subject:"\[PATCH\] D83494\: \[libFuzzer\] Link libFuzzer's own interceptors when other compiler runtimes are not linked."

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-23 Thread Dokyung Song via Phabricator via cfe-commits

dokyungs added a comment.

In D83494#2170838 , @dmajor wrote:

> After this commit, several of our builds are failing with 
> `FuzzerInterceptors.cpp:30:10: fatal error: 
> 'sanitizer/common_interface_defs.h' file not found`. This is odd because the 
> file certainly seems like it exists. Is there a missing include path 
> somewhere, perhaps?


There seems to be a missing `include_directories` in CMakeLists.txt. I will 
send out a patch for review shortly.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-23 Thread dmajor via Phabricator via cfe-commits

dmajor added a comment.

After this commit, several of our builds are failing with 
`FuzzerInterceptors.cpp:30:10: fatal error: 'sanitizer/common_interface_defs.h' 
file not found`. This is odd because the file certainly seems like it exists. 
Is there a missing include path somewhere, perhaps?


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-23 Thread Dokyung Song via Phabricator via cfe-commits

This revision was automatically updated to reflect the committed changes.
dokyungs marked an inline comment as done.
Closed by commit rG831ae45e3dc6: Recommit [libFuzzer] Link 
libFuzzers own interceptors when other compiler… (authored by dokyungs).

Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494

Files:
  clang/include/clang/Driver/SanitizerArgs.h
  clang/lib/Driver/SanitizerArgs.cpp
  clang/lib/Driver/ToolChains/CommonArgs.cpp
  compiler-rt/lib/fuzzer/CMakeLists.txt
  compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
  compiler-rt/test/fuzzer/CustomAllocator.cpp
  compiler-rt/test/fuzzer/custom-allocator.test
  compiler-rt/test/fuzzer/memcmp.test
  compiler-rt/test/fuzzer/memcmp64.test
  compiler-rt/test/fuzzer/strcmp.test
  compiler-rt/test/fuzzer/strncmp.test
  compiler-rt/test/fuzzer/strstr.test

Index: compiler-rt/test/fuzzer/strstr.test
===
--- compiler-rt/test/fuzzer/strstr.test
+++ compiler-rt/test/fuzzer/strstr.test
@@ -1,5 +1,11 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-StrstrTest
 RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strstr %S/StrstrTest.cpp -o %t-NoAsanStrstrTest
+RUN: not %run %t-NoAsanStrstrTest -seed=1 -runs=200   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-calloc -fno-builtin-strstr %S/CustomAllocator.cpp %S/StrstrTest.cpp -o %t-NoAsanCustomAllocatorStrstrTest
+RUN: not %run %t-NoAsanCustomAllocatorStrstrTest -seed=1 -runs=200   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/strncmp.test
===
--- compiler-rt/test/fuzzer/strncmp.test
+++ compiler-rt/test/fuzzer/strncmp.test
@@ -1,5 +1,11 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-StrncmpTest
 RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strncmp %S/StrncmpTest.cpp -o %t-NoAsanStrncmpTest
+RUN: not %run %t-NoAsanStrncmpTest-seed=2 -runs=1000   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-calloc -fno-builtin-strncmp %S/CustomAllocator.cpp %S/StrncmpTest.cpp -o %t-NoAsanCustomAllocatorStrncmpTest
+RUN: not %run %t-NoAsanCustomAllocatorStrncmpTest -seed=2 -runs=1000   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/strcmp.test
===
--- compiler-rt/test/fuzzer/strcmp.test
+++ compiler-rt/test/fuzzer/strcmp.test
@@ -1,5 +1,11 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-StrcmpTest
 RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strcmp %S/StrcmpTest.cpp -o %t-NoAsanStrcmpTest
+RUN: not %run %t-NoAsanStrcmpTest -seed=1 -runs=200   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-calloc -fno-builtin-strcmp %S/CustomAllocator.cpp %S/StrcmpTest.cpp -o %t-NoAsanCustomAllocatorStrcmpTest
+RUN: not %run %t-NoAsanCustomAllocatorStrcmpTest -seed=1 -runs=200   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp64.test
===
--- compiler-rt/test/fuzzer/memcmp64.test
+++ compiler-rt/test/fuzzer/memcmp64.test
@@ -1,4 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/Memcmp64BytesTest.cpp -o %t-Memcmp64BytesTest
 RUN: not %run %t-Memcmp64BytesTest-seed=1 -runs=100   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/Memcmp64BytesTest.cpp -o %t-NoAsanMemcmp64BytesTest
+RUN: not %run %t-NoAsanMemcmp64BytesTest  -seed=1 -runs=100   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp.test
===
--- compiler-rt/test/fuzzer/memcmp.test
+++ compiler-rt/test/fuzzer/memcmp.test
@@ -1,4 +1,11 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest
 RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp -o %t-NoAsanMemcmpTest
+RUN: not %run %t-NoAsanMemcmpTest -seed=1 -runs=1000   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-calloc -fno-builtin-memcmp %S/CustomAllocator.cpp %S/MemcmpTest.cpp -o %t-NoAsanCustomAllocatorMemcmpTest
+RUN: not %run %t-NoAsanCustomAllocatorMemcmpTest -seed=1 -runs=1000   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index: compiler-rt/test/fuzzer/custom-allocator.test

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-22 Thread Dokyung Song via Phabricator via cfe-commits

dokyungs marked 2 inline comments as done.
dokyungs added inline comments.



Comment at: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:86
+s2++;
+  }
+  return 0;

morehouse wrote:
> Lot's of common code with `internal_strncmp`.  Let's factor it out into a 
> helper function.
Factored it out into a new function: `internal_strcmp_strncmp`


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-22 Thread Matt Morehouse via Phabricator via cfe-commits

morehouse accepted this revision.
morehouse added a comment.

LGTM


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-22 Thread Dokyung Song via Phabricator via cfe-commits

dokyungs updated this revision to Diff 279982.
dokyungs added a comment.

Introduced a helper function to reduce duplicated code.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494

Files:
  clang/include/clang/Driver/SanitizerArgs.h
  clang/lib/Driver/SanitizerArgs.cpp
  clang/lib/Driver/ToolChains/CommonArgs.cpp
  compiler-rt/lib/fuzzer/CMakeLists.txt
  compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
  compiler-rt/test/fuzzer/CustomAllocator.cpp
  compiler-rt/test/fuzzer/custom-allocator.test
  compiler-rt/test/fuzzer/memcmp.test
  compiler-rt/test/fuzzer/memcmp64.test
  compiler-rt/test/fuzzer/strcmp.test
  compiler-rt/test/fuzzer/strncmp.test
  compiler-rt/test/fuzzer/strstr.test

Index: compiler-rt/test/fuzzer/strstr.test
===
--- compiler-rt/test/fuzzer/strstr.test
+++ compiler-rt/test/fuzzer/strstr.test
@@ -1,5 +1,11 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-StrstrTest
 RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strstr %S/StrstrTest.cpp -o %t-NoAsanStrstrTest
+RUN: not %run %t-NoAsanStrstrTest -seed=1 -runs=200   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-calloc -fno-builtin-strstr %S/CustomAllocator.cpp %S/StrstrTest.cpp -o %t-NoAsanCustomAllocatorStrstrTest
+RUN: not %run %t-NoAsanCustomAllocatorStrstrTest -seed=1 -runs=200   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/strncmp.test
===
--- compiler-rt/test/fuzzer/strncmp.test
+++ compiler-rt/test/fuzzer/strncmp.test
@@ -1,5 +1,11 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-StrncmpTest
 RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strncmp %S/StrncmpTest.cpp -o %t-NoAsanStrncmpTest
+RUN: not %run %t-NoAsanStrncmpTest-seed=2 -runs=1000   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-calloc -fno-builtin-strncmp %S/CustomAllocator.cpp %S/StrncmpTest.cpp -o %t-NoAsanCustomAllocatorStrncmpTest
+RUN: not %run %t-NoAsanCustomAllocatorStrncmpTest -seed=2 -runs=1000   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/strcmp.test
===
--- compiler-rt/test/fuzzer/strcmp.test
+++ compiler-rt/test/fuzzer/strcmp.test
@@ -1,5 +1,11 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-StrcmpTest
 RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strcmp %S/StrcmpTest.cpp -o %t-NoAsanStrcmpTest
+RUN: not %run %t-NoAsanStrcmpTest -seed=1 -runs=200   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-calloc -fno-builtin-strcmp %S/CustomAllocator.cpp %S/StrcmpTest.cpp -o %t-NoAsanCustomAllocatorStrcmpTest
+RUN: not %run %t-NoAsanCustomAllocatorStrcmpTest -seed=1 -runs=200   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp64.test
===
--- compiler-rt/test/fuzzer/memcmp64.test
+++ compiler-rt/test/fuzzer/memcmp64.test
@@ -1,4 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/Memcmp64BytesTest.cpp -o %t-Memcmp64BytesTest
 RUN: not %run %t-Memcmp64BytesTest-seed=1 -runs=100   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/Memcmp64BytesTest.cpp -o %t-NoAsanMemcmp64BytesTest
+RUN: not %run %t-NoAsanMemcmp64BytesTest  -seed=1 -runs=100   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp.test
===
--- compiler-rt/test/fuzzer/memcmp.test
+++ compiler-rt/test/fuzzer/memcmp.test
@@ -1,4 +1,11 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest
 RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp -o %t-NoAsanMemcmpTest
+RUN: not %run %t-NoAsanMemcmpTest -seed=1 -runs=1000   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-calloc -fno-builtin-memcmp %S/CustomAllocator.cpp %S/MemcmpTest.cpp -o %t-NoAsanCustomAllocatorMemcmpTest
+RUN: not %run %t-NoAsanCustomAllocatorMemcmpTest -seed=1 -runs=1000   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index: compiler-rt/test/fuzzer/custom-allocator.test
===
--- /dev/null
+++ compiler-rt/test/fuzzer/custom-allocator.test
@@ -0,0 +1,9

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-22 Thread Matt Morehouse via Phabricator via cfe-commits

morehouse added inline comments.



Comment at: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:86
+s2++;
+  }
+  return 0;

Lot's of common code with `internal_strncmp`.  Let's factor it out into a 
helper function.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-22 Thread Dokyung Song via Phabricator via cfe-commits

dokyungs marked 4 inline comments as done.
dokyungs added inline comments.



Comment at: compiler-rt/test/fuzzer/custom-allocator.test:2
+UNSUPPORTED: freebsd
+RUN: %cpp_compiler -fno-sanitize=all -fno-builtin %S/CustomAllocator.cpp -fPIC 
%ld_flags_rpath_so1 -O0 -shared -o %dynamiclib1
+RUN: %cpp_compiler -fno-sanitize=address %S/CustomAllocatorTest.cpp 
%ld_flags_rpath_exe1 -o %t-NoAsanCustomAllocatorTest

morehouse wrote:
> dokyungs wrote:
> > morehouse wrote:
> > > Why do we need each of these flags?
> > With all the flags, I designed this test for the recent failure scenario in 
> > which tcmalloc calls strncmp (+memcmp/strstr) when the fuzzer interceptor 
> > library is linked into the libFuzzer executable.
> > 
> > As such, we need to turn off ASan (-fno-sanitize=address) when building the 
> > executable to let the fuzzer interceptor library be linked.
> > 
> > As to the flags used to build the allocator shared library, I wanted to 
> > disable ASan and Fuzzer (via `-fno-sanitize=all`) because allocator 
> > libraries are typically not instrumented for OOB/UAF errors or coverage. I 
> > also wanted to prevent the compiler from optimizing out our calls to 
> > strncmp(+memcmp/strstr) by giving `-fno-builtin`; calls to these functions 
> > must go to the fuzzer interceptor library to comply with the scenario.
> Yes, those flags make sense.  What about `-fPIC %ld_flags_rpath_so1 -O0 
> -shared`?
Removed unnecessary use of a shared library for testing custom allocator. 
Instead, compile and statically link the allocator into the test.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-22 Thread Dokyung Song via Phabricator via cfe-commits

dokyungs updated this revision to Diff 279946.
dokyungs marked an inline comment as done.
dokyungs added a comment.

Introduce internal_strcmp and update tests accordingly.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494

Files:
  clang/include/clang/Driver/SanitizerArgs.h
  clang/lib/Driver/SanitizerArgs.cpp
  clang/lib/Driver/ToolChains/CommonArgs.cpp
  compiler-rt/lib/fuzzer/CMakeLists.txt
  compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
  compiler-rt/test/fuzzer/CustomAllocator.cpp
  compiler-rt/test/fuzzer/custom-allocator.test
  compiler-rt/test/fuzzer/memcmp.test
  compiler-rt/test/fuzzer/memcmp64.test
  compiler-rt/test/fuzzer/strcmp.test
  compiler-rt/test/fuzzer/strncmp.test
  compiler-rt/test/fuzzer/strstr.test

Index: compiler-rt/test/fuzzer/strstr.test
===
--- compiler-rt/test/fuzzer/strstr.test
+++ compiler-rt/test/fuzzer/strstr.test
@@ -1,5 +1,11 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-StrstrTest
 RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strstr %S/StrstrTest.cpp -o %t-NoAsanStrstrTest
+RUN: not %run %t-NoAsanStrstrTest -seed=1 -runs=200   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-calloc -fno-builtin-strstr %S/CustomAllocator.cpp %S/StrstrTest.cpp -o %t-NoAsanCustomAllocatorStrstrTest
+RUN: not %run %t-NoAsanCustomAllocatorStrstrTest -seed=1 -runs=200   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/strncmp.test
===
--- compiler-rt/test/fuzzer/strncmp.test
+++ compiler-rt/test/fuzzer/strncmp.test
@@ -1,5 +1,11 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-StrncmpTest
 RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strncmp %S/StrncmpTest.cpp -o %t-NoAsanStrncmpTest
+RUN: not %run %t-NoAsanStrncmpTest-seed=2 -runs=1000   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-calloc -fno-builtin-strncmp %S/CustomAllocator.cpp %S/StrncmpTest.cpp -o %t-NoAsanCustomAllocatorStrncmpTest
+RUN: not %run %t-NoAsanCustomAllocatorStrncmpTest -seed=2 -runs=1000   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/strcmp.test
===
--- compiler-rt/test/fuzzer/strcmp.test
+++ compiler-rt/test/fuzzer/strcmp.test
@@ -1,5 +1,11 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-StrcmpTest
 RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strcmp %S/StrcmpTest.cpp -o %t-NoAsanStrcmpTest
+RUN: not %run %t-NoAsanStrcmpTest -seed=1 -runs=200   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-calloc -fno-builtin-strcmp %S/CustomAllocator.cpp %S/StrcmpTest.cpp -o %t-NoAsanCustomAllocatorStrcmpTest
+RUN: not %run %t-NoAsanCustomAllocatorStrcmpTest -seed=1 -runs=200   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp64.test
===
--- compiler-rt/test/fuzzer/memcmp64.test
+++ compiler-rt/test/fuzzer/memcmp64.test
@@ -1,4 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/Memcmp64BytesTest.cpp -o %t-Memcmp64BytesTest
 RUN: not %run %t-Memcmp64BytesTest-seed=1 -runs=100   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/Memcmp64BytesTest.cpp -o %t-NoAsanMemcmp64BytesTest
+RUN: not %run %t-NoAsanMemcmp64BytesTest  -seed=1 -runs=100   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp.test
===
--- compiler-rt/test/fuzzer/memcmp.test
+++ compiler-rt/test/fuzzer/memcmp.test
@@ -1,4 +1,11 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest
 RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp -o %t-NoAsanMemcmpTest
+RUN: not %run %t-NoAsanMemcmpTest -seed=1 -runs=1000   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-calloc -fno-builtin-memcmp %S/CustomAllocator.cpp %S/MemcmpTest.cpp -o %t-NoAsanCustomAllocatorMemcmpTest
+RUN: not %run %t-NoAsanCustomAllocatorMemcmpTest -seed=1 -runs=1000   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index: compiler-rt/test/fuzzer/custom-allocator.test
===
--- /dev/null
+++

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-20 Thread Matt Morehouse via Phabricator via cfe-commits

morehouse added inline comments.



Comment at: compiler-rt/test/fuzzer/custom-allocator.test:2
+UNSUPPORTED: freebsd
+RUN: %cpp_compiler -fno-sanitize=all -fno-builtin %S/CustomAllocator.cpp -fPIC 
%ld_flags_rpath_so1 -O0 -shared -o %dynamiclib1
+RUN: %cpp_compiler -fno-sanitize=address %S/CustomAllocatorTest.cpp 
%ld_flags_rpath_exe1 -o %t-NoAsanCustomAllocatorTest

dokyungs wrote:
> morehouse wrote:
> > Why do we need each of these flags?
> With all the flags, I designed this test for the recent failure scenario in 
> which tcmalloc calls strncmp (+memcmp/strstr) when the fuzzer interceptor 
> library is linked into the libFuzzer executable.
> 
> As such, we need to turn off ASan (-fno-sanitize=address) when building the 
> executable to let the fuzzer interceptor library be linked.
> 
> As to the flags used to build the allocator shared library, I wanted to 
> disable ASan and Fuzzer (via `-fno-sanitize=all`) because allocator libraries 
> are typically not instrumented for OOB/UAF errors or coverage. I also wanted 
> to prevent the compiler from optimizing out our calls to 
> strncmp(+memcmp/strstr) by giving `-fno-builtin`; calls to these functions 
> must go to the fuzzer interceptor library to comply with the scenario.
Yes, those flags make sense.  What about `-fPIC %ld_flags_rpath_so1 -O0 
-shared`?


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-17 Thread Dokyung Song via Phabricator via cfe-commits

dokyungs marked 4 inline comments as done.
dokyungs added inline comments.



Comment at: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:119
+return internal_memcmp(s1, s2, n);
+  ensureFuzzerInited();
+  int result = REAL(memcmp)(s1, s2, n);

morehouse wrote:
> I think `ensureFuzzerInited` is no longer useful here.
Fixed also in `strncmp` and `strstr` interceptors.



Comment at: compiler-rt/test/fuzzer/custom-allocator.test:2
+UNSUPPORTED: freebsd
+RUN: %cpp_compiler -fno-sanitize=all -fno-builtin %S/CustomAllocator.cpp -fPIC 
%ld_flags_rpath_so1 -O0 -shared -o %dynamiclib1
+RUN: %cpp_compiler -fno-sanitize=address %S/CustomAllocatorTest.cpp 
%ld_flags_rpath_exe1 -o %t-NoAsanCustomAllocatorTest

morehouse wrote:
> Why do we need each of these flags?
With all the flags, I designed this test for the recent failure scenario in 
which tcmalloc calls strncmp (+memcmp/strstr) when the fuzzer interceptor 
library is linked into the libFuzzer executable.

As such, we need to turn off ASan (-fno-sanitize=address) when building the 
executable to let the fuzzer interceptor library be linked.

As to the flags used to build the allocator shared library, I wanted to disable 
ASan and Fuzzer (via `-fno-sanitize=all`) because allocator libraries are 
typically not instrumented for OOB/UAF errors or coverage. I also wanted to 
prevent the compiler from optimizing out our calls to strncmp(+memcmp/strstr) 
by giving `-fno-builtin`; calls to these functions must go to the fuzzer 
interceptor library to comply with the scenario.



Comment at: compiler-rt/test/fuzzer/memcmp.test:9
+RUN: %cpp_compiler -fno-sanitize=all -fno-builtin %S/CustomAllocator.cpp -fPIC 
%ld_flags_rpath_so1 -O0 -shared -o %dynamiclib1
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp 
%ld_flags_rpath_exe1 -o %t-NoAsanCustomAllocatorMemcmpTest
+RUN: not %run %t-NoAsanCustomAllocatorMemcmpTest-seed=1 -runs=1000 
  2>&1 | FileCheck %s

morehouse wrote:
> Why is the custom allocator test here useful?
To make sure exercise the path where memcmp is called (i) in the calloc 
context, and (ii) then again in the LLVMFuzzerTestOneInput context. 
%t-NoAsanCustomAllocatorTest only tests (i), and %t-NoAsanMemcmpTest only tests 
(ii).


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-17 Thread Dokyung Song via Phabricator via cfe-commits

dokyungs updated this revision to Diff 278924.
dokyungs marked 2 inline comments as done.
dokyungs added a comment.

Removed CustomAllocatorTest.cpp. Instead, use EmptyTest.cpp.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494

Files:
  clang/include/clang/Driver/SanitizerArgs.h
  clang/lib/Driver/SanitizerArgs.cpp
  clang/lib/Driver/ToolChains/CommonArgs.cpp
  compiler-rt/lib/fuzzer/CMakeLists.txt
  compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
  compiler-rt/test/fuzzer/CustomAllocator.cpp
  compiler-rt/test/fuzzer/custom-allocator.test
  compiler-rt/test/fuzzer/memcmp.test
  compiler-rt/test/fuzzer/memcmp64.test
  compiler-rt/test/fuzzer/strcmp.test
  compiler-rt/test/fuzzer/strncmp.test
  compiler-rt/test/fuzzer/strstr.test

Index: compiler-rt/test/fuzzer/strstr.test
===
--- compiler-rt/test/fuzzer/strstr.test
+++ compiler-rt/test/fuzzer/strstr.test
@@ -1,5 +1,12 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-StrstrTest
 RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strstr %S/StrstrTest.cpp -o %t-NoAsanStrstrTest
+RUN: not %run %t-NoAsanStrstrTest -seed=1 -runs=200   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=all -fno-builtin %S/CustomAllocator.cpp -fPIC %ld_flags_rpath_so1 -O0 -shared -o %dynamiclib1
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strstr %S/StrstrTest.cpp %ld_flags_rpath_exe1 -o %t-NoAsanCustomAllocatorStrstrTest
+RUN: not %run %t-NoAsanCustomAllocatorStrstrTest-seed=1 -runs=200   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/strncmp.test
===
--- compiler-rt/test/fuzzer/strncmp.test
+++ compiler-rt/test/fuzzer/strncmp.test
@@ -1,5 +1,12 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-StrncmpTest
 RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strncmp %S/StrncmpTest.cpp -o %t-NoAsanStrncmpTest
+RUN: not %run %t-NoAsanStrncmpTest-seed=2 -runs=1000   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=all -fno-builtin %S/CustomAllocator.cpp -fPIC %ld_flags_rpath_so1 -O0 -shared -o %dynamiclib1
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strncmp %S/StrncmpTest.cpp %ld_flags_rpath_exe1 -o %t-NoAsanCustomAllocatorStrncmpTest
+RUN: not %run %t-NoAsanCustomAllocatorStrncmpTest-seed=2 -runs=1000   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/strcmp.test
===
--- compiler-rt/test/fuzzer/strcmp.test
+++ compiler-rt/test/fuzzer/strcmp.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-StrcmpTest
 RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strcmp %S/StrcmpTest.cpp -o %t-NoAsanStrcmpTest
+RUN: not %run %t-NoAsanStrcmpTest -seed=1 -runs=200   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp64.test
===
--- compiler-rt/test/fuzzer/memcmp64.test
+++ compiler-rt/test/fuzzer/memcmp64.test
@@ -1,4 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/Memcmp64BytesTest.cpp -o %t-Memcmp64BytesTest
 RUN: not %run %t-Memcmp64BytesTest-seed=1 -runs=100   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/Memcmp64BytesTest.cpp -o %t-NoAsanMemcmp64BytesTest
+RUN: not %run %t-NoAsanMemcmp64BytesTest  -seed=1 -runs=100   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp.test
===
--- compiler-rt/test/fuzzer/memcmp.test
+++ compiler-rt/test/fuzzer/memcmp.test
@@ -1,4 +1,12 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest
 RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp -o %t-NoAsanMemcmpTest
+RUN: not %run %t-NoAsanMemcmpTest -seed=1 -runs=1000   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=all -fno-builtin %S/CustomAllocator.cpp -fPIC %ld_flags_rpath_so1 -O0 -shared -o %dynamiclib1
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp %ld_flags_rpath_exe1 -o %t-NoAsanCustomAllocatorMemcmpTest
+RUN: not %run %t-NoAsanCustomAllocatorMemcmpTest-seed=1 -runs=1000   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index: compiler-rt/test/fuzzer/custom-allocator.test

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-17 Thread Dokyung Song via Phabricator via cfe-commits

dokyungs updated this revision to Diff 278923.
dokyungs added a comment.

Addressed comments.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494

Files:
  clang/include/clang/Driver/SanitizerArgs.h
  clang/lib/Driver/SanitizerArgs.cpp
  clang/lib/Driver/ToolChains/CommonArgs.cpp
  compiler-rt/lib/fuzzer/CMakeLists.txt
  compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
  compiler-rt/test/fuzzer/CustomAllocator.cpp
  compiler-rt/test/fuzzer/CustomAllocatorTest.cpp
  compiler-rt/test/fuzzer/custom-allocator.test
  compiler-rt/test/fuzzer/memcmp.test
  compiler-rt/test/fuzzer/memcmp64.test
  compiler-rt/test/fuzzer/strcmp.test
  compiler-rt/test/fuzzer/strncmp.test
  compiler-rt/test/fuzzer/strstr.test

Index: compiler-rt/test/fuzzer/strstr.test
===
--- compiler-rt/test/fuzzer/strstr.test
+++ compiler-rt/test/fuzzer/strstr.test
@@ -1,5 +1,12 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-StrstrTest
 RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strstr %S/StrstrTest.cpp -o %t-NoAsanStrstrTest
+RUN: not %run %t-NoAsanStrstrTest -seed=1 -runs=200   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=all -fno-builtin %S/CustomAllocator.cpp -fPIC %ld_flags_rpath_so1 -O0 -shared -o %dynamiclib1
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strstr %S/StrstrTest.cpp %ld_flags_rpath_exe1 -o %t-NoAsanCustomAllocatorStrstrTest
+RUN: not %run %t-NoAsanCustomAllocatorStrstrTest-seed=1 -runs=200   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/strncmp.test
===
--- compiler-rt/test/fuzzer/strncmp.test
+++ compiler-rt/test/fuzzer/strncmp.test
@@ -1,5 +1,12 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-StrncmpTest
 RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strncmp %S/StrncmpTest.cpp -o %t-NoAsanStrncmpTest
+RUN: not %run %t-NoAsanStrncmpTest-seed=2 -runs=1000   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=all -fno-builtin %S/CustomAllocator.cpp -fPIC %ld_flags_rpath_so1 -O0 -shared -o %dynamiclib1
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strncmp %S/StrncmpTest.cpp %ld_flags_rpath_exe1 -o %t-NoAsanCustomAllocatorStrncmpTest
+RUN: not %run %t-NoAsanCustomAllocatorStrncmpTest-seed=2 -runs=1000   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/strcmp.test
===
--- compiler-rt/test/fuzzer/strcmp.test
+++ compiler-rt/test/fuzzer/strcmp.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-StrcmpTest
 RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strcmp %S/StrcmpTest.cpp -o %t-NoAsanStrcmpTest
+RUN: not %run %t-NoAsanStrcmpTest -seed=1 -runs=200   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp64.test
===
--- compiler-rt/test/fuzzer/memcmp64.test
+++ compiler-rt/test/fuzzer/memcmp64.test
@@ -1,4 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/Memcmp64BytesTest.cpp -o %t-Memcmp64BytesTest
 RUN: not %run %t-Memcmp64BytesTest-seed=1 -runs=100   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/Memcmp64BytesTest.cpp -o %t-NoAsanMemcmp64BytesTest
+RUN: not %run %t-NoAsanMemcmp64BytesTest  -seed=1 -runs=100   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp.test
===
--- compiler-rt/test/fuzzer/memcmp.test
+++ compiler-rt/test/fuzzer/memcmp.test
@@ -1,4 +1,12 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest
 RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp -o %t-NoAsanMemcmpTest
+RUN: not %run %t-NoAsanMemcmpTest -seed=1 -runs=1000   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=all -fno-builtin %S/CustomAllocator.cpp -fPIC %ld_flags_rpath_so1 -O0 -shared -o %dynamiclib1
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp %ld_flags_rpath_exe1 -o %t-NoAsanCustomAllocatorMemcmpTest
+RUN: not %run %t-NoAsanCustomAllocatorMemcmpTest-seed=1 -runs=1000   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index: compiler-rt/test/fuzzer/custom-allocator.test

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-17 Thread Matt Morehouse via Phabricator via cfe-commits

morehouse added inline comments.



Comment at: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:62
+
+static int internal_strncmp(const char *s1, const char *s2, uintptr_t n) {
+  for (uintptr_t i = 0; i < n; i++) {

Can we use `size_t` instead of `uintptr_t`?



Comment at: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:77
+static int internal_memcmp(const void *s1, const void *s2, uintptr_t n) {
+  const char *t1 = (const char *)s1;
+  const char *t2 = (const char *)s2;

Can we use `uint8_t` and `static_cast`?



Comment at: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:119
+return internal_memcmp(s1, s2, n);
+  ensureFuzzerInited();
+  int result = REAL(memcmp)(s1, s2, n);

I think `ensureFuzzerInited` is no longer useful here.



Comment at: compiler-rt/test/fuzzer/CustomAllocatorTest.cpp:15
+  return 0;
+}

Do we need this file?  Can we use `EmptyTest.cpp` instead?



Comment at: compiler-rt/test/fuzzer/custom-allocator.test:2
+UNSUPPORTED: freebsd
+RUN: %cpp_compiler -fno-sanitize=all -fno-builtin %S/CustomAllocator.cpp -fPIC 
%ld_flags_rpath_so1 -O0 -shared -o %dynamiclib1
+RUN: %cpp_compiler -fno-sanitize=address %S/CustomAllocatorTest.cpp 
%ld_flags_rpath_exe1 -o %t-NoAsanCustomAllocatorTest

Why do we need each of these flags?



Comment at: compiler-rt/test/fuzzer/memcmp.test:9
+RUN: %cpp_compiler -fno-sanitize=all -fno-builtin %S/CustomAllocator.cpp -fPIC 
%ld_flags_rpath_so1 -O0 -shared -o %dynamiclib1
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp 
%ld_flags_rpath_exe1 -o %t-NoAsanCustomAllocatorMemcmpTest
+RUN: not %run %t-NoAsanCustomAllocatorMemcmpTest-seed=1 -runs=1000 
  2>&1 | FileCheck %s

Why is the custom allocator test here useful?


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-17 Thread Dokyung Song via Phabricator via cfe-commits

dokyungs updated this revision to Diff 278892.
dokyungs added a comment.

Introduce internal_(memcmp|strncmp|strstr) and use them before interceptors are 
fully initialized.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494

Files:
  clang/include/clang/Driver/SanitizerArgs.h
  clang/lib/Driver/SanitizerArgs.cpp
  clang/lib/Driver/ToolChains/CommonArgs.cpp
  compiler-rt/lib/fuzzer/CMakeLists.txt
  compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
  compiler-rt/test/fuzzer/CustomAllocator.cpp
  compiler-rt/test/fuzzer/CustomAllocatorTest.cpp
  compiler-rt/test/fuzzer/custom-allocator.test
  compiler-rt/test/fuzzer/memcmp.test
  compiler-rt/test/fuzzer/memcmp64.test
  compiler-rt/test/fuzzer/strcmp.test
  compiler-rt/test/fuzzer/strncmp.test
  compiler-rt/test/fuzzer/strstr.test

Index: compiler-rt/test/fuzzer/strstr.test
===
--- compiler-rt/test/fuzzer/strstr.test
+++ compiler-rt/test/fuzzer/strstr.test
@@ -1,5 +1,12 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-StrstrTest
 RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strstr %S/StrstrTest.cpp -o %t-NoAsanStrstrTest
+RUN: not %run %t-NoAsanStrstrTest -seed=1 -runs=200   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=all -fno-builtin %S/CustomAllocator.cpp -fPIC %ld_flags_rpath_so1 -O0 -shared -o %dynamiclib1
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strstr %S/StrstrTest.cpp %ld_flags_rpath_exe1 -o %t-NoAsanCustomAllocatorStrstrTest
+RUN: not %run %t-NoAsanCustomAllocatorStrstrTest-seed=1 -runs=1000   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/strncmp.test
===
--- compiler-rt/test/fuzzer/strncmp.test
+++ compiler-rt/test/fuzzer/strncmp.test
@@ -1,5 +1,12 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-StrncmpTest
 RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strncmp %S/StrncmpTest.cpp -o %t-NoAsanStrncmpTest
+RUN: not %run %t-NoAsanStrncmpTest-seed=2 -runs=1000   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=all -fno-builtin %S/CustomAllocator.cpp -fPIC %ld_flags_rpath_so1 -O0 -shared -o %dynamiclib1
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strncmp %S/StrncmpTest.cpp %ld_flags_rpath_exe1 -o %t-NoAsanCustomAllocatorStrncmpTest
+RUN: not %run %t-NoAsanCustomAllocatorStrncmpTest-seed=2 -runs=1000   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/strcmp.test
===
--- compiler-rt/test/fuzzer/strcmp.test
+++ compiler-rt/test/fuzzer/strcmp.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-StrcmpTest
 RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strcmp %S/StrcmpTest.cpp -o %t-NoAsanStrcmpTest
+RUN: not %run %t-NoAsanStrcmpTest -seed=1 -runs=200   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp64.test
===
--- compiler-rt/test/fuzzer/memcmp64.test
+++ compiler-rt/test/fuzzer/memcmp64.test
@@ -1,4 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/Memcmp64BytesTest.cpp -o %t-Memcmp64BytesTest
 RUN: not %run %t-Memcmp64BytesTest-seed=1 -runs=100   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/Memcmp64BytesTest.cpp -o %t-NoAsanMemcmp64BytesTest
+RUN: not %run %t-NoAsanMemcmp64BytesTest  -seed=1 -runs=100   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp.test
===
--- compiler-rt/test/fuzzer/memcmp.test
+++ compiler-rt/test/fuzzer/memcmp.test
@@ -1,4 +1,12 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest
 RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp -o %t-NoAsanMemcmpTest
+RUN: not %run %t-NoAsanMemcmpTest -seed=1 -runs=1000   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=all -fno-builtin %S/CustomAllocator.cpp -fPIC %ld_flags_rpath_so1 -O0 -shared -o %dynamiclib1
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp %ld_flags_rpath_exe1 -o %t-NoAsanCustomAllocatorMemcmpTest
+RUN: not %run %t-NoAsanCustomAllocatorMemcmpTest-seed=1 -runs=1000   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index:

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-16 Thread Matt Morehouse via Phabricator via cfe-commits

This revision was automatically updated to reflect the committed changes.
Closed by commit rGf78d9fceea73: [libFuzzer] Link libFuzzers own 
interceptors when other compiler runtimes are… (authored by dokyungs, committed 
by morehouse).

Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494

Files:
  clang/include/clang/Driver/SanitizerArgs.h
  clang/lib/Driver/SanitizerArgs.cpp
  clang/lib/Driver/ToolChains/CommonArgs.cpp
  compiler-rt/lib/fuzzer/CMakeLists.txt
  compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
  compiler-rt/test/fuzzer/memcmp.test
  compiler-rt/test/fuzzer/memcmp64.test
  compiler-rt/test/fuzzer/strcmp.test
  compiler-rt/test/fuzzer/strncmp.test
  compiler-rt/test/fuzzer/strstr.test

Index: compiler-rt/test/fuzzer/strstr.test
===
--- compiler-rt/test/fuzzer/strstr.test
+++ compiler-rt/test/fuzzer/strstr.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-StrstrTest
 RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strstr %S/StrstrTest.cpp -o %t-NoAsanStrstrTest
+RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/strncmp.test
===
--- compiler-rt/test/fuzzer/strncmp.test
+++ compiler-rt/test/fuzzer/strncmp.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-StrncmpTest
 RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strncmp %S/StrncmpTest.cpp -o %t-NoAsanStrncmpTest
+RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/strcmp.test
===
--- compiler-rt/test/fuzzer/strcmp.test
+++ compiler-rt/test/fuzzer/strcmp.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-StrcmpTest
 RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strcmp %S/StrcmpTest.cpp -o %t-NoAsanStrcmpTest
+RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp64.test
===
--- compiler-rt/test/fuzzer/memcmp64.test
+++ compiler-rt/test/fuzzer/memcmp64.test
@@ -1,4 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/Memcmp64BytesTest.cpp -o %t-Memcmp64BytesTest
 RUN: not %run %t-Memcmp64BytesTest-seed=1 -runs=100   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/Memcmp64BytesTest.cpp -o %t-NoAsanMemcmp64BytesTest
+RUN: not %run %t-Memcmp64BytesTest-seed=1 -runs=100   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp.test
===
--- compiler-rt/test/fuzzer/memcmp.test
+++ compiler-rt/test/fuzzer/memcmp.test
@@ -1,4 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest
 RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp -o %t-NoAsanMemcmpTest
+RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
===
--- /dev/null
+++ compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
@@ -0,0 +1,170 @@
+//===-- FuzzerInterceptors.cpp ===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+// Intercept certain libc functions to aid fuzzing.
+// Linked only when other RTs that define their own interceptors are not linked.
+//===--===//
+
+#include "FuzzerPlatform.h"
+
+#if LIBFUZZER_LINUX
+
+#define GET_CALLER_PC() __builtin_return_address(0)
+
+#define PTR_TO_REAL(x) real_##x
+#define REAL(x) __interception::PTR_TO_REAL(x)
+#define FUNC_TYPE(x) x##_type
+#define DEFINE_REAL(ret_type, func, ...)   \
+  typedef ret_type (*FUNC_TYPE(func))(__VA_ARGS__);\
+  namespace __interception {

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-16 Thread Dokyung Song via Phabricator via cfe-commits

dokyungs updated this revision to Diff 278589.
dokyungs added a comment.

Addressed comments.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494

Files:
  clang/include/clang/Driver/SanitizerArgs.h
  clang/lib/Driver/SanitizerArgs.cpp
  clang/lib/Driver/ToolChains/CommonArgs.cpp
  compiler-rt/lib/fuzzer/CMakeLists.txt
  compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
  compiler-rt/test/fuzzer/memcmp.test
  compiler-rt/test/fuzzer/memcmp64.test
  compiler-rt/test/fuzzer/strcmp.test
  compiler-rt/test/fuzzer/strncmp.test
  compiler-rt/test/fuzzer/strstr.test

Index: compiler-rt/test/fuzzer/strstr.test
===
--- compiler-rt/test/fuzzer/strstr.test
+++ compiler-rt/test/fuzzer/strstr.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-StrstrTest
 RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strstr %S/StrstrTest.cpp -o %t-NoAsanStrstrTest
+RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/strncmp.test
===
--- compiler-rt/test/fuzzer/strncmp.test
+++ compiler-rt/test/fuzzer/strncmp.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-StrncmpTest
 RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strncmp %S/StrncmpTest.cpp -o %t-NoAsanStrncmpTest
+RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/strcmp.test
===
--- compiler-rt/test/fuzzer/strcmp.test
+++ compiler-rt/test/fuzzer/strcmp.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-StrcmpTest
 RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strcmp %S/StrcmpTest.cpp -o %t-NoAsanStrcmpTest
+RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp64.test
===
--- compiler-rt/test/fuzzer/memcmp64.test
+++ compiler-rt/test/fuzzer/memcmp64.test
@@ -1,4 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/Memcmp64BytesTest.cpp -o %t-Memcmp64BytesTest
 RUN: not %run %t-Memcmp64BytesTest-seed=1 -runs=100   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/Memcmp64BytesTest.cpp -o %t-NoAsanMemcmp64BytesTest
+RUN: not %run %t-Memcmp64BytesTest-seed=1 -runs=100   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp.test
===
--- compiler-rt/test/fuzzer/memcmp.test
+++ compiler-rt/test/fuzzer/memcmp.test
@@ -1,4 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest
 RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp -o %t-NoAsanMemcmpTest
+RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
===
--- /dev/null
+++ compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
@@ -0,0 +1,170 @@
+//===-- FuzzerInterceptors.cpp ===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+// Intercept certain libc functions to aid fuzzing.
+// Linked only when other RTs that define their own interceptors are not linked.
+//===--===//
+
+#include "FuzzerPlatform.h"
+
+#if LIBFUZZER_LINUX
+
+#define GET_CALLER_PC() __builtin_return_address(0)
+
+#define PTR_TO_REAL(x) real_##x
+#define REAL(x) __interception::PTR_TO_REAL(x)
+#define FUNC_TYPE(x) x##_type
+#define DEFINE_REAL(ret_type, func, ...)   \
+  typedef ret_type (*FUNC_TYPE(func))(__VA_ARGS__);\
+  namespace __interception {   \
+  FUNC_TYPE(func) PTR_TO_REAL(func);   \
+  }
+
+#include

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-16 Thread Matt Morehouse via Phabricator via cfe-commits

morehouse added inline comments.



Comment at: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:51
+static int fuzzerInited = 0;
+static bool fuzzerInitIsRunning;
+

Sorry, one last nit:

If we're preferring LLVM style, let's 
[capitalize](https://llvm.org/docs/CodingStandards.html#name-types-functions-variables-and-enumerators-properly)
 variable names.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-16 Thread Dokyung Song via Phabricator via cfe-commits

dokyungs updated this revision to Diff 278565.
dokyungs added a comment.

Addressed comments.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494

Files:
  clang/include/clang/Driver/SanitizerArgs.h
  clang/lib/Driver/SanitizerArgs.cpp
  clang/lib/Driver/ToolChains/CommonArgs.cpp
  compiler-rt/lib/fuzzer/CMakeLists.txt
  compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
  compiler-rt/test/fuzzer/memcmp.test
  compiler-rt/test/fuzzer/memcmp64.test
  compiler-rt/test/fuzzer/strcmp.test
  compiler-rt/test/fuzzer/strncmp.test
  compiler-rt/test/fuzzer/strstr.test

Index: compiler-rt/test/fuzzer/strstr.test
===
--- compiler-rt/test/fuzzer/strstr.test
+++ compiler-rt/test/fuzzer/strstr.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-StrstrTest
 RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strstr %S/StrstrTest.cpp -o %t-NoAsanStrstrTest
+RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/strncmp.test
===
--- compiler-rt/test/fuzzer/strncmp.test
+++ compiler-rt/test/fuzzer/strncmp.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-StrncmpTest
 RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strncmp %S/StrncmpTest.cpp -o %t-NoAsanStrncmpTest
+RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/strcmp.test
===
--- compiler-rt/test/fuzzer/strcmp.test
+++ compiler-rt/test/fuzzer/strcmp.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-StrcmpTest
 RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strcmp %S/StrcmpTest.cpp -o %t-NoAsanStrcmpTest
+RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp64.test
===
--- compiler-rt/test/fuzzer/memcmp64.test
+++ compiler-rt/test/fuzzer/memcmp64.test
@@ -1,4 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/Memcmp64BytesTest.cpp -o %t-Memcmp64BytesTest
 RUN: not %run %t-Memcmp64BytesTest-seed=1 -runs=100   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/Memcmp64BytesTest.cpp -o %t-NoAsanMemcmp64BytesTest
+RUN: not %run %t-Memcmp64BytesTest-seed=1 -runs=100   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp.test
===
--- compiler-rt/test/fuzzer/memcmp.test
+++ compiler-rt/test/fuzzer/memcmp.test
@@ -1,4 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest
 RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp -o %t-NoAsanMemcmpTest
+RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
===
--- /dev/null
+++ compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
@@ -0,0 +1,170 @@
+//===-- FuzzerInterceptors.cpp ===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+// Intercept certain libc functions to aid fuzzing.
+// Linked only when other RTs that define their own interceptors are not linked.
+//===--===//
+
+#include "FuzzerPlatform.h"
+
+#if LIBFUZZER_LINUX
+
+#define GET_CALLER_PC() __builtin_return_address(0)
+
+#define PTR_TO_REAL(x) real_##x
+#define REAL(x) __interception::PTR_TO_REAL(x)
+#define FUNC_TYPE(x) x##_type
+#define DEFINE_REAL(ret_type, func, ...)   \
+  typedef ret_type (*FUNC_TYPE(func))(__VA_ARGS__);\
+  namespace __interception {   \
+  FUNC_TYPE(func) PTR_TO_REAL(func);   \
+  }
+
+#include

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-16 Thread Matt Morehouse via Phabricator via cfe-commits

morehouse added inline comments.



Comment at: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:17
+
+#define GET_CALLER_PC() __builtin_return_address(0)
+

Nit: Let's move this down with the other defines.



Comment at: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:30
+
+#include  // for dlsym()
+

Nit:  Can we move the other includes down by this one?


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-16 Thread Matt Morehouse via Phabricator via cfe-commits

morehouse added inline comments.



Comment at: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:53
+int fuzzer_inited = 0;
+bool fuzzer_init_is_running;
+

These are in the global namespace, and have C mangling, which is unnecessary.  
Please either put them in a namespace or make them static.



Comment at: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:55
+
+static void __fuzzer_init();
+

This also doesn't need C mangling.



Comment at: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:63
+}  
\
+  } while (0)
+

Let's prefer a function rather than a macro for this.



Comment at: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:143
+return;
+  fuzzer_init_is_running = 1;
+

Let's use true/false rather than 1/0 for bools.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-15 Thread Dokyung Song via Phabricator via cfe-commits

dokyungs updated this revision to Diff 278341.
dokyungs added a comment.

Ensure the fuzzer RT module is initialized at the beginning of the interceptors.

Interceptors can be called before __fuzzer_init is called. So I added a check 
at the beginning of the interceptors, which ensures that __fuzzer_init has been 
called before proceeding.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494

Files:
  clang/include/clang/Driver/SanitizerArgs.h
  clang/lib/Driver/SanitizerArgs.cpp
  clang/lib/Driver/ToolChains/CommonArgs.cpp
  compiler-rt/lib/fuzzer/CMakeLists.txt
  compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
  compiler-rt/test/fuzzer/memcmp.test
  compiler-rt/test/fuzzer/memcmp64.test
  compiler-rt/test/fuzzer/strcmp.test
  compiler-rt/test/fuzzer/strncmp.test
  compiler-rt/test/fuzzer/strstr.test

Index: compiler-rt/test/fuzzer/strstr.test
===
--- compiler-rt/test/fuzzer/strstr.test
+++ compiler-rt/test/fuzzer/strstr.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-StrstrTest
 RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strstr %S/StrstrTest.cpp -o %t-NoAsanStrstrTest
+RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/strncmp.test
===
--- compiler-rt/test/fuzzer/strncmp.test
+++ compiler-rt/test/fuzzer/strncmp.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-StrncmpTest
 RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strncmp %S/StrncmpTest.cpp -o %t-NoAsanStrncmpTest
+RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/strcmp.test
===
--- compiler-rt/test/fuzzer/strcmp.test
+++ compiler-rt/test/fuzzer/strcmp.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-StrcmpTest
 RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strcmp %S/StrcmpTest.cpp -o %t-NoAsanStrcmpTest
+RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp64.test
===
--- compiler-rt/test/fuzzer/memcmp64.test
+++ compiler-rt/test/fuzzer/memcmp64.test
@@ -1,4 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/Memcmp64BytesTest.cpp -o %t-Memcmp64BytesTest
 RUN: not %run %t-Memcmp64BytesTest-seed=1 -runs=100   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/Memcmp64BytesTest.cpp -o %t-NoAsanMemcmp64BytesTest
+RUN: not %run %t-Memcmp64BytesTest-seed=1 -runs=100   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp.test
===
--- compiler-rt/test/fuzzer/memcmp.test
+++ compiler-rt/test/fuzzer/memcmp.test
@@ -1,4 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest
 RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp -o %t-NoAsanMemcmpTest
+RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
===
--- /dev/null
+++ compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
@@ -0,0 +1,171 @@
+//===-- FuzzerInterceptors.cpp ===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+// Intercept certain libc functions to aid fuzzing.
+// Linked only when other RTs that define their own interceptors are not linked.
+//===--===//
+
+#include "FuzzerPlatform.h"
+#include 
+#include 
+#include 
+
+#define GET_CALLER_PC() __builtin_return_address(0)
+
+#if LIBFUZZER_LINUX
+
+#define PTR_TO_REAL(x) real_##x
+#define REAL(x) __interception::PTR_TO_REAL(x)
+#define FUNC_TYPE(x) x##_type
+#define DEFINE_REAL(ret_type, func, ...)

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-15 Thread Matt Morehouse via Phabricator via cfe-commits

morehouse added a comment.

I applied this patch locally and ran the fuzzer tests.  I get a segfault:

  $ clang++ -fsanitize=fuzzer -g -m32 SimpleHashTest.cpp
  $ gdb --args ./a.out -seed=1
  ...
  (gdb) run
  ...
  Program received signal SIGSEGV, Segmentation fault. 
  0x in ?? ()
  (gdb) bt
  #0  0x in ?? ()
  #1  0x080800b5 in strstr () at 
/usr/local/google/home/mascasa/code/llvm-project/compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:96
  #2  0xf7cc7bf5 in __pthread_initialize_minimal () from 
/lib/i386-linux-gnu/libpthread.so.0
  #3  0xf7cc7014 in _init () from /lib/i386-linux-gnu/libpthread.so.0
  #4  0x0055 in ?? ()
  #5  0xf7fcc6a0 in ?? ()

It looks like the `REAL(strstr)` isn't set up before it's called.  Could you 
please take a look?


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-14 Thread Mitch Phillips via Phabricator via cfe-commits

hctim accepted this revision.
hctim marked an inline comment as done.
hctim added a comment.

LGTM




Comment at: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:52
+// NOLINTNEXTLINE
+void __sanitizer_weak_hook_memcmp(void *, const void *, const void *, size_t,
+  int);

hctim wrote:
> Why not `#include ` (and below)?
The comment above is obsolete - please mark as done before closing out the 
patch.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-14 Thread Matt Morehouse via Phabricator via cfe-commits

morehouse accepted this revision.
morehouse added a comment.
This revision is now accepted and ready to land.

LGTM


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-14 Thread Dokyung Song via Phabricator via cfe-commits

dokyungs updated this revision to Diff 277996.
dokyungs added a comment.

Addressed comments.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494

Files:
  clang/include/clang/Driver/SanitizerArgs.h
  clang/lib/Driver/SanitizerArgs.cpp
  clang/lib/Driver/ToolChains/CommonArgs.cpp
  compiler-rt/lib/fuzzer/CMakeLists.txt
  compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
  compiler-rt/test/fuzzer/memcmp.test
  compiler-rt/test/fuzzer/memcmp64.test
  compiler-rt/test/fuzzer/strcmp.test
  compiler-rt/test/fuzzer/strncmp.test
  compiler-rt/test/fuzzer/strstr.test

Index: compiler-rt/test/fuzzer/strstr.test
===
--- compiler-rt/test/fuzzer/strstr.test
+++ compiler-rt/test/fuzzer/strstr.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-StrstrTest
 RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strstr %S/StrstrTest.cpp -o %t-NoAsanStrstrTest
+RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/strncmp.test
===
--- compiler-rt/test/fuzzer/strncmp.test
+++ compiler-rt/test/fuzzer/strncmp.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-StrncmpTest
 RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strncmp %S/StrncmpTest.cpp -o %t-NoAsanStrncmpTest
+RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/strcmp.test
===
--- compiler-rt/test/fuzzer/strcmp.test
+++ compiler-rt/test/fuzzer/strcmp.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-StrcmpTest
 RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strcmp %S/StrcmpTest.cpp -o %t-NoAsanStrcmpTest
+RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp64.test
===
--- compiler-rt/test/fuzzer/memcmp64.test
+++ compiler-rt/test/fuzzer/memcmp64.test
@@ -1,4 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/Memcmp64BytesTest.cpp -o %t-Memcmp64BytesTest
 RUN: not %run %t-Memcmp64BytesTest-seed=1 -runs=100   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/Memcmp64BytesTest.cpp -o %t-NoAsanMemcmp64BytesTest
+RUN: not %run %t-Memcmp64BytesTest-seed=1 -runs=100   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp.test
===
--- compiler-rt/test/fuzzer/memcmp.test
+++ compiler-rt/test/fuzzer/memcmp.test
@@ -1,4 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest
 RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp -o %t-NoAsanMemcmpTest
+RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
===
--- /dev/null
+++ compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
@@ -0,0 +1,141 @@
+//===-- FuzzerInterceptors.cpp ===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+// Intercept certain libc functions to aid fuzzing.
+// Linked only when other RTs that define their own interceptors are not linked.
+//===--===//
+
+#include "FuzzerPlatform.h"
+#include 
+#include 
+
+#define GET_CALLER_PC() __builtin_return_address(0)
+
+#if LIBFUZZER_LINUX
+
+#define PTR_TO_REAL(x) real_##x
+#define REAL(x) __interception::PTR_TO_REAL(x)
+#define FUNC_TYPE(x) x##_type
+#define DEFINE_REAL(ret_type, func, ...)   \
+  typedef ret_type (*FUNC_TYPE(func))(__VA_ARGS__);\
+  namespace __interception {   \
+  FUNC_TYPE(func) PTR_TO_REAL(func);

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-14 Thread Dokyung Song via Phabricator via cfe-commits

dokyungs updated this revision to Diff 277904.
dokyungs marked 5 inline comments as done.
dokyungs added a comment.

Use one CHECK for two subtests


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494

Files:
  clang/include/clang/Driver/SanitizerArgs.h
  clang/lib/Driver/SanitizerArgs.cpp
  clang/lib/Driver/ToolChains/CommonArgs.cpp
  compiler-rt/lib/fuzzer/CMakeLists.txt
  compiler-rt/lib/fuzzer/FuzzerDefs.h
  compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
  compiler-rt/lib/fuzzer/FuzzerPlatform.h
  compiler-rt/test/fuzzer/memcmp.test
  compiler-rt/test/fuzzer/memcmp64.test
  compiler-rt/test/fuzzer/strcmp.test
  compiler-rt/test/fuzzer/strncmp.test
  compiler-rt/test/fuzzer/strstr.test

Index: compiler-rt/test/fuzzer/strstr.test
===
--- compiler-rt/test/fuzzer/strstr.test
+++ compiler-rt/test/fuzzer/strstr.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-StrstrTest
 RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strstr %S/StrstrTest.cpp -o %t-NoAsanStrstrTest
+RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/strncmp.test
===
--- compiler-rt/test/fuzzer/strncmp.test
+++ compiler-rt/test/fuzzer/strncmp.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-StrncmpTest
 RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strncmp %S/StrncmpTest.cpp -o %t-NoAsanStrncmpTest
+RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/strcmp.test
===
--- compiler-rt/test/fuzzer/strcmp.test
+++ compiler-rt/test/fuzzer/strcmp.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-StrcmpTest
 RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strcmp %S/StrcmpTest.cpp -o %t-NoAsanStrcmpTest
+RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp64.test
===
--- compiler-rt/test/fuzzer/memcmp64.test
+++ compiler-rt/test/fuzzer/memcmp64.test
@@ -1,4 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/Memcmp64BytesTest.cpp -o %t-Memcmp64BytesTest
 RUN: not %run %t-Memcmp64BytesTest-seed=1 -runs=100   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/Memcmp64BytesTest.cpp -o %t-NoAsanMemcmp64BytesTest
+RUN: not %run %t-Memcmp64BytesTest-seed=1 -runs=100   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp.test
===
--- compiler-rt/test/fuzzer/memcmp.test
+++ compiler-rt/test/fuzzer/memcmp.test
@@ -1,4 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest
 RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp -o %t-NoAsanMemcmpTest
+RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index: compiler-rt/lib/fuzzer/FuzzerPlatform.h
===
--- compiler-rt/lib/fuzzer/FuzzerPlatform.h
+++ compiler-rt/lib/fuzzer/FuzzerPlatform.h
@@ -1,25 +1,15 @@
-//===- FuzzerDefs.h - Internal header for the Fuzzer *- C++ -* ===//
+//===-- FuzzerPlatform.h --===//
 //
 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
 // See https://llvm.org/LICENSE.txt for license information.
 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 //
 //===--===//
-// Basic definitions.
+// Common platform macros.
 //===--===//
 
-#ifndef LLVM_FUZZER_DEFS_H
-#define LLVM_FUZZER_DEFS_H
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
+#ifndef LLVM_FUZZER_PLATFORM_H
+#define LLVM_FUZZER_PLATFORM_H
 
 // Platform detection.
 #ifdef __linux__
@@ -106,7 +96,7 @@
 #endif
 
 #ifndef __has_attribute
-#  define __has_attribute(x) 0
+#define __has_attribute(x) 0
 #endif
 
 #define LIBFUZZER_POSIX

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-14 Thread Matt Morehouse via Phabricator via cfe-commits

morehouse added a comment.

In D83494#2150946 , @dokyungs wrote:

> I was misled; the error is actually ambiguating new "declarations", not 
> definitions. The exact error message goes like:
>
>   error: ambiguating new declaration of ‘char* strcasestr(const char*, const 
> char*)’
> 104 | ATTRIBUTE_INTERFACE char *strcasestr(const char *s1, const char 
> *s2) {
> |   ^~
>   In file included from include/c++/v1/string.h:60,
>from include/c++/v1/cstring:60,
>from include/c++/v1/algorithm:641,
>from include/c++/v1/__string:57,
>from include/c++/v1/string_view:175,
>from include/c++/v1/string:506,
>from FuzzerInterceptors.cpp:14:
>   /usr/include/string.h:356:26: note: old declaration ‘const char* 
> strcasestr(const char*, const char*)’
> 356 | extern "C++" const char *strcasestr (const char *__haystack,
> |  ^~
>
>
> C++'s declarations of strstr/strcasestr each have two different versions 
> (const v. non const), and neither of them matches C's strstr/strcasestr 
> declarations. So I could either (i) make libFuzzer's declarations of 
> strstr/strcasestr match one of C++ versions (for this reason there was 
> "extern C++ ..."), or (ii) make them match C declarations of 
> strstr/strcasestr and remove C++ declarations by not including string.h. I 
> realized that (ii) is a simpler solution, so I changed the code that way.


Got it.  We only need to intercept the libc version of `strstr`.  We don't care 
about libc++ since that one just forwards to libc.  So I think this is the 
right approach.




Comment at: compiler-rt/lib/fuzzer/FuzzerDefs.h:23
 
-
-// Platform detection.
-#ifdef __linux__
-#define LIBFUZZER_APPLE 0
-#define LIBFUZZER_FUCHSIA 0
-#define LIBFUZZER_LINUX 1
-#define LIBFUZZER_NETBSD 0
-#define LIBFUZZER_FREEBSD 0
-#define LIBFUZZER_OPENBSD 0
-#define LIBFUZZER_WINDOWS 0
-#define LIBFUZZER_EMSCRIPTEN 0
-#elif __APPLE__
-#define LIBFUZZER_APPLE 1
-#define LIBFUZZER_FUCHSIA 0
-#define LIBFUZZER_LINUX 0
-#define LIBFUZZER_NETBSD 0
-#define LIBFUZZER_FREEBSD 0
-#define LIBFUZZER_OPENBSD 0
-#define LIBFUZZER_WINDOWS 0
-#define LIBFUZZER_EMSCRIPTEN 0
-#elif __NetBSD__
-#define LIBFUZZER_APPLE 0
-#define LIBFUZZER_FUCHSIA 0
-#define LIBFUZZER_LINUX 0
-#define LIBFUZZER_NETBSD 1
-#define LIBFUZZER_FREEBSD 0
-#define LIBFUZZER_OPENBSD 0
-#define LIBFUZZER_WINDOWS 0
-#define LIBFUZZER_EMSCRIPTEN 0
-#elif __FreeBSD__
-#define LIBFUZZER_APPLE 0
-#define LIBFUZZER_FUCHSIA 0
-#define LIBFUZZER_LINUX 0
-#define LIBFUZZER_NETBSD 0
-#define LIBFUZZER_FREEBSD 1
-#define LIBFUZZER_OPENBSD 0
-#define LIBFUZZER_WINDOWS 0
-#define LIBFUZZER_EMSCRIPTEN 0
-#elif __OpenBSD__
-#define LIBFUZZER_APPLE 0
-#define LIBFUZZER_FUCHSIA 0
-#define LIBFUZZER_LINUX 0
-#define LIBFUZZER_NETBSD 0
-#define LIBFUZZER_FREEBSD 0
-#define LIBFUZZER_OPENBSD 1
-#define LIBFUZZER_WINDOWS 0
-#define LIBFUZZER_EMSCRIPTEN 0
-#elif _WIN32
-#define LIBFUZZER_APPLE 0
-#define LIBFUZZER_FUCHSIA 0
-#define LIBFUZZER_LINUX 0
-#define LIBFUZZER_NETBSD 0
-#define LIBFUZZER_FREEBSD 0
-#define LIBFUZZER_OPENBSD 0
-#define LIBFUZZER_WINDOWS 1
-#define LIBFUZZER_EMSCRIPTEN 0
-#elif __Fuchsia__
-#define LIBFUZZER_APPLE 0
-#define LIBFUZZER_FUCHSIA 1
-#define LIBFUZZER_LINUX 0
-#define LIBFUZZER_NETBSD 0
-#define LIBFUZZER_FREEBSD 0
-#define LIBFUZZER_OPENBSD 0
-#define LIBFUZZER_WINDOWS 0
-#define LIBFUZZER_EMSCRIPTEN 0
-#elif __EMSCRIPTEN__
-#define LIBFUZZER_APPLE 0
-#define LIBFUZZER_FUCHSIA 0
-#define LIBFUZZER_LINUX 0
-#define LIBFUZZER_NETBSD 0
-#define LIBFUZZER_FREEBSD 0
-#define LIBFUZZER_OPENBSD 0
-#define LIBFUZZER_WINDOWS 0
-#define LIBFUZZER_EMSCRIPTEN 1
-#else
-#error "Support for your platform has not been implemented"
-#endif
-
-#if defined(_MSC_VER) && !defined(__clang__)
-// MSVC compiler is being used.
-#define LIBFUZZER_MSVC 1
-#else
-#define LIBFUZZER_MSVC 0
-#endif
-
-#ifndef __has_attribute
-#  define __has_attribute(x) 0
-#endif
-
-#define LIBFUZZER_POSIX
\
-  (LIBFUZZER_APPLE || LIBFUZZER_LINUX || LIBFUZZER_NETBSD ||   
\
-   LIBFUZZER_FREEBSD || LIBFUZZER_OPENBSD || LIBFUZZER_EMSCRIPTEN)
-
-#ifdef __x86_64
-#  if __has_attribute(target)
-#define ATTRIBUTE_TARGET_POPCNT __attribute__((target("popcnt")))
-#  else
-#define ATTRIBUTE_TARGET_POPCNT
-#  endif
-#else
-#  define ATTRIBUTE_TARGET_POPCNT
-#endif
-
-
-#ifdef __clang__  // avoid gcc warning.
-#  if __has_attribute(no_sanitize)
-#define ATTRIBUTE_NO_SANITIZE_MEMORY __attribute__((no_sanitize("memory")))
-#  else
-#define ATTRIBUTE_NO_SANITIZE_MEMORY
-#  endif
-#  define ALWAYS_INLINE __attribute__((always_inline))
-#else
-#  define ATTRIBUTE_NO_SANITIZE_MEMORY
-#  define ALWAYS_INLINE
-#endif // __clang__
-
-#if

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-14 Thread Dokyung Song via Phabricator via cfe-commits

dokyungs updated this revision to Diff 277901.
dokyungs added a comment.

Addressed comments.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494

Files:
  clang/include/clang/Driver/SanitizerArgs.h
  clang/lib/Driver/SanitizerArgs.cpp
  clang/lib/Driver/ToolChains/CommonArgs.cpp
  compiler-rt/lib/fuzzer/CMakeLists.txt
  compiler-rt/lib/fuzzer/FuzzerDefs.h
  compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
  compiler-rt/lib/fuzzer/FuzzerPlatform.h
  compiler-rt/test/fuzzer/memcmp.test
  compiler-rt/test/fuzzer/memcmp64.test
  compiler-rt/test/fuzzer/strcmp.test
  compiler-rt/test/fuzzer/strncmp.test
  compiler-rt/test/fuzzer/strstr.test

Index: compiler-rt/test/fuzzer/strstr.test
===
--- compiler-rt/test/fuzzer/strstr.test
+++ compiler-rt/test/fuzzer/strstr.test
@@ -1,5 +1,9 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-StrstrTest
-RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
+RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s --check-prefix=CHECK1
+CHECK1: BINGO
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strstr %S/StrstrTest.cpp -o %t-NoAsanStrstrTest
+RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s --check-prefix=CHECK2
+CHECK2: BINGO
 
Index: compiler-rt/test/fuzzer/strncmp.test
===
--- compiler-rt/test/fuzzer/strncmp.test
+++ compiler-rt/test/fuzzer/strncmp.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-StrncmpTest
 RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strncmp %S/StrncmpTest.cpp -o %t-NoAsanStrncmpTest
+RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/strcmp.test
===
--- compiler-rt/test/fuzzer/strcmp.test
+++ compiler-rt/test/fuzzer/strcmp.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-StrcmpTest
 RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strcmp %S/StrcmpTest.cpp -o %t-NoAsanStrcmpTest
+RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s
+
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp64.test
===
--- compiler-rt/test/fuzzer/memcmp64.test
+++ compiler-rt/test/fuzzer/memcmp64.test
@@ -1,4 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/Memcmp64BytesTest.cpp -o %t-Memcmp64BytesTest
 RUN: not %run %t-Memcmp64BytesTest-seed=1 -runs=100   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/Memcmp64BytesTest.cpp -o %t-NoAsanMemcmp64BytesTest
+RUN: not %run %t-Memcmp64BytesTest-seed=1 -runs=100   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index: compiler-rt/test/fuzzer/memcmp.test
===
--- compiler-rt/test/fuzzer/memcmp.test
+++ compiler-rt/test/fuzzer/memcmp.test
@@ -1,4 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest
 RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp -o %t-NoAsanMemcmpTest
+RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s
+
 CHECK: BINGO
Index: compiler-rt/lib/fuzzer/FuzzerPlatform.h
===
--- compiler-rt/lib/fuzzer/FuzzerPlatform.h
+++ compiler-rt/lib/fuzzer/FuzzerPlatform.h
@@ -1,25 +1,15 @@
-//===- FuzzerDefs.h - Internal header for the Fuzzer *- C++ -* ===//
+//===-- FuzzerPlatform.h --===//
 //
 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
 // See https://llvm.org/LICENSE.txt for license information.
 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 //
 //===--===//
-// Basic definitions.
+// Common platform macros.
 //===--===//
 
-#ifndef LLVM_FUZZER_DEFS_H
-#define LLVM_FUZZER_DEFS_H
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
+#ifndef LLVM_FUZZER_PLATFORM_H
+#define LLVM_FUZZER_PLATFORM_H
 
 // Platform detection.
 #ifdef __linux__
@@ -106,7 +96,7 @@
 #endif
 
 #ifndef __has_attribute
-#  define

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-14 Thread Dokyung Song via Phabricator via cfe-commits

dokyungs added a comment.

In D83494#2150643 , @morehouse wrote:

> In D83494#2148868 , @dokyungs wrote:
>
> > Addressed Matt's comments.
> >
> > A major change in this round that needs explanation is introduction of 
> > FuzzerPlatform.h. Previously I defined `strstr` and `strcasestr` with 
> > `extern "C++"` to workaround conflicting definition errors resulting from 
> > including . But since including it is not necessary when 
> > compiling this interceptor module, this patch now separates out platform 
> > related macros from FuzzerDef.h into FuzzerPlatform.h, and the module 
> > includes FuzzerPlatform.h, not FuzzerDef.h.
>
>
> What was the conflicting definition error?  Does string.h have inline 
> definitions for those functions?


I was misled; the error is actually ambiguating new "declarations", not 
definitions. The exact error message goes like:

  error: ambiguating new declaration of ‘char* strcasestr(const char*, const 
char*)’
104 | ATTRIBUTE_INTERFACE char *strcasestr(const char *s1, const char *s2) {
|   ^~
  In file included from include/c++/v1/string.h:60,
   from include/c++/v1/cstring:60,
   from include/c++/v1/algorithm:641,
   from include/c++/v1/__string:57,
   from include/c++/v1/string_view:175,
   from include/c++/v1/string:506,
   from FuzzerInterceptors.cpp:14:
  /usr/include/string.h:356:26: note: old declaration ‘const char* 
strcasestr(const char*, const char*)’
356 | extern "C++" const char *strcasestr (const char *__haystack,
|  ^~

C++'s declarations of strstr/strcasestr each have two different versions (const 
v. non const), and neither of them matches C's strstr/strcasestr declarations. 
So I could either (i) make libFuzzer's declarations of strstr/strcasestr match 
one of C++ versions (for this reason there was "extern C++ ..."), or (ii) make 
them match C declarations of strstr/strcasestr and remove C++ declarations by 
not including string.h. I realized that (ii) is a simpler solution, so I 
changed the code that way.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-14 Thread Mitch Phillips via Phabricator via cfe-commits

hctim added inline comments.



Comment at: clang/lib/Driver/SanitizerArgs.cpp:242
+bool SanitizerArgs::needsFuzzerInterceptors() const {
+  return needsFuzzer() && !needsAsanRt() && !needsHwasanRt() &&
+ !needsTsanRt() && !needsMsanRt();

HWASan doesn't have interceptors - we actually want fuzzer interceptors under 
`needsFuzzer() && needsHwasanRt()` (just remove the `!needsHwasanRt()`).



Comment at: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:52
+// NOLINTNEXTLINE
+void __sanitizer_weak_hook_memcmp(void *, const void *, const void *, size_t,
+  int);

Why not `#include ` (and below)?



Comment at: compiler-rt/lib/fuzzer/FuzzerPlatform.h:1
-//===- FuzzerDefs.h - Internal header for the Fuzzer *- C++ -* 
===//
+//===-- FuzzerInterceptors.cpp 
===//
 //

Nit - name change



Comment at: compiler-rt/lib/fuzzer/FuzzerPlatform.h:8
 
//===--===//
-// Basic definitions.
+//
+// Common platform macros.

Nit - remove blank comment



Comment at: compiler-rt/test/fuzzer/memcmp.test:8
+RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | 
FileCheck %s --check-prefix=CHECK2
+CHECK2: BINGO

morehouse wrote:
> CHECK1 and CHECK2 is unnecessary.  Let's use the same CHECK for both.
No need to have different `CHECK`'s throughout this patchset (in both tests 
we're checking for the same thing.

```
UNSUPPORTED: freebsd
RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest
RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | 
FileCheck %s

RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp 
-o %t-NoAsanMemcmpTest
RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | 
FileCheck %s

CHECK: BINGO
```


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-14 Thread Matt Morehouse via Phabricator via cfe-commits

morehouse added a comment.

In D83494#2148868 , @dokyungs wrote:

> Addressed Matt's comments.
>
> A major change in this round that needs explanation is introduction of 
> FuzzerPlatform.h. Previously I defined `strstr` and `strcasestr` with `extern 
> "C++"` to workaround conflicting definition errors resulting from including 
> . But since including it is not necessary when compiling this 
> interceptor module, this patch now separates out platform related macros from 
> FuzzerDef.h into FuzzerPlatform.h, and the module includes FuzzerPlatform.h, 
> not FuzzerDef.h.


What was the conflicting definition error?  Does string.h have inline 
definitions for those functions?




Comment at: compiler-rt/test/fuzzer/memcmp.test:8
+RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | 
FileCheck %s --check-prefix=CHECK2
+CHECK2: BINGO

CHECK1 and CHECK2 is unnecessary.  Let's use the same CHECK for both.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-13 Thread Dokyung Song via Phabricator via cfe-commits

dokyungs updated this revision to Diff 277625.
dokyungs added a comment.

Use unique output file name for each subtest, and add no-asan subtest in 
memcmp64.test


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494

Files:
  clang/include/clang/Driver/SanitizerArgs.h
  clang/lib/Driver/SanitizerArgs.cpp
  clang/lib/Driver/ToolChains/CommonArgs.cpp
  compiler-rt/lib/fuzzer/CMakeLists.txt
  compiler-rt/lib/fuzzer/FuzzerDefs.h
  compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
  compiler-rt/lib/fuzzer/FuzzerPlatform.h
  compiler-rt/test/fuzzer/memcmp.test
  compiler-rt/test/fuzzer/memcmp64.test
  compiler-rt/test/fuzzer/strcmp.test
  compiler-rt/test/fuzzer/strncmp.test
  compiler-rt/test/fuzzer/strstr.test

Index: compiler-rt/test/fuzzer/strstr.test
===
--- compiler-rt/test/fuzzer/strstr.test
+++ compiler-rt/test/fuzzer/strstr.test
@@ -1,5 +1,9 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-StrstrTest
-RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
+RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s --check-prefix=CHECK1
+CHECK1: BINGO
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strstr %S/StrstrTest.cpp -o %t-NoAsanStrstrTest
+RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s --check-prefix=CHECK2
+CHECK2: BINGO
 
Index: compiler-rt/test/fuzzer/strncmp.test
===
--- compiler-rt/test/fuzzer/strncmp.test
+++ compiler-rt/test/fuzzer/strncmp.test
@@ -1,5 +1,9 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-StrncmpTest
-RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s
-CHECK: BINGO
+RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s --check-prefix=CHECK1
+CHECK1: BINGO
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strncmp %S/StrncmpTest.cpp -o %t-NoAsanStrncmpTest
+RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s --check-prefix=CHECK2
+CHECK2: BINGO
 
Index: compiler-rt/test/fuzzer/strcmp.test
===
--- compiler-rt/test/fuzzer/strcmp.test
+++ compiler-rt/test/fuzzer/strcmp.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-StrcmpTest
-RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
+RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s --check-prefix=CHECK1
+CHECK1: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strcmp %S/StrcmpTest.cpp -o %t-NoAsanStrcmpTest
+RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s --check-prefix=CHECK2
+CHECK2: BINGO
Index: compiler-rt/test/fuzzer/memcmp64.test
===
--- compiler-rt/test/fuzzer/memcmp64.test
+++ compiler-rt/test/fuzzer/memcmp64.test
@@ -1,4 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/Memcmp64BytesTest.cpp -o %t-Memcmp64BytesTest
-RUN: not %run %t-Memcmp64BytesTest-seed=1 -runs=100   2>&1 | FileCheck %s
-CHECK: BINGO
+RUN: not %run %t-Memcmp64BytesTest-seed=1 -runs=100   2>&1 | FileCheck %s --check-prefix=CHECK1
+CHECK1: BINGO
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/Memcmp64BytesTest.cpp -o %t-NoAsanMemcmp64BytesTest
+RUN: not %run %t-Memcmp64BytesTest-seed=1 -runs=100   2>&1 | FileCheck %s --check-prefix=CHECK2
+CHECK2: BINGO
Index: compiler-rt/test/fuzzer/memcmp.test
===
--- compiler-rt/test/fuzzer/memcmp.test
+++ compiler-rt/test/fuzzer/memcmp.test
@@ -1,4 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest
-RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s
-CHECK: BINGO
+RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s --check-prefix=CHECK1
+CHECK1: BINGO
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp -o %t-NoAsanMemcmpTest
+RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s --check-prefix=CHECK2
+CHECK2: BINGO
Index: compiler-rt/lib/fuzzer/FuzzerPlatform.h
===
--- compiler-rt/lib/fuzzer/FuzzerPlatform.h
+++ compiler-rt/lib/fuzzer/FuzzerPlatform.h
@@ -1,25 +1,16 @@
-//===- FuzzerDefs.h - Internal header for the Fuzzer *- C++ -* ===//
+//===-- FuzzerInterceptors.cpp ===//
 //
 // Part of the LLVM Project, under the Apache License v2.0 with LLVM

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-13 Thread Dokyung Song via Phabricator via cfe-commits

dokyungs updated this revision to Diff 277624.
dokyungs added a comment.

strncmp test should include -fno-builtin-strncmp, not -fno-builtin-strcmp


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494

Files:
  clang/include/clang/Driver/SanitizerArgs.h
  clang/lib/Driver/SanitizerArgs.cpp
  clang/lib/Driver/ToolChains/CommonArgs.cpp
  compiler-rt/lib/fuzzer/CMakeLists.txt
  compiler-rt/lib/fuzzer/FuzzerDefs.h
  compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
  compiler-rt/lib/fuzzer/FuzzerPlatform.h
  compiler-rt/test/fuzzer/memcmp.test
  compiler-rt/test/fuzzer/strcmp.test
  compiler-rt/test/fuzzer/strncmp.test
  compiler-rt/test/fuzzer/strstr.test

Index: compiler-rt/test/fuzzer/strstr.test
===
--- compiler-rt/test/fuzzer/strstr.test
+++ compiler-rt/test/fuzzer/strstr.test
@@ -1,5 +1,9 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-StrstrTest
-RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
+RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s --check-prefix=CHECK1
+CHECK1: BINGO
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strstr %S/StrstrTest.cpp -o %t-NoAsanStrstrTest
+RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s --check-prefix=CHECK2
+CHECK2: BINGO
 
Index: compiler-rt/test/fuzzer/strncmp.test
===
--- compiler-rt/test/fuzzer/strncmp.test
+++ compiler-rt/test/fuzzer/strncmp.test
@@ -1,5 +1,9 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-StrncmpTest
-RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s
-CHECK: BINGO
+RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s --check-prefix=CHECK1
+CHECK1: BINGO
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strncmp %S/StrncmpTest.cpp -o %t-NoAsanStrncmpTest
+RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s --check-prefix=CHECK2
+CHECK2: BINGO
 
Index: compiler-rt/test/fuzzer/strcmp.test
===
--- compiler-rt/test/fuzzer/strcmp.test
+++ compiler-rt/test/fuzzer/strcmp.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-StrcmpTest
-RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
+RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s --check-prefix=CHECK1
+CHECK1: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strcmp %S/StrcmpTest.cpp -o %t-StrcmpTest
+RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s --check-prefix=CHECK2
+CHECK2: BINGO
Index: compiler-rt/test/fuzzer/memcmp.test
===
--- compiler-rt/test/fuzzer/memcmp.test
+++ compiler-rt/test/fuzzer/memcmp.test
@@ -1,4 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest
-RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s
-CHECK: BINGO
+RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s --check-prefix=CHECK1
+CHECK1: BINGO
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp -o %t-MemcmpTest
+RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s --check-prefix=CHECK2
+CHECK2: BINGO
Index: compiler-rt/lib/fuzzer/FuzzerPlatform.h
===
--- compiler-rt/lib/fuzzer/FuzzerPlatform.h
+++ compiler-rt/lib/fuzzer/FuzzerPlatform.h
@@ -1,25 +1,16 @@
-//===- FuzzerDefs.h - Internal header for the Fuzzer *- C++ -* ===//
+//===-- FuzzerInterceptors.cpp ===//
 //
 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
 // See https://llvm.org/LICENSE.txt for license information.
 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 //
 //===--===//
-// Basic definitions.
+//
+// Common platform macros.
 //===--===//
 
-#ifndef LLVM_FUZZER_DEFS_H
-#define LLVM_FUZZER_DEFS_H
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
+#ifndef LLVM_FUZZER_PLATFORM_H
+#define LLVM_FUZZER_PLATFORM_H
 
 // Platform detection.
 #ifdef __linux__
@@ -106,7 +97,7 @@
 #endif
 
 #ifndef __has_attribute
-#  define __has_attribute(x) 0
+#define __has_attribute(x) 0
 #endif
 
 #define LIBFUZZER_POSIX\
@@ -114,26

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-13 Thread Dokyung Song via Phabricator via cfe-commits

dokyungs marked 9 inline comments as done.
dokyungs added inline comments.



Comment at: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:116
+
+extern "C++" ATTRIBUTE_INTERFACE char *strstr(char *s1, const char *s2) {
+  char *result = REAL(strstr)(s1, s2);

morehouse wrote:
> Why `extern "C++"`?  I don't think we want that here.
Removed by not including `#include `.



Comment at: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:123
+
+extern "C++" ATTRIBUTE_INTERFACE char *strcasestr(char *s1, const char *s2) {
+  char *result = REAL(strcasestr)(s1, s2);

morehouse wrote:
> Also why `extern "C++"` here?
Removed by not including `#include `.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-13 Thread Dokyung Song via Phabricator via cfe-commits

dokyungs updated this revision to Diff 277620.
dokyungs added a comment.
Herald added a subscriber: krytarowski.

Addressed Matt's comments.

A major change in this round that needs explanation is introduction of 
FuzzerPlatform.h. Previously I defined `strstr` and `strcasestr` with `extern 
"C++"` to workaround conflicting definition errors resulting from including 
. But since including it is not necessary when compiling this 
interceptor module, this patch now separates out platform related macros from 
FuzzerDef.h into FuzzerPlatform.h, and the module includes FuzzerPlatform.h, 
not FuzzerDef.h.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494

Files:
  clang/include/clang/Driver/SanitizerArgs.h
  clang/lib/Driver/SanitizerArgs.cpp
  clang/lib/Driver/ToolChains/CommonArgs.cpp
  compiler-rt/lib/fuzzer/CMakeLists.txt
  compiler-rt/lib/fuzzer/FuzzerDefs.h
  compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
  compiler-rt/lib/fuzzer/FuzzerPlatform.h
  compiler-rt/test/fuzzer/memcmp.test
  compiler-rt/test/fuzzer/strcmp.test
  compiler-rt/test/fuzzer/strncmp.test
  compiler-rt/test/fuzzer/strstr.test

Index: compiler-rt/test/fuzzer/strstr.test
===
--- compiler-rt/test/fuzzer/strstr.test
+++ compiler-rt/test/fuzzer/strstr.test
@@ -1,5 +1,9 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrstrTest.cpp -o %t-StrstrTest
-RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
+RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s --check-prefix=CHECK1
+CHECK1: BINGO
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strstr %S/StrstrTest.cpp -o %t-NoAsanStrstrTest
+RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s --check-prefix=CHECK2
+CHECK2: BINGO
 
Index: compiler-rt/test/fuzzer/strncmp.test
===
--- compiler-rt/test/fuzzer/strncmp.test
+++ compiler-rt/test/fuzzer/strncmp.test
@@ -1,5 +1,9 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrncmpTest.cpp -o %t-StrncmpTest
-RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s
-CHECK: BINGO
+RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s --check-prefix=CHECK1
+CHECK1: BINGO
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strcmp %S/StrncmpTest.cpp -o %t-NoAsanStrncmpTest
+RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s --check-prefix=CHECK2
+CHECK2: BINGO
 
Index: compiler-rt/test/fuzzer/strcmp.test
===
--- compiler-rt/test/fuzzer/strcmp.test
+++ compiler-rt/test/fuzzer/strcmp.test
@@ -1,5 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/StrcmpTest.cpp -o %t-StrcmpTest
-RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s
-CHECK: BINGO
+RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s --check-prefix=CHECK1
+CHECK1: BINGO
 
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strcmp %S/StrcmpTest.cpp -o %t-StrcmpTest
+RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s --check-prefix=CHECK2
+CHECK2: BINGO
Index: compiler-rt/test/fuzzer/memcmp.test
===
--- compiler-rt/test/fuzzer/memcmp.test
+++ compiler-rt/test/fuzzer/memcmp.test
@@ -1,4 +1,8 @@
 UNSUPPORTED: freebsd
 RUN: %cpp_compiler %S/MemcmpTest.cpp -o %t-MemcmpTest
-RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s
-CHECK: BINGO
+RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s --check-prefix=CHECK1
+CHECK1: BINGO
+
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp -o %t-MemcmpTest
+RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s --check-prefix=CHECK2
+CHECK2: BINGO
Index: compiler-rt/lib/fuzzer/FuzzerPlatform.h
===
--- compiler-rt/lib/fuzzer/FuzzerPlatform.h
+++ compiler-rt/lib/fuzzer/FuzzerPlatform.h
@@ -1,25 +1,16 @@
-//===- FuzzerDefs.h - Internal header for the Fuzzer *- C++ -* ===//
+//===-- FuzzerInterceptors.cpp ===//
 //
 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
 // See https://llvm.org/LICENSE.txt for license information.
 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 //
 //===--===//
-// Basic definitions.
+//
+// Common platform macros.
 //===--===//
 
-#ifndef

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-13 Thread Matt Morehouse via Phabricator via cfe-commits

morehouse added inline comments.



Comment at: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:14
+
+#if LIBFUZZER_LINUX
+

We should include FuzzerDefs.h to use this, not FuzzerBuiltins.h.



Comment at: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:25
+
+typedef unsigned long uptr;
+

Any reason not to use `uintptr_t` instead?



Comment at: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:41
+// We don't want to intercept the wrapper and have it point to itself.
+if ((uptr)addr == wrapper_addr)
+  addr = nullptr;

Nit:  I think we should prefer C++ constructs, so `reinterpret_cast` 
here.



Comment at: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:116
+
+extern "C++" ATTRIBUTE_INTERFACE char *strstr(char *s1, const char *s2) {
+  char *result = REAL(strstr)(s1, s2);

Why `extern "C++"`?  I don't think we want that here.



Comment at: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:123
+
+extern "C++" ATTRIBUTE_INTERFACE char *strcasestr(char *s1, const char *s2) {
+  char *result = REAL(strcasestr)(s1, s2);

Also why `extern "C++"` here?



Comment at: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:140
+  REAL(memcmp) =
+  reinterpret_cast(GetFuncAddr("memcmp", (uptr)));
+  REAL(strncmp) =

Nit:  `reinterpret_cast()`



Comment at: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp:159
+*__local_fuzzer_preinit)(void) = __fuzzer_init;
+}
+

Nit: Please add this comment:
```
} // extern "C"
```



Comment at: compiler-rt/test/fuzzer/no-asan-strstr.test:5
+CHECK: BINGO
+

Since these "no-asan" cases are pretty small, can we just add them to the 
existing `*cmp` tests?


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-13 Thread Mitch Phillips via Phabricator via cfe-commits

hctim added a comment.

In D83494#2148180 , @morehouse wrote:

> In D83494#2148164 , @dokyungs wrote:
>
> > Right. Apparently with `-O2` many calls to `memcmp`-like functions are 
> > removed. I just wondered, though, what makes more sense: disabling such 
> > optimization when building (i) with sancov, or (ii) with 
> > `-fsanitize=fuzzer`? If we go for (i), would it make sense to do it in the 
> > SanitizerCoverage module pass like other sanitizers do? What do you think? 
> > Also, can it be addressed in a follow-up patch?
>
>
> My opinion is to make it part of `-fsanitize=fuzzer`, or maybe disable parts 
> of the builtin optimization pass for functions with the `OptForFuzzing` 
> attribute.
>
> And I think a follow-up patch is easier to review.


Agreed with Matt on all of the above.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-13 Thread Dokyung Song via Phabricator via cfe-commits

dokyungs updated this revision to Diff 277530.
dokyungs added a comment.

Fixed a few LINT warnings by defining some macros that resemble the ones used 
in other sanitizer interception code.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494

Files:
  clang/include/clang/Driver/SanitizerArgs.h
  clang/lib/Driver/SanitizerArgs.cpp
  clang/lib/Driver/ToolChains/CommonArgs.cpp
  compiler-rt/lib/fuzzer/CMakeLists.txt
  compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
  compiler-rt/test/fuzzer/no-asan-memcmp.test
  compiler-rt/test/fuzzer/no-asan-strcmp.test
  compiler-rt/test/fuzzer/no-asan-strncmp.test
  compiler-rt/test/fuzzer/no-asan-strstr.test

Index: compiler-rt/test/fuzzer/no-asan-strstr.test
===
--- /dev/null
+++ compiler-rt/test/fuzzer/no-asan-strstr.test
@@ -0,0 +1,5 @@
+UNSUPPORTED: freebsd
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strstr %S/StrstrTest.cpp -o %t-StrstrTest
+RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s
+CHECK: BINGO
+
Index: compiler-rt/test/fuzzer/no-asan-strncmp.test
===
--- /dev/null
+++ compiler-rt/test/fuzzer/no-asan-strncmp.test
@@ -0,0 +1,4 @@
+UNSUPPORTED: freebsd
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strncmp  %S/StrncmpTest.cpp -o %t-StrncmpTest
+RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/no-asan-strcmp.test
===
--- /dev/null
+++ compiler-rt/test/fuzzer/no-asan-strcmp.test
@@ -0,0 +1,5 @@
+UNSUPPORTED: freebsd
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strcmp %S/StrcmpTest.cpp -o %t-StrcmpTest
+RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s
+CHECK: BINGO
+
Index: compiler-rt/test/fuzzer/no-asan-memcmp.test
===
--- /dev/null
+++ compiler-rt/test/fuzzer/no-asan-memcmp.test
@@ -0,0 +1,4 @@
+UNSUPPORTED: freebsd
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp -o %t-MemcmpTest
+RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s
+CHECK: BINGO
Index: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
===
--- /dev/null
+++ compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
@@ -0,0 +1,161 @@
+//===-- FuzzerInterceptors.cpp ===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+// Intercept certain libc functions to aid fuzzing.
+// Linked only when other RTs that define their own interceptors are not linked.
+//===--===//
+
+#include "FuzzerBuiltins.h"
+
+#if LIBFUZZER_LINUX
+
+#define PTR_TO_REAL(x) real_##x
+#define REAL(x) __interception::PTR_TO_REAL(x)
+#define FUNC_TYPE(x) x##_type
+#define DEFINE_REAL(ret_type, func, ...)   \
+  typedef ret_type (*FUNC_TYPE(func))(__VA_ARGS__);\
+  namespace __interception {   \
+  FUNC_TYPE(func) PTR_TO_REAL(func);   \
+  }
+
+typedef unsigned long uptr;
+
+#include  // for dlsym()
+
+static void *GetFuncAddr(const char *name, uptr wrapper_addr) {
+  void *addr = dlsym(RTLD_NEXT, name);
+  if (!addr) {
+// If the lookup using RTLD_NEXT failed, the sanitizer runtime library is
+// later in the library search order than the DSO that we are trying to
+// intercept, which means that we cannot intercept this function. We still
+// want the address of the real definition, though, so look it up using
+// RTLD_DEFAULT.
+addr = dlsym(RTLD_DEFAULT, name);
+
+// In case `name' is not loaded, dlsym ends up finding the actual wrapper.
+// We don't want to intercept the wrapper and have it point to itself.
+if ((uptr)addr == wrapper_addr)
+  addr = nullptr;
+  }
+  return addr;
+}
+
+extern "C" {
+
+// NOLINTNEXTLINE
+void __sanitizer_weak_hook_memcmp(void *, const void *, const void *, size_t,
+  int);
+// NOLINTNEXTLINE
+void __sanitizer_weak_hook_strncmp(void *, const char *, const char *, size_t,
+   int);
+// NOLINTNEXTLINE
+void __sanitizer_weak_hook_strcmp(void *, const char *, const char *, int);
+// NOLINTNEXTLINE
+void __sanitizer_weak_hook_strncasecmp(void *, const char *, const

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-13 Thread Matt Morehouse via Phabricator via cfe-commits

morehouse added a comment.

In D83494#2148164 , @dokyungs wrote:

> In D83494#2148043 , @hctim wrote:
>
> > In D83494#2147608 , @dokyungs 
> > wrote:
> >
> > > Builtin libfunc optimizations may transform memcmp and strcmp-like 
> > > functions. To disable such optimizations, -fno-builtin= flag was 
> > > additionally added in compiling new test cases. FWIW, the original test 
> > > cases didn't require such flags since other sanitizers including ASan 
> > > disables those optimizations in their LLVM pass by dropping libfunc 
> > > attribute in the call instructions.
> >
> >
> > It sounds like we need to add `-fno-builtin` in the clang driver when 
> > building with sancov as well. Otherwise, users won't get any benefit of 
> > this patch without doing `clang++ -fsanitize=fuzzer my_fuzz_target.cpp 
> > -fno-builtin-strstr -fno-builtin-strncmp  -fno-builtin-strcmp  
> > -fno-builtin-memcmp`?
>
>
> Right. Apparently with `-O2` many calls to `memcmp`-like functions are 
> removed. I just wondered, though, what makes more sense: disabling such 
> optimization when building (i) with sancov, or (ii) with `-fsanitize=fuzzer`? 
> If we go for (i), would it make sense to do it in the SanitizerCoverage 
> module pass like other sanitizers do? What do you think? Also, can it be 
> addressed in a follow-up patch?


My opinion is to make it part of `-fsanitize=fuzzer`, or maybe disable parts of 
the builtin optimization pass for functions with the `OptForFuzzing` attribute.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-13 Thread Dokyung Song via Phabricator via cfe-commits

dokyungs added a comment.

In D83494#2148043 , @hctim wrote:

> In D83494#2147608 , @dokyungs wrote:
>
> > Builtin libfunc optimizations may transform memcmp and strcmp-like 
> > functions. To disable such optimizations, -fno-builtin= flag was 
> > additionally added in compiling new test cases. FWIW, the original test 
> > cases didn't require such flags since other sanitizers including ASan 
> > disables those optimizations in their LLVM pass by dropping libfunc 
> > attribute in the call instructions.
>
>
> It sounds like we need to add `-fno-builtin` in the clang driver when 
> building with sancov as well. Otherwise, users won't get any benefit of this 
> patch without doing `clang++ -fsanitize=fuzzer my_fuzz_target.cpp 
> -fno-builtin-strstr -fno-builtin-strncmp  -fno-builtin-strcmp  
> -fno-builtin-memcmp`?


Right. Apparently with `-O2` many calls to `memcmp`-like functions are removed. 
I just wondered, though, what makes more sense: disabling such optimization 
when building (i) with sancov, or (ii) with `-fsanitize=fuzzer`? If we go for 
(i), would it make sense to do it in the SanitizerCoverage module pass like 
other sanitizers do? What do you think? Also, can it be addressed in a 
follow-up patch?


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-13 Thread Mitch Phillips via Phabricator via cfe-commits

hctim added a comment.

In D83494#2147608 , @dokyungs wrote:

> Builtin libfunc optimizations may transform memcmp and strcmp-like functions. 
> To disable such optimizations, -fno-builtin= flag was additionally added in 
> compiling new test cases. FWIW, the original test cases didn't require such 
> flags since other sanitizers including ASan disables those optimizations in 
> their LLVM pass by dropping libfunc attribute in the call instructions.


It sounds like we need to add `-fno-builtin` in the clang driver when building 
with sancov as well. Otherwise, users won't get any benefit of this patch 
without doing `clang++ -fsanitize=fuzzer my_fuzz_target.cpp -fno-builtin-strstr 
-fno-builtin-strncmp  -fno-builtin-strcmp  -fno-builtin-memcmp`?


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-13 Thread Dokyung Song via Phabricator via cfe-commits

dokyungs updated this revision to Diff 277462.
dokyungs added a comment.

Add interceptors for all the functions libFuzzer has a weak interceptor for, 
and duplicate existing interceptor test cases with new compiler flags 
(-fno-sanitize=address).

Builtin libfunc optimizations may transform memcmp and strcmp-like functions. 
To disable such optimizations, -fno-builtin= flag was additionally added in 
compiling new test cases. FWIW, the original test cases didn't require such 
flags since other sanitizers including ASan disables those optimizations in 
their LLVM pass by dropping libfunc attribute in the call instructions.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494

Files:
  clang/include/clang/Driver/SanitizerArgs.h
  clang/lib/Driver/SanitizerArgs.cpp
  clang/lib/Driver/ToolChains/CommonArgs.cpp
  compiler-rt/lib/fuzzer/CMakeLists.txt
  compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
  compiler-rt/test/fuzzer/no-asan-memcmp.test
  compiler-rt/test/fuzzer/no-asan-strcmp.test
  compiler-rt/test/fuzzer/no-asan-strncmp.test
  compiler-rt/test/fuzzer/no-asan-strstr.test

Index: compiler-rt/test/fuzzer/no-asan-strstr.test
===
--- /dev/null
+++ compiler-rt/test/fuzzer/no-asan-strstr.test
@@ -0,0 +1,5 @@
+UNSUPPORTED: freebsd
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strstr %S/StrstrTest.cpp -o %t-StrstrTest
+RUN: not %run %t-StrstrTest   -seed=1 -runs=200   2>&1 | FileCheck %s
+CHECK: BINGO
+
Index: compiler-rt/test/fuzzer/no-asan-strncmp.test
===
--- /dev/null
+++ compiler-rt/test/fuzzer/no-asan-strncmp.test
@@ -0,0 +1,4 @@
+UNSUPPORTED: freebsd
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strncmp  %S/StrncmpTest.cpp -o %t-StrncmpTest
+RUN: not %run %t-StrncmpTest  -seed=2 -runs=1000   2>&1 | FileCheck %s
+CHECK: BINGO
Index: compiler-rt/test/fuzzer/no-asan-strcmp.test
===
--- /dev/null
+++ compiler-rt/test/fuzzer/no-asan-strcmp.test
@@ -0,0 +1,5 @@
+UNSUPPORTED: freebsd
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-strcmp %S/StrcmpTest.cpp -o %t-StrcmpTest
+RUN: not %run %t-StrcmpTest   -seed=1 -runs=200   2>&1 | FileCheck %s
+CHECK: BINGO
+
Index: compiler-rt/test/fuzzer/no-asan-memcmp.test
===
--- /dev/null
+++ compiler-rt/test/fuzzer/no-asan-memcmp.test
@@ -0,0 +1,4 @@
+UNSUPPORTED: freebsd
+RUN: %cpp_compiler -fno-sanitize=address -fno-builtin-memcmp %S/MemcmpTest.cpp -o %t-MemcmpTest
+RUN: not %run %t-MemcmpTest   -seed=1 -runs=1000   2>&1 | FileCheck %s
+CHECK: BINGO
Index: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
===
--- /dev/null
+++ compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
@@ -0,0 +1,157 @@
+//===-- FuzzerInterceptors.cpp ===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+// Intercept certain libc functions to aid fuzzing.
+// Linked only when other RTs that define their own interceptors are not linked.
+//===--===//
+
+#include "FuzzerBuiltins.h"
+
+#if LIBFUZZER_LINUX
+
+typedef unsigned long uptr;
+
+#include  // for dlsym()
+
+static void *GetFuncAddr(const char *name, uptr wrapper_addr) {
+  void *addr = dlsym(RTLD_NEXT, name);
+  if (!addr) {
+// If the lookup using RTLD_NEXT failed, the sanitizer runtime library is
+// later in the library search order than the DSO that we are trying to
+// intercept, which means that we cannot intercept this function. We still
+// want the address of the real definition, though, so look it up using
+// RTLD_DEFAULT.
+addr = dlsym(RTLD_DEFAULT, name);
+
+// In case `name' is not loaded, dlsym ends up finding the actual wrapper.
+// We don't want to intercept the wrapper and have it point to itself.
+if ((uptr)addr == wrapper_addr)
+  addr = nullptr;
+  }
+  return addr;
+}
+
+extern "C" {
+
+void __sanitizer_weak_hook_memcmp(void *, const void *, const void *, size_t,
+  int);
+void __sanitizer_weak_hook_strncmp(void *, const char *, const char *, size_t,
+   int);
+void __sanitizer_weak_hook_strcmp(void *, const char *, const char *, int);
+void __sanitizer_weak_hook_strncasecmp(void *, const char *, const char *,
+   size_t, int);
+void

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-09 Thread Matt Morehouse via Phabricator via cfe-commits

morehouse added a comment.

Seems like the general approach we want.

Could you:

- Fix the lint warnings
- Find out why the unit tests failed
- Add strcmp
- Modify the memcmp/strcmp unit tests to show that we can solve them 
with/without ASan

After that I'll take a closer look.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D83494/new/

https://reviews.llvm.org/D83494



___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D83494: [libFuzzer] Link libFuzzer's own interceptors when other compiler runtimes are not linked.

2020-07-09 Thread Dokyung Song via Phabricator via cfe-commits

dokyungs created this revision.
Herald added subscribers: Sanitizers, cfe-commits, mgorny.
Herald added projects: clang, Sanitizers.

libFuzzer intercepts certain library functions such as memcmp/strcmp by 
defining weak hooks. Weak hooks, however, are called only when other runtimes 
such as ASan is linked. This patch defines libFuzzer's own interceptors, which 
is linked into the libFuzzer executable when other runtimes are not linked, 
i.e., when -fsanitize=fuzzer is given, but not others.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D83494

Files:
  clang/include/clang/Driver/SanitizerArgs.h
  clang/lib/Driver/SanitizerArgs.cpp
  clang/lib/Driver/ToolChains/CommonArgs.cpp
  compiler-rt/lib/fuzzer/CMakeLists.txt
  compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp

Index: compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
===
--- /dev/null
+++ compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
@@ -0,0 +1,63 @@
+//===-- FuzzerInterceptors.cpp ===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===--===//
+// Intercept certain libc functions to aid fuzzing.
+// Linked only when other RTs that define their own interceptors are not linked.
+//===--===//
+
+#include "FuzzerBuiltins.h"
+
+#if LIBFUZZER_LINUX
+
+typedef unsigned long uptr;
+
+#include  // for dlsym()
+
+static void *GetFuncAddr(const char *name, uptr wrapper_addr) {
+  void *addr = dlsym(RTLD_NEXT, name);
+  if (!addr) {
+// If the lookup using RTLD_NEXT failed, the sanitizer runtime library is
+// later in the library search order than the DSO that we are trying to
+// intercept, which means that we cannot intercept this function. We still
+// want the address of the real definition, though, so look it up using
+// RTLD_DEFAULT.
+addr = dlsym(RTLD_DEFAULT, name);
+
+// In case `name' is not loaded, dlsym ends up finding the actual wrapper.
+// We don't want to intercept the wrapper and have it point to itself.
+if ((uptr)addr == wrapper_addr)
+  addr = nullptr;
+  }
+  return addr;
+}
+
+extern "C" {
+
+void __sanitizer_weak_hook_memcmp(void *caller_pc, const void *s1,
+  const void *s2, size_t n, int result);
+
+typedef int (*memcmp_t)(const void *, const void *, size_t);
+static memcmp_t real_memcmp;
+
+__attribute__((visibility("default"))) int memcmp(const void *str1,
+  const void *str2, size_t n) {
+  int result = real_memcmp(str1, str2, n);
+  __sanitizer_weak_hook_memcmp(GET_CALLER_PC(), str1, str2, n, result);
+
+  return result;
+}
+
+void __fuzzer_init() {
+  real_memcmp =
+  reinterpret_cast(GetFuncAddr("memcmp", (uptr)));
+}
+
+__attribute__((section(".preinit_array"),
+   used)) void (*__local_fuzzer_preinit)(void) = __fuzzer_init;
+}
+
+#endif
Index: compiler-rt/lib/fuzzer/CMakeLists.txt
===
--- compiler-rt/lib/fuzzer/CMakeLists.txt
+++ compiler-rt/lib/fuzzer/CMakeLists.txt
@@ -99,6 +99,13 @@
   CFLAGS ${LIBFUZZER_CFLAGS}
   DEPS ${LIBFUZZER_DEPS})
 
+add_compiler_rt_object_libraries(RTfuzzer_interceptors
+  OS ${FUZZER_SUPPORTED_OS}
+  ARCHS ${FUZZER_SUPPORTED_ARCH}
+  SOURCES FuzzerInterceptors.cpp
+  CFLAGS ${LIBFUZZER_CFLAGS}
+  DEPS ${LIBFUZZER_DEPS})
+
 add_compiler_rt_runtime(clang_rt.fuzzer
   STATIC
   OS ${FUZZER_SUPPORTED_OS}
@@ -115,6 +122,14 @@
   CFLAGS ${LIBFUZZER_CFLAGS}
   PARENT_TARGET fuzzer)
 
+add_compiler_rt_runtime(clang_rt.fuzzer_interceptors
+  STATIC
+  OS ${FUZZER_SUPPORTED_OS}
+  ARCHS ${FUZZER_SUPPORTED_ARCH}
+  OBJECT_LIBS RTfuzzer_interceptors
+  CFLAGS ${LIBFUZZER_CFLAGS}
+  PARENT_TARGET fuzzer)
+
 if(OS_NAME MATCHES "Linux|Fuchsia" AND
COMPILER_RT_LIBCXX_PATH AND
COMPILER_RT_LIBCXXABI_PATH)
@@ -148,7 +163,10 @@
 add_dependencies(RTfuzzer.${arch} libcxx_fuzzer_${arch}-build)
 target_compile_options(RTfuzzer_main.${arch} PRIVATE -isystem ${LIBCXX_${arch}_PREFIX}/include/c++/v1)
 add_dependencies(RTfuzzer_main.${arch} libcxx_fuzzer_${arch}-build)
+target_compile_options(RTfuzzer_interceptors.${arch} PRIVATE -isystem ${LIBCXX_${arch}_PREFIX}/include/c++/v1)
+add_dependencies(RTfuzzer_interceptors.${arch} libcxx_fuzzer_${arch}-build)
 partially_link_libcxx(fuzzer_no_main ${LIBCXX_${arch}_PREFIX} ${arch})
+partially_link_libcxx(fuzzer_interceptors ${LIBCXX_${arch}_PREFIX} ${arch})
 partially_link_libcxx(fuzzer ${LIBCXX_${arch}_PREFIX} ${arch})
   endforeach()
 endif()
Index: clang/lib/Driver/ToolChains/CommonArgs.cpp

45 matches

Mail list logo