehouse committed rG3e4faf08de5c: [HWASan] Refactor in preparation for x86 aliasing mode. NFC (authored by morehouse).
[HWASan] Refactor in preparation for x86 aliasing mode. NFC
Tue, Mar 23, 1:25 PM
morehouse closed D98373: [HWASan] Refactor in preparation for x86 aliasing mode. NFC.
Tue, Mar 23, 1:25 PM · Restricted Project
morehouse committed rGf85002d22c6b: [sanitizer] Implement MapDynamicShadowAndAliases. (authored by morehouse).
[sanitizer] Implement MapDynamicShadowAndAliases.
Tue, Mar 23, 11:52 AM
morehouse closed D98369: [sanitizer] Implement MapDynamicShadowAndAliases..
Tue, Mar 23, 11:52 AM · Restricted Project
morehouse added a comment to D94514: Support module-relative values in FuzzerMerge.

Regarding performance: I added some microbenchmarks in Merger::Parse and Fuzzer::CrashResistantMergeInternalStep around the parts that use ModuleRelativeValues objects. I then ran 1000 iterations of a test based on the first non-empty merge in compiler-rt/test/fuzzer/merge.test.

Roughly speaking, this change did increase the time spent in those loops by around 2x: from an average of 18.2 microseconds to 37.8 for merging, and from 20.9 to 45.7 microseconds for parsing. This seems intuitively right, as this change is adding a map lookup to each set insertion. Overall, for the whole -merge=1 command I measured a slowdown of approximately 7.3%, although I'm less confident of my methodology there. I ran time on a whole for i in $(seq 1000); do ... done kind of thing, and the standard deviation was higher than I'd like. Based on the microbenchmarks, I would have expected something closer to 3% (based on the 166.7 extra microseconds from 6 merges and two parses performed in the test).

All in all, it's a bit higher than I had hoped. Let me know if you feel this is getting to be too expensive. I think the module-relative values are definitely needed (since multiple remote processes may be started and have their module load order interleaved), but maybe it's worth only using them for remote fuzzers, and keep using the current approach for normal fuzzers. Supporting two different formats has some obvious maintenance drawbacks, but I could understand if it were necessary.

Tue, Mar 23, 10:26 AM · Restricted Project
morehouse committed rG642b80013ca6: [sanitizer] Support dynamic premapped R/W range in primary allocator. (authored by morehouse).
[sanitizer] Support dynamic premapped R/W range in primary allocator.
Tue, Mar 23, 10:00 AM
morehouse closed D98293: [sanitizer] Support dynamic premapped R/W range in primary allocator..
Tue, Mar 23, 10:00 AM · Restricted Project
morehouse updated the diff for D98293: [sanitizer] Support dynamic premapped R/W range in primary allocator..
  • Disable tests on Android and Windows due to OOM.
Tue, Mar 23, 9:29 AM · Restricted Project

Mon, Mar 22

morehouse committed rGbca0cf768b60: [sanitizer] Support dynamic premapped R/W range in primary allocator. (authored by morehouse).
[sanitizer] Support dynamic premapped R/W range in primary allocator.
Mon, Mar 22, 2:46 PM
morehouse closed D98293: [sanitizer] Support dynamic premapped R/W range in primary allocator..
Mon, Mar 22, 2:45 PM · Restricted Project
morehouse committed rGfe5f66d925c3: [HWASan][NFC] Introduce constants for tag bits and masks. (authored by morehouse).
[HWASan][NFC] Introduce constants for tag bits and masks.
Mon, Mar 22, 12:33 PM
morehouse closed D98072: [HWASan][NFC] Introduce constants for tag bits and masks..
Mon, Mar 22, 12:33 PM · Restricted Project
morehouse committed rGc21f72e65a4d: [HWASan] Fix brittle stack-oob.c test. (authored by morehouse).
[HWASan] Fix brittle stack-oob.c test.
Mon, Mar 22, 11:09 AM
morehouse updated the diff for D98875: [HWASan] Use page aliasing on x86_64..
  • Fix includes; use RingBufferSize().
Mon, Mar 22, 9:05 AM · Restricted Project, Restricted Project
morehouse committed rG772851ca4e50: [HWASan] Disable stack, globals and force callbacks for x86_64. (authored by morehouse).
[HWASan] Disable stack, globals and force callbacks for x86_64.
Mon, Mar 22, 8:03 AM
morehouse closed D98069: [HWASan] Disable stack, globals and force callbacks for x86_64..
Mon, Mar 22, 8:02 AM · Restricted Project, Restricted Project

Mar 19 2021

morehouse updated the diff for D98892: [HWASan] Mention x86_64 aliasing mode in design doc..
  • Expand on lack of 32 bit support.
Mar 19 2021, 8:47 AM · Restricted Project

Mar 18 2021

morehouse updated the diff for D98892: [HWASan] Mention x86_64 aliasing mode in design doc..
  • Format fork() as code.
Mar 18 2021, 1:20 PM · Restricted Project
morehouse requested review of D98892: [HWASan] Mention x86_64 aliasing mode in design doc..
Mar 18 2021, 1:17 PM · Restricted Project
morehouse accepted D98790: [dfsan] Add origin ABI wrappers.
Mar 18 2021, 11:31 AM · Restricted Project
morehouse added a comment to D98734: [dfsan] Add -dfsan-fast-8-labels flag.

LGTM once you get Jianzhou's approval.

Mar 18 2021, 11:22 AM · Restricted Project, Restricted Project
morehouse added inline comments to D98790: [dfsan] Add origin ABI wrappers.
Mar 18 2021, 10:12 AM · Restricted Project
morehouse requested review of D98875: [HWASan] Use page aliasing on x86_64..
Mar 18 2021, 9:54 AM · Restricted Project, Restricted Project
morehouse updated the diff for D98373: [HWASan] Refactor in preparation for x86 aliasing mode. NFC.
  • Update comment.
Mar 18 2021, 9:52 AM · Restricted Project

Mar 17 2021

morehouse added inline comments to D98373: [HWASan] Refactor in preparation for x86 aliasing mode. NFC.
Mar 17 2021, 2:34 PM · Restricted Project
morehouse updated the diff for D98373: [HWASan] Refactor in preparation for x86 aliasing mode. NFC.
  • Check InTaggableRegion before other checks in malloc/free.
Mar 17 2021, 2:25 PM · Restricted Project
morehouse retitled D98373: [HWASan] Refactor in preparation for x86 aliasing mode. NFC from [HWASan] Refactor in preparation for x86 aliasing mode. to [HWASan] Refactor in preparation for x86 aliasing mode. NFC.
Mar 17 2021, 12:23 PM · Restricted Project
morehouse updated the diff for D98373: [HWASan] Refactor in preparation for x86 aliasing mode. NFC.
  • Remove unused includes.
Mar 17 2021, 12:22 PM · Restricted Project
morehouse updated the diff for D98373: [HWASan] Refactor in preparation for x86 aliasing mode. NFC.
  • Avoid base tag complexities by only storing changeable bits in shadow.
Mar 17 2021, 12:19 PM · Restricted Project
morehouse updated the diff for D98293: [sanitizer] Support dynamic premapped R/W range in primary allocator..
  • Add TODO for release callback support.
Mar 17 2021, 11:52 AM · Restricted Project
morehouse added a comment to D98072: [HWASan][NFC] Introduce constants for tag bits and masks..

@eugenis @vitalybuka I've made some changes to this patch to accommodate changes in the following patches. Please take another look.

Mar 17 2021, 11:44 AM · Restricted Project
morehouse updated the diff for D98072: [HWASan][NFC] Introduce constants for tag bits and masks..
  • Remove kAddressUntagMask. It's unneeded with short tags.
  • Add num_bits param to GenerateRandomTag() for use in aliasing mode free().
Mar 17 2021, 11:41 AM · Restricted Project

Mar 16 2021

morehouse accepted D98636: [dfsan] Add origin ABI wrappers.

LGTM

Mar 16 2021, 4:02 PM · Restricted Project
morehouse added inline comments to D98636: [dfsan] Add origin ABI wrappers.
Mar 16 2021, 10:41 AM · Restricted Project

Mar 15 2021

morehouse added inline comments to D98636: [dfsan] Add origin ABI wrappers.
Mar 15 2021, 2:47 PM · Restricted Project

Mar 12 2021

morehouse accepted D98359: [dfsan] Add origin ABI wrappers for thread/signal/fork.

LGTM

Mar 12 2021, 3:44 PM · Restricted Project
morehouse added a comment to D98280: [compiler-rt][asan] Make wild-pointer crash error more useful.

Broke the test on Windows: https://lab.llvm.org/buildbot/#/builders/127/builds/7495

Mar 12 2021, 3:40 PM · Restricted Project
morehouse added inline comments to D98359: [dfsan] Add origin ABI wrappers for thread/signal/fork.
Mar 12 2021, 3:13 PM · Restricted Project
morehouse added a comment to D97975: [libFuzzer] add attribute noinline on Fuzzer::ExecuteCallback().
Mar 12 2021, 2:41 PM · Restricted Project
morehouse committed rG4b82f614745b: [libFuzzer] Use macro instead of __attribute__. (authored by morehouse).
[libFuzzer] Use macro instead of __attribute__.
Mar 12 2021, 2:38 PM
morehouse added a comment to D98147: [SCEV] Improve modelling for pointer constants.

This change appears to have broken the UBSan bot: https://lab.llvm.org/buildbot/#/builders/85/builds/3062/steps/7/logs/stdio

Mar 12 2021, 2:32 PM · Restricted Project
morehouse added inline comments to D98293: [sanitizer] Support dynamic premapped R/W range in primary allocator..
Mar 12 2021, 11:34 AM · Restricted Project
morehouse added a comment to D97975: [libFuzzer] add attribute noinline on Fuzzer::ExecuteCallback().

This broke the windows build: https://lab.llvm.org/buildbot/#/builders/127/builds/7433

Mar 12 2021, 11:20 AM · Restricted Project
morehouse added inline comments to D98359: [dfsan] Add origin ABI wrappers for thread/signal/fork.
Mar 12 2021, 9:20 AM · Restricted Project
morehouse accepted D94522: Add remote flags and external functions.

LGTM

Mar 12 2021, 8:15 AM · Restricted Project

Mar 11 2021

morehouse added inline comments to D98359: [dfsan] Add origin ABI wrappers for thread/signal/fork.
Mar 11 2021, 4:06 PM · Restricted Project
morehouse added inline comments to D94521: Add FuzzerRemote.
Mar 11 2021, 3:09 PM · Restricted Project
morehouse added inline comments to D98369: [sanitizer] Implement MapDynamicShadowAndAliases..
Mar 11 2021, 9:16 AM · Restricted Project
morehouse updated the diff for D98369: [sanitizer] Implement MapDynamicShadowAndAliases..
  • Simplify and improve readability.
Mar 11 2021, 9:15 AM · Restricted Project
morehouse added a comment to D98293: [sanitizer] Support dynamic premapped R/W range in primary allocator..

LGTM if "release" will be addressed in another patch

Mar 11 2021, 9:05 AM · Restricted Project
morehouse updated the diff for D98293: [sanitizer] Support dynamic premapped R/W range in primary allocator..
  • Check bounds on mmaps.
Mar 11 2021, 9:05 AM · Restricted Project
morehouse accepted D97975: [libFuzzer] add attribute noinline on Fuzzer::ExecuteCallback().

LGTM

Mar 11 2021, 8:15 AM · Restricted Project

Mar 10 2021

morehouse planned changes to D98373: [HWASan] Refactor in preparation for x86 aliasing mode. NFC.

Talked with @eugenis offline. I'm going to look into getting rid of "base tags" by only storing the changeable bits in shadow.

Mar 10 2021, 3:36 PM · Restricted Project
morehouse added inline comments to D98293: [sanitizer] Support dynamic premapped R/W range in primary allocator..
Mar 10 2021, 2:44 PM · Restricted Project
morehouse requested review of D98373: [HWASan] Refactor in preparation for x86 aliasing mode. NFC.
Mar 10 2021, 2:42 PM · Restricted Project
morehouse updated the diff for D98369: [sanitizer] Implement MapDynamicShadowAndAliases..
  • Use internal_mremap.
Mar 10 2021, 2:38 PM · Restricted Project
morehouse requested review of D98369: [sanitizer] Implement MapDynamicShadowAndAliases..
Mar 10 2021, 1:13 PM · Restricted Project
morehouse added inline comments to D98293: [sanitizer] Support dynamic premapped R/W range in primary allocator..
Mar 10 2021, 10:20 AM · Restricted Project

Mar 9 2021

morehouse accepted D98268: [dfsan] Tracking origins at phi nodes.

LGTM

Mar 9 2021, 3:32 PM · Restricted Project, Restricted Project
morehouse added a comment to D98268: [dfsan] Tracking origins at phi nodes.

Can we add an end-to-end test to compiler-rt?

Mar 9 2021, 3:00 PM · Restricted Project, Restricted Project
morehouse requested review of D98293: [sanitizer] Support dynamic premapped R/W range in primary allocator..
Mar 9 2021, 2:38 PM · Restricted Project
morehouse added a comment to D98268: [dfsan] Tracking origins at phi nodes.

Can we add an end-to-end test as well?

Mar 9 2021, 11:43 AM · Restricted Project, Restricted Project