Gitiles
Code Review Sign In
gerrit-public.fairphone.software / toolchain / llvm-project / ab73c6924f56f47ddf7ca41de467e5d2b255fe30^! / . / llvm / lib / Fuzzer / FuzzerTraceState.cpp
commitab73c6924f56f47ddf7ca41de467e5d2b255fe30[log] [tgz]
authorKostya Serebryany <kcc@google.com>Fri Sep 23 00:46:18 2016 +0000
committerKostya Serebryany <kcc@google.com>Fri Sep 23 00:46:18 2016 +0000
tree2f0e7b676cca69155ebcda35cf0ccc2cdfb55bfa
parente190cd28340360a4526754185d22c3972878be79 [diff] [blame]
[libFuzzer] move value profiling logic into TracePC

llvm-svn: 282219

diff --git a/llvm/lib/Fuzzer/FuzzerTraceState.cpp b/llvm/lib/Fuzzer/FuzzerTraceState.cpp
index 902a189..97d5935 100644
--- a/llvm/lib/Fuzzer/FuzzerTraceState.cpp
+++ b/llvm/lib/Fuzzer/FuzzerTraceState.cpp

@@ -75,6 +75,7 @@
 #include "FuzzerDictionary.h"
 #include "FuzzerMutate.h"
 #include "FuzzerRandom.h"
+#include "FuzzerTracePC.h"
 
 #include <algorithm>
 #include <cstring>
@@ -175,7 +176,6 @@
 // Declared as static globals for faster checks inside the hooks.
 static bool RecordingMemcmp = false;
 static bool RecordingMemmem = false;
-static bool RecordingValueProfile = false;
 static bool DoingMyOwnMemmem = false;
 
 struct ScopedDoingMyOwnMemmem {
@@ -532,21 +532,13 @@
 
 // Value profile.
 // We keep track of various values that affect control flow.
-// These values are inserted into a bit-set-based hash map (ValueBitMap VP).
+// These values are inserted into a bit-set-based hash map.
 // Every new bit in the map is treated as a new coverage.
 //
 // For memcmp/strcmp/etc the interesting value is the length of the common
 // prefix of the parameters.
 // For cmp instructions the interesting value is a XOR of the parameters.
 // The interesting value is mixed up with the PC and is then added to the map.
-static ValueBitMap VP;
-
-void EnableValueProfile() { RecordingValueProfile = true; }
-
-bool VPMapMergeFromCurrent(ValueBitMap &M) {
-  if (!RecordingValueProfile) return 0;
-  return M.MergeFrom(VP);
-}
 
 static void AddValueForMemcmp(void *caller_pc, const void *s1, const void *s2,
                               size_t n) {
@@ -562,7 +554,7 @@
   size_t Idx = I;
   // if (I < Len)
   //  Idx += __builtin_popcountl((A1[I] ^ A2[I])) - 1;
-  VP.AddValue((PC & 4095) | (Idx << 12));
+  TPC.HandleValueProfile((PC & 4095) | (Idx << 12));
 }
 
 static void AddValueForStrcmp(void *caller_pc, const char *s1, const char *s2,
@@ -579,7 +571,7 @@
   size_t Idx = I;
   // if (I < Len && A1[I])
   //  Idx += __builtin_popcountl((A1[I] ^ A2[I])) - 1;
-  VP.AddValue((PC & 4095) | (Idx << 12));
+  TPC.HandleValueProfile((PC & 4095) | (Idx << 12));
 }
 
 ATTRIBUTE_TARGET_POPCNT
@@ -589,7 +581,7 @@
   uintptr_t PC = reinterpret_cast<uintptr_t>(PCptr);
   uint64_t ArgDistance = __builtin_popcountl(Arg1 ^ Arg2) - 1; // [0,63]
   uintptr_t Idx = (PC & 4095) | (ArgDistance << 12);
-  VP.AddValue(Idx);
+  TPC.HandleValueProfile(Idx);
 }
 
 static void AddValueForSingleVal(void *PCptr, uintptr_t Val) {
@@ -597,14 +589,13 @@
   uintptr_t PC = reinterpret_cast<uintptr_t>(PCptr);
   uint64_t ArgDistance = __builtin_popcountl(Val) - 1; // [0,63]
   uintptr_t Idx = (PC & 4095) | (ArgDistance << 12);
-  VP.AddValue(Idx);
+  TPC.HandleValueProfile(Idx);
 }
 
 }  // namespace fuzzer
 
 using fuzzer::TS;
 using fuzzer::RecordingMemcmp;
-using fuzzer::RecordingValueProfile;
 
 extern "C" {
 void __dfsw___sanitizer_cov_trace_cmp(uint64_t SizeAndType, uint64_t Arg1,
@@ -670,8 +661,7 @@
 #if LLVM_FUZZER_DEFINES_SANITIZER_WEAK_HOOOKS
 void __sanitizer_weak_hook_memcmp(void *caller_pc, const void *s1,
                                   const void *s2, size_t n, int result) {
-  if (RecordingValueProfile)
-    fuzzer::AddValueForMemcmp(caller_pc, s1, s2, n);
+  fuzzer::AddValueForMemcmp(caller_pc, s1, s2, n);
   if (!RecordingMemcmp) return;
   if (result == 0) return;  // No reason to mutate.
   if (n <= 1) return;  // Not interesting.
@@ -681,8 +671,7 @@
 
 void __sanitizer_weak_hook_strncmp(void *caller_pc, const char *s1,
                                    const char *s2, size_t n, int result) {
-  if (RecordingValueProfile)
-    fuzzer::AddValueForStrcmp(caller_pc, s1, s2, n);
+  fuzzer::AddValueForStrcmp(caller_pc, s1, s2, n);
   if (!RecordingMemcmp) return;
   if (result == 0) return;  // No reason to mutate.
   size_t Len1 = fuzzer::InternalStrnlen(s1, n);
@@ -696,8 +685,7 @@
 
 void __sanitizer_weak_hook_strcmp(void *caller_pc, const char *s1,
                                    const char *s2, int result) {
-  if (RecordingValueProfile)
-    fuzzer::AddValueForStrcmp(caller_pc, s1, s2, 64);
+  fuzzer::AddValueForStrcmp(caller_pc, s1, s2, 64);
   if (!RecordingMemcmp) return;
   if (result == 0) return;  // No reason to mutate.
   size_t Len1 = strlen(s1);
@@ -736,8 +724,7 @@
 __attribute__((visibility("default")))
 void __sanitizer_cov_trace_cmp(uint64_t SizeAndType, uint64_t Arg1,
                                uint64_t Arg2) {
-  if (RecordingValueProfile)
-    fuzzer::AddValueForCmp(__builtin_return_address(0), Arg1, Arg2);
+  fuzzer::AddValueForCmp(__builtin_return_address(0), Arg1, Arg2);
 }
 
 __attribute__((visibility("default")))