Gitiles
Code Review Sign In
gerrit-public.fairphone.software / toolchain / llvm-project / 09845170212b8d5a10353c069d2ee27c6e8aa240 / . / llvm / lib / Fuzzer / FuzzerTracePC.cpp
blob: f729a5e687871a65cbb656631e3d5c50d3cd903e [file] [log] [blame]
Kostya Serebryanyda63c1d2016-02-26 21:33:56 +0000[diff] [blame]1//===- FuzzerTracePC.cpp - PC tracing--------------------------------------===//
2//
3// The LLVM Compiler Infrastructure
4//
5// This file is distributed under the University of Illinois Open Source
6// License. See LICENSE.TXT for details.
7//
8//===----------------------------------------------------------------------===//
9// Trace PCs.
Kostya Serebryanya00b2432016-09-14 02:13:06 +0000[diff] [blame]10// This module implements __sanitizer_cov_trace_pc_guard[_init],
11// the callback required for -fsanitize-coverage=trace-pc-guard instrumentation.
Kostya Serebryanyda63c1d2016-02-26 21:33:56 +0000[diff] [blame]12//
Kostya Serebryanyda63c1d2016-02-26 21:33:56 +0000[diff] [blame]13//===----------------------------------------------------------------------===//
14
15#include "FuzzerInternal.h"
16
17namespace fuzzer {
Mike Aizatsky1aa501e2016-05-10 23:43:15 +0000[diff] [blame]18
Kostya Serebryanya00b2432016-09-14 02:13:06 +0000[diff] [blame]19TracePC TPC;
Mike Aizatsky1aa501e2016-05-10 23:43:15 +0000[diff] [blame]20
Kostya Serebryanya5277d52016-09-15 01:30:18 +0000[diff] [blame]21void TracePC::HandleTrace(uint8_t *Guard, uintptr_t PC) {
22 if (UseCounters) {
23 uintptr_t GV = *Guard;
Kostya Serebryany53501782016-09-15 04:36:45 +0000[diff] [blame]24 if (GV == 0) {
25 size_t Idx = Guard - Start;
26 if (TotalCoverageMap.AddValue(Idx)) {
27 TotalCoverage++;
28 AddNewPC(PC);
29 }
30 }
Kostya Serebryanya5277d52016-09-15 01:30:18 +0000[diff] [blame]31 if (GV < 255)
32 GV++;
33 *Guard = GV;
34 } else {
35 *Guard = 0xff;
36 TotalCoverage++;
Kostya Serebryany53501782016-09-15 04:36:45 +0000[diff] [blame]37 AddNewPC(PC);
Kostya Serebryanya5277d52016-09-15 01:30:18 +0000[diff] [blame]38 }
Kostya Serebryanyda63c1d2016-02-26 21:33:56 +0000[diff] [blame]39}
Kostya Serebryanya5277d52016-09-15 01:30:18 +0000[diff] [blame]40
41void TracePC::HandleInit(uint8_t *Start, uint8_t *Stop) {
42 // TODO: this handles only one DSO/binary.
43 this->Start = Start;
44 this->Stop = Stop;
Kostya Serebryanyda63c1d2016-02-26 21:33:56 +0000[diff] [blame]45}
Kostya Serebryanya5277d52016-09-15 01:30:18 +0000[diff] [blame]46
47void TracePC::FinalizeTrace() {
48 if (UseCounters && TotalCoverage) {
49 for (uint8_t *X = Start; X < Stop; X++) {
50 uint8_t Value = *X;
51 size_t Idx = X - Start;
Kostya Serebryany53501782016-09-15 04:36:45 +0000[diff] [blame]52 if (Value >= 1) {
53 unsigned Bit = 0;
54 /**/ if (Value >= 128) Bit = 7;
55 else if (Value >= 32) Bit = 6;
56 else if (Value >= 16) Bit = 5;
57 else if (Value >= 8) Bit = 4;
58 else if (Value >= 4) Bit = 3;
59 else if (Value >= 3) Bit = 2;
60 else if (Value >= 2) Bit = 1;
Kostya Serebryanya5277d52016-09-15 01:30:18 +0000[diff] [blame]61 CounterMap.AddValue(Idx * 8 + Bit);
62 }
Kostya Serebryany53501782016-09-15 04:36:45 +0000[diff] [blame]63 *X = 0;
Kostya Serebryanya5277d52016-09-15 01:30:18 +0000[diff] [blame]64 }
65 }
66}
67
68size_t TracePC::UpdateCounterMap(ValueBitMap *Map) {
69 if (!TotalCoverage) return 0;
70 size_t NewTotalCounterBits = Map->MergeFrom(CounterMap);
71 size_t Delta = NewTotalCounterBits - TotalCounterBits;
72 TotalCounterBits = NewTotalCounterBits;
73 return Delta;
74}
Kostya Serebryanyda63c1d2016-02-26 21:33:56 +0000[diff] [blame]75
Kostya Serebryany09845172016-09-15 22:16:15 +0000[diff] [blame^]76void TracePC::HandleCallerCallee(uintptr_t Caller, uintptr_t Callee) {
77 const uintptr_t kBits = 12;
78 const uintptr_t kMask = (1 << kBits) - 1;
79 CounterMap.AddValue((Caller & kMask) | ((Callee & kMask) << kBits));
80}
81
Kostya Serebryanyda63c1d2016-02-26 21:33:56 +0000[diff] [blame]82} // namespace fuzzer
83
Dan Liew59144072016-06-06 20:27:09 +0000[diff] [blame]84extern "C" {
Kostya Serebryany32661f92016-08-18 20:52:52 +0000[diff] [blame]85__attribute__((visibility("default")))
Kostya Serebryanya5277d52016-09-15 01:30:18 +0000[diff] [blame]86void __sanitizer_cov_trace_pc_guard(uint8_t *Guard) {
Kostya Serebryanya00b2432016-09-14 02:13:06 +0000[diff] [blame]87 uintptr_t PC = (uintptr_t)__builtin_return_address(0);
Kostya Serebryanya5277d52016-09-15 01:30:18 +0000[diff] [blame]88 fuzzer::TPC.HandleTrace(Guard, PC);
Kostya Serebryanyda63c1d2016-02-26 21:33:56 +0000[diff] [blame]89}
Dan Liew59144072016-06-06 20:27:09 +0000[diff] [blame]90
Kostya Serebryany32661f92016-08-18 20:52:52 +0000[diff] [blame]91__attribute__((visibility("default")))
Kostya Serebryanya5277d52016-09-15 01:30:18 +0000[diff] [blame]92void __sanitizer_cov_trace_pc_guard_init(uint8_t *Start, uint8_t *Stop) {
93 fuzzer::TPC.HandleInit(Start, Stop);
Dan Liew59144072016-06-06 20:27:09 +0000[diff] [blame]94}
Kostya Serebryany09845172016-09-15 22:16:15 +0000[diff] [blame^]95
96__attribute__((visibility("default")))
97void __sanitizer_cov_trace_pc_indir(uintptr_t Callee) {
98 uintptr_t PC = (uintptr_t)__builtin_return_address(0);
99 fuzzer::TPC.HandleCallerCallee(PC, Callee);
100}
Dan Liew59144072016-06-06 20:27:09 +0000[diff] [blame]101}