diff options
| author | robot-piglet <[email protected]> | 2024-12-06 02:25:02 +0300 |
|---|---|---|
| committer | robot-piglet <[email protected]> | 2024-12-06 02:36:54 +0300 |
| commit | a3f34f7ae0f6a0859b79c398b6bddf55071b4171 (patch) | |
| tree | f1de4ef4fee0f6a85c83d79fdf666cdadac75259 | |
| parent | 791c95291cdeb78d59b058c8575f99cef4a94c86 (diff) | |
Intermediate changes
commit_hash:06212cb2bd676fc129fca8d6996e5c769e5bb047
24 files changed, 136 insertions, 65 deletions
diff --git a/contrib/libs/libfuzzer/.yandex_meta/__init__.py b/contrib/libs/libfuzzer/.yandex_meta/__init__.py index fee8fba77d0..6db401e7586 100644 --- a/contrib/libs/libfuzzer/.yandex_meta/__init__.py +++ b/contrib/libs/libfuzzer/.yandex_meta/__init__.py @@ -1,6 +1,5 @@ from devtools.yamaker.modules import Linkable, Switch - -# from devtools.yamaker.platform_macros import LLVM_VERSION +from devtools.yamaker.platform_macros import LLVM_VERSION from devtools.yamaker.project import CMakeNinjaNixProject @@ -47,7 +46,7 @@ def post_install(self): llvm_libfuzzer = CMakeNinjaNixProject( - nixattr="llvmPackages_14.compiler-rt", + nixattr=f"llvmPackages_{LLVM_VERSION}.compiler-rt", arcdir="contrib/libs/libfuzzer", copy_sources=[ "include/fuzzer/FuzzedDataProvider.h", diff --git a/contrib/libs/libfuzzer/.yandex_meta/override.nix b/contrib/libs/libfuzzer/.yandex_meta/override.nix index 6e09bfa07f0..6a7b1610a3f 100644 --- a/contrib/libs/libfuzzer/.yandex_meta/override.nix +++ b/contrib/libs/libfuzzer/.yandex_meta/override.nix @@ -1,11 +1,11 @@ pkgs: attrs: with pkgs; with attrs; rec { - version = "15.0.5"; + version = "18.1.8"; src = fetchFromGitHub { owner = "llvm"; repo = "llvm-project"; rev = "llvmorg-${version}"; - hash = "sha256-lYwtqpodBLPgA+BpdesZ5JetcLccpBKSrE1Pqyj+Wvw="; + hash = "sha256-iiZKMRo/WxJaBXct9GdAcAT3cz9d9pnAcO1mmR6oPNE="; }; sourceRoot = "source/compiler-rt"; diff --git a/contrib/libs/libfuzzer/CODE_OWNERS.TXT b/contrib/libs/libfuzzer/CODE_OWNERS.TXT index 02558d92713..ad136edf967 100644 --- a/contrib/libs/libfuzzer/CODE_OWNERS.TXT +++ b/contrib/libs/libfuzzer/CODE_OWNERS.TXT @@ -8,33 +8,49 @@ beautification by scripts. The fields are: name (N), email (E), web-address (W), PGP key ID and fingerprint (P), description (D), and snail-mail address (S). +N: Saleem Abdulrasool +D: builtins library + +N: Andrew Browne +D: DataFlowSanitizer + +N: Vitaly Buka +D: Sanitizers + N: Peter Collingbourne -D: DataFlowSanitizer +D: CFI, SafeStack -N: Daniel Dunbar -D: Makefile build +N: Lang Hames +D: ORC -N: Timur Iskhodzhanov -D: AddressSanitizer for Windows +N: Petr Hosek +D: CRT, CMake build -N: Saleem Abdulrasool -D: builtins library +N: Teresa Johnson +D: MemProf + +N: Kostya Kortchinsky +D: SCUDO + +N: Mitch Phillips +D: GWP ASAN N: Alexander Potapenko -D: MacOS/iOS port of sanitizers - -N: Alexey Samsonov -D: CMake build, test suite +D: Sanitizers N: Kostya Serebryany -D: AddressSanitizer, sanitizer_common, porting sanitizers to another platforms, LeakSanitizer +D: AddressSanitizer, sanitizer_common, LeakSanitizer, LibFuzzer N: Richard Smith diff --git a/contrib/libs/libfuzzer/include/fuzzer/FuzzedDataProvider.h b/contrib/libs/libfuzzer/include/fuzzer/FuzzedDataProvider.h index 71cb427ec4a..5903ed83791 100644 --- a/contrib/libs/libfuzzer/include/fuzzer/FuzzedDataProvider.h +++ b/contrib/libs/libfuzzer/include/fuzzer/FuzzedDataProvider.h @@ -158,7 +158,7 @@ FuzzedDataProvider::ConsumeRandomLengthString(size_t max_length) { // picking its contents. std::string result; - // Reserve the anticipated capaticity to prevent several reallocations. + // Reserve the anticipated capacity to prevent several reallocations. result.reserve(std::min(max_length, remaining_bytes_)); for (size_t i = 0; i < max_length && remaining_bytes_ != 0; ++i) { char next = ConvertUnsignedToSigned<char>(data_ptr_[0]); @@ -209,7 +209,7 @@ T FuzzedDataProvider::ConsumeIntegralInRange(T min, T max) { abort(); // Use the biggest type possible to hold the range and the result. - uint64_t range = static_cast<uint64_t>(max) - min; + uint64_t range = static_cast<uint64_t>(max) - static_cast<uint64_t>(min); uint64_t result = 0; size_t offset = 0; @@ -230,7 +230,7 @@ T FuzzedDataProvider::ConsumeIntegralInRange(T min, T max) { if (range != std::numeric_limits<decltype(range)>::max()) result = result % (range + 1); - return static_cast<T>(min + result); + return static_cast<T>(static_cast<uint64_t>(min) + result); } // Returns a floating point value in the range [Type's lowest, Type's max] by diff --git a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerCommand.h b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerCommand.h index f653fe35876..718d7e951fb 100644 --- a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerCommand.h +++ b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerCommand.h @@ -19,6 +19,7 @@ #include <sstream> #include <string> #include <vector> +#include <thread> namespace fuzzer { @@ -139,7 +140,7 @@ public: // be the equivalent command line. std::string toString() const { std::stringstream SS; - for (auto arg : getArguments()) + for (const auto &arg : getArguments()) SS << arg << " "; if (hasOutputFile()) SS << ">" << getOutputFile() << " "; diff --git a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerCorpus.h b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerCorpus.h index e01891e18fe..48b5a2cff02 100644 --- a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerCorpus.h +++ b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerCorpus.h @@ -18,6 +18,7 @@ #include "FuzzerSHA1.h" #include "FuzzerTracePC.h" #include <algorithm> +#include <bitset> #include <chrono> #include <numeric> #include <random> @@ -77,7 +78,7 @@ struct InputInfo { SumIncidence = 0.0; // Apply add-one smoothing to locally discovered features. - for (auto F : FeatureFreqs) { + for (const auto &F : FeatureFreqs) { double LocalIncidence = F.second + 1; Energy -= LocalIncidence * log(LocalIncidence); SumIncidence += LocalIncidence; @@ -382,6 +383,7 @@ public: } // Remove most abundant rare feature. + IsRareFeature[Delete] = false; RareFeatures[Delete] = RareFeatures.back(); RareFeatures.pop_back(); @@ -397,6 +399,7 @@ public: // Add rare feature, handle collisions, and update energy. RareFeatures.push_back(Idx); + IsRareFeature[Idx] = true; GlobalFeatureFreqs[Idx] = 0; for (auto II : Inputs) { II->DeleteFeatureFreq(Idx); @@ -450,9 +453,7 @@ public: uint16_t Freq = GlobalFeatureFreqs[Idx32]++; // Skip if abundant. - if (Freq > FreqOfMostAbundantRareFeature || - std::find(RareFeatures.begin(), RareFeatures.end(), Idx32) == - RareFeatures.end()) + if (Freq > FreqOfMostAbundantRareFeature || !IsRareFeature[Idx32]) return; // Update global frequencies. @@ -581,6 +582,7 @@ private: uint16_t FreqOfMostAbundantRareFeature = 0; uint16_t GlobalFeatureFreqs[kFeatureSetSize] = {}; std::vector<uint32_t> RareFeatures; + std::bitset<kFeatureSetSize> IsRareFeature; std::string OutputCorpus; }; diff --git a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerDataFlowTrace.cpp b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerDataFlowTrace.cpp index 2f9a4d2d7ad..93bf817a857 100644 --- a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerDataFlowTrace.cpp +++ b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerDataFlowTrace.cpp @@ -88,7 +88,7 @@ bool BlockCoverage::AppendCoverage(std::istream &IN) { // * a function with a less frequently executed code gets bigger weight. std::vector<double> BlockCoverage::FunctionWeights(size_t NumFunctions) const { std::vector<double> Res(NumFunctions); - for (auto It : Functions) { + for (const auto &It : Functions) { auto FunctionID = It.first; auto Counters = It.second; assert(FunctionID < NumFunctions); diff --git a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerDriver.cpp b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerDriver.cpp index 462e147c582..1937b14bc91 100644 --- a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerDriver.cpp +++ b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerDriver.cpp @@ -293,9 +293,12 @@ static int RunInMultipleProcesses(const std::vector<std::string> &Args, std::vector<std::thread> V; std::thread Pulse(PulseThread); Pulse.detach(); - for (unsigned i = 0; i < NumWorkers; i++) - V.push_back(std::thread(WorkerThread, std::ref(Cmd), &Counter, NumJobs, - &HasErrors)); + V.resize(NumWorkers); + for (unsigned i = 0; i < NumWorkers; i++) { + V[i] = std::thread(WorkerThread, std::ref(Cmd), &Counter, NumJobs, + &HasErrors); + SetThreadName(V[i], "FuzzerWorker"); + } for (auto &T : V) T.join(); return HasErrors ? 1 : 0; @@ -463,7 +466,7 @@ int MinimizeCrashInput(const std::vector<std::string> &Args, CurrentFilePath = Flags.exact_artifact_path; WriteToFile(U, CurrentFilePath); } - Printf("CRASH_MIN: failed to minimize beyond %s (%d bytes), exiting\n", + Printf("CRASH_MIN: failed to minimize beyond %s (%zu bytes), exiting\n", CurrentFilePath.c_str(), U.size()); break; } @@ -501,7 +504,6 @@ int MinimizeCrashInputInternalStep(Fuzzer *F, InputCorpus *Corpus) { F->MinimizeCrashLoop(U); Printf("INFO: Done MinimizeCrashInputInternalStep, no crashes found\n"); exit(0); - return 0; } void Merge(Fuzzer *F, FuzzingOptions &Options, @@ -535,7 +537,7 @@ void Merge(Fuzzer *F, FuzzingOptions &Options, int AnalyzeDictionary(Fuzzer *F, const std::vector<Unit> &Dict, UnitVector &Corpus) { - Printf("Started dictionary minimization (up to %d tests)\n", + Printf("Started dictionary minimization (up to %zu tests)\n", Dict.size() * Corpus.size() * 2); // Scores and usage count for each dictionary unit. @@ -787,7 +789,7 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) { if (!Options.FocusFunction.empty()) Options.Entropic = false; // FocusFunction overrides entropic scheduling. if (Options.Entropic) - Printf("INFO: Running with entropic power schedule (0x%X, %d).\n", + Printf("INFO: Running with entropic power schedule (0x%zX, %zu).\n", Options.EntropicFeatureFrequencyThreshold, Options.EntropicNumberOfRarestFeatures); struct EntropicOptions Entropic; @@ -805,7 +807,7 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) { if (Flags.verbosity) Printf("INFO: Seed: %u\n", Seed); - if (Flags.collect_data_flow && !Flags.fork && + if (Flags.collect_data_flow && Flags.data_flow_trace && !Flags.fork && !(Flags.merge || Flags.set_cover_merge)) { if (RunIndividualFiles) return CollectDataFlow(Flags.collect_data_flow, Flags.data_flow_trace, @@ -868,7 +870,7 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) { RunOneTest(F, Path.c_str(), Options.MaxLen); auto StopTime = system_clock::now(); auto MS = duration_cast<milliseconds>(StopTime - StartTime).count(); - Printf("Executed %s in %zd ms\n", Path.c_str(), (long)MS); + Printf("Executed %s in %ld ms\n", Path.c_str(), (long)MS); } Printf("***\n" "*** NOTE: fuzzing was not performed, you have only\n" diff --git a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerFlags.def b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerFlags.def index dacfa84a6cb..0c6a7e611f6 100644 --- a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerFlags.def +++ b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerFlags.def @@ -170,7 +170,7 @@ FUZZER_FLAG_INT(purge_allocator_interval, 1, "Purge allocator caches and " "purge_allocator_interval=-1 to disable this functionality.") FUZZER_FLAG_INT(trace_malloc, 0, "If >= 1 will print all mallocs/frees. " "If >= 2 will also print stack traces.") -FUZZER_FLAG_INT(rss_limit_mb, 2048, "If non-zero, the fuzzer will exit upon" +FUZZER_FLAG_INT(rss_limit_mb, 2048, "If non-zero, the fuzzer will exit upon " "reaching this limit of RSS memory usage.") FUZZER_FLAG_INT(malloc_limit_mb, 0, "If non-zero, the fuzzer will exit " "if the target tries to allocate this number of Mb with one malloc call. " diff --git a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerFork.cpp b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerFork.cpp index d59d5138420..c248a1d246a 100644 --- a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerFork.cpp +++ b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerFork.cpp @@ -220,7 +220,7 @@ struct GlobalEnv { } } // if (!FilesToAdd.empty() || Job->ExitCode != 0) - Printf("#%zd: cov: %zd ft: %zd corp: %zd exec/s %zd " + Printf("#%zd: cov: %zd ft: %zd corp: %zd exec/s: %zd " "oom/timeout/crash: %zd/%zd/%zd time: %zds job: %zd dft_time: %d\n", NumRuns, Cov.size(), Features.size(), Files.size(), Stats.average_exec_per_sec, NumOOMs, NumTimeouts, NumCrashes, diff --git a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerIO.cpp b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerIO.cpp index 0a58c5377b3..54cc4ee54be 100644 --- a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerIO.cpp +++ b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerIO.cpp @@ -65,7 +65,7 @@ std::string FileToString(const std::string &Path) { } void CopyFileToErr(const std::string &Path) { - Printf("%s", FileToString(Path).c_str()); + Puts(FileToString(Path).c_str()); } void WriteToFile(const Unit &U, const std::string &Path) { @@ -151,6 +151,11 @@ void CloseStdout() { DiscardOutput(1); } +void Puts(const char *Str) { + fputs(Str, OutputFile); + fflush(OutputFile); +} + void Printf(const char *Fmt, ...) { va_list ap; va_start(ap, Fmt); diff --git a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerIO.h b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerIO.h index 401afa0b447..874caad1bae 100644 --- a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerIO.h +++ b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerIO.h @@ -58,6 +58,7 @@ void CloseStdout(); FILE *GetOutputFile(); void SetOutputFile(FILE *NewOutputFile); +void Puts(const char *Str); void Printf(const char *Fmt, ...); void VPrintf(bool Verbose, const char *Fmt, ...); diff --git a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerInternal.h b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerInternal.h index 31f54eaa478..88504705137 100644 --- a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerInternal.h +++ b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerInternal.h @@ -29,12 +29,11 @@ namespace fuzzer { using namespace std::chrono; -class Fuzzer { +class Fuzzer final { public: - Fuzzer(UserCallback CB, InputCorpus &Corpus, MutationDispatcher &MD, - FuzzingOptions Options); - ~Fuzzer(); + const FuzzingOptions &Options); + ~Fuzzer() = delete; void Loop(std::vector<SizedFile> &CorporaFiles); void ReadAndExecuteSeedCorpora(std::vector<SizedFile> &CorporaFiles); void MinimizeCrashLoop(const Unit &U); @@ -91,6 +90,7 @@ public: void HandleMalloc(size_t Size); static void MaybeExitGracefully(); + static int InterruptExitCode(); std::string WriteToOutputCorpus(const Unit &U); private: diff --git a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerLoop.cpp b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerLoop.cpp index f2d4b889312..bab76b28023 100644 --- a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerLoop.cpp +++ b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerLoop.cpp @@ -136,7 +136,7 @@ void Fuzzer::HandleMalloc(size_t Size) { } Fuzzer::Fuzzer(UserCallback CB, InputCorpus &Corpus, MutationDispatcher &MD, - FuzzingOptions Options) + const FuzzingOptions &Options) : CB(CB), Corpus(Corpus), MD(MD), Options(Options) { if (EF->__sanitizer_set_death_callback) EF->__sanitizer_set_death_callback(StaticDeathCallback); @@ -160,8 +160,6 @@ Fuzzer::Fuzzer(UserCallback CB, InputCorpus &Corpus, MutationDispatcher &MD, memset(BaseSha1, 0, sizeof(BaseSha1)); } -Fuzzer::~Fuzzer() {} - void Fuzzer::AllocateCurrentUnitData() { if (CurrentUnitData || MaxInputLen == 0) return; @@ -262,6 +260,11 @@ void Fuzzer::MaybeExitGracefully() { _Exit(0); } +int Fuzzer::InterruptExitCode() { + assert(F); + return F->Options.InterruptExitCode; +} + void Fuzzer::InterruptCallback() { if (Options.DumpInterrupted) DumpCurrentUnit("interrupted-"); @@ -298,7 +301,7 @@ void Fuzzer::AlarmCallback() { Printf(" and the timeout value is %d (use -timeout=N to change)\n", Options.UnitTimeoutSec); DumpCurrentUnit("timeout-"); - Printf("==%lu== ERROR: libFuzzer: timeout after %d seconds\n", GetPid(), + Printf("==%lu== ERROR: libFuzzer: timeout after %zu seconds\n", GetPid(), Seconds); PrintStackTrace(); Printf("SUMMARY: libFuzzer: timeout\n"); @@ -311,9 +314,8 @@ void Fuzzer::RssLimitCallback() { if (EF->__sanitizer_acquire_crash_state && !EF->__sanitizer_acquire_crash_state()) return; - Printf( - "==%lu== ERROR: libFuzzer: out-of-memory (used: %zdMb; limit: %zdMb)\n", - GetPid(), GetPeakRSSMb(), Options.RssLimitMb); + Printf("==%lu== ERROR: libFuzzer: out-of-memory (used: %zdMb; limit: %dMb)\n", + GetPid(), GetPeakRSSMb(), Options.RssLimitMb); Printf(" To change the out-of-memory limit use -rss_limit_mb=<N>\n\n"); PrintMemoryProfile(); DumpCurrentUnit("oom-"); @@ -368,7 +370,7 @@ void Fuzzer::PrintFinalStats() { Printf("stat::number_of_executed_units: %zd\n", TotalNumberOfRuns); Printf("stat::average_exec_per_sec: %zd\n", ExecPerSec); Printf("stat::new_units_added: %zd\n", NumberOfNewUnitsAdded); - Printf("stat::slowest_unit_time_sec: %zd\n", TimeOfLongestUnitInSeconds); + Printf("stat::slowest_unit_time_sec: %ld\n", TimeOfLongestUnitInSeconds); Printf("stat::peak_rss_mb: %zd\n", GetPeakRSSMb()); } @@ -452,7 +454,7 @@ void Fuzzer::PrintPulseAndReportSlowInput(const uint8_t *Data, size_t Size) { static_cast<long>(static_cast<double>(TimeOfLongestUnitInSeconds) * 1.1); if (TimeOfUnit > Threshhold && TimeOfUnit >= Options.ReportSlowUnits) { TimeOfLongestUnitInSeconds = TimeOfUnit; - Printf("Slowest unit: %zd s:\n", TimeOfLongestUnitInSeconds); + Printf("Slowest unit: %ld s:\n", TimeOfLongestUnitInSeconds); WriteUnitToFileWithPrefix({Data, Data + Size}, "slow-unit-"); } } @@ -799,7 +801,7 @@ void Fuzzer::ReadAndExecuteSeedCorpora(std::vector<SizedFile> &CorporaFiles) { TotalSize += File.Size; } if (Options.MaxLen == 0) - SetMaxInputLen(std::min(std::max(kMinDefaultLen, MaxSize), kMaxSaneLen)); + SetMaxInputLen(std::clamp(MaxSize, kMinDefaultLen, kMaxSaneLen)); assert(MaxInputLen > 0); // Test the callback with empty input and never try it again. diff --git a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerMerge.cpp b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerMerge.cpp index 24bd11958e8..8c8806e8aaf 100644 --- a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerMerge.cpp +++ b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerMerge.cpp @@ -77,6 +77,7 @@ bool Merger::Parse(std::istream &IS, bool ParseCoverage) { size_t ExpectedStartMarker = 0; const size_t kInvalidStartMarker = -1; size_t LastSeenStartMarker = kInvalidStartMarker; + bool HaveFtMarker = true; std::vector<uint32_t> TmpFeatures; std::set<uint32_t> PCs; while (std::getline(IS, Line, '\n')) { @@ -93,12 +94,13 @@ bool Merger::Parse(std::istream &IS, bool ParseCoverage) { LastSeenStartMarker = ExpectedStartMarker; assert(ExpectedStartMarker < Files.size()); ExpectedStartMarker++; + HaveFtMarker = false; } else if (Marker == "FT") { // FT FILE_ID COV1 COV2 COV3 ... size_t CurrentFileIdx = N; if (CurrentFileIdx != LastSeenStartMarker) return false; - LastSeenStartMarker = kInvalidStartMarker; + HaveFtMarker = true; if (ParseCoverage) { TmpFeatures.clear(); // use a vector from outer scope to avoid resizes. while (ISS1 >> N) @@ -108,6 +110,8 @@ bool Merger::Parse(std::istream &IS, bool ParseCoverage) { } } else if (Marker == "COV") { size_t CurrentFileIdx = N; + if (CurrentFileIdx != LastSeenStartMarker) + return false; if (ParseCoverage) while (ISS1 >> N) if (PCs.insert(N).second) @@ -116,7 +120,7 @@ bool Merger::Parse(std::istream &IS, bool ParseCoverage) { return false; } } - if (LastSeenStartMarker != kInvalidStartMarker) + if (!HaveFtMarker && LastSeenStartMarker != kInvalidStartMarker) LastFailure = Files[LastSeenStartMarker].Name; FirstNotProcessedFile = ExpectedStartMarker; diff --git a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerMutate.cpp b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerMutate.cpp index d663900fdc3..1abce16d70d 100644 --- a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerMutate.cpp +++ b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerMutate.cpp @@ -521,7 +521,7 @@ void MutationDispatcher::PrintMutationSequence(bool Verbose) { std::string MutationDispatcher::MutationSequence() { std::string MS; - for (auto M : CurrentMutatorSequence) { + for (const auto &M : CurrentMutatorSequence) { MS += M.Name; MS += "-"; } diff --git a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerTracePC.cpp b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerTracePC.cpp index f12f7aa61bc..7f4e8ef91c4 100644 --- a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerTracePC.cpp +++ b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerTracePC.cpp @@ -149,8 +149,8 @@ inline ALWAYS_INLINE uintptr_t GetPreviousInstructionPc(uintptr_t PC) { ALWAYS_INLINE uintptr_t TracePC::GetNextInstructionPc(uintptr_t PC) { #if defined(__mips__) return PC + 8; -#elif defined(__powerpc__) || defined(__sparc__) || defined(__arm__) || \ - defined(__aarch64__) +#elif defined(__powerpc__) || defined(__sparc__) || defined(__arm__) || \ + defined(__aarch64__) || defined(__loongarch__) return PC + 4; #else return PC + 1; diff --git a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerUtil.h b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerUtil.h index 71d49097e55..554567e1b8f 100644 --- a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerUtil.h +++ b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerUtil.h @@ -59,6 +59,8 @@ size_t GetPeakRSSMb(); int ExecuteCommand(const Command &Cmd); bool ExecuteCommand(const Command &Cmd, std::string *CmdOutput); +void SetThreadName(std::thread &thread, const std::string &name); + // Fuchsia does not have popen/pclose. FILE *OpenProcessPipe(const char *Command, const char *Mode); int CloseProcessPipe(FILE *F); @@ -94,7 +96,8 @@ inline size_t Log(size_t X) { return static_cast<size_t>((sizeof(unsigned long long) * 8) - Clzll(X) - 1); } -inline size_t PageSize() { return 4096; } +size_t PageSize(); + inline uint8_t *RoundUpByPage(uint8_t *P) { uintptr_t X = reinterpret_cast<uintptr_t>(P); size_t Mask = PageSize() - 1; diff --git a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerUtilDarwin.cpp b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerUtilDarwin.cpp index a5bed658a44..6c3ece30f67 100644 --- a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerUtilDarwin.cpp +++ b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerUtilDarwin.cpp @@ -165,6 +165,11 @@ void DiscardOutput(int Fd) { fclose(Temp); } +void SetThreadName(std::thread &thread, const std::string &name) { + // TODO ? + // Darwin allows to set the name only on the current thread it seems +} + } // namespace fuzzer #endif // LIBFUZZER_APPLE diff --git a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerUtilLinux.cpp b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerUtilLinux.cpp index 981f9a8b429..5729448b0be 100644 --- a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerUtilLinux.cpp +++ b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerUtilLinux.cpp @@ -11,7 +11,9 @@ #if LIBFUZZER_LINUX || LIBFUZZER_NETBSD || LIBFUZZER_FREEBSD || \ LIBFUZZER_EMSCRIPTEN #include "FuzzerCommand.h" +#include "FuzzerInternal.h" +#include <signal.h> #include <stdlib.h> #include <sys/types.h> #include <sys/wait.h> @@ -25,6 +27,8 @@ int ExecuteCommand(const Command &Cmd) { int exit_code = system(CmdLine.c_str()); if (WIFEXITED(exit_code)) return WEXITSTATUS(exit_code); + if (WIFSIGNALED(exit_code) && WTERMSIG(exit_code) == SIGINT) + return Fuzzer::InterruptExitCode(); return exit_code; } @@ -36,6 +40,14 @@ void DiscardOutput(int Fd) { fclose(Temp); } +void SetThreadName(std::thread &thread, const std::string &name) { +#if LIBFUZZER_LINUX || LIBFUZZER_FREEBSD + (void)pthread_setname_np(thread.native_handle(), name.c_str()); +#elif LIBFUZZER_NETBSD + (void)pthread_set_name_np(thread.native_handle(), "%s", name.c_str()); +#endif +} + } // namespace fuzzer #endif diff --git a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerUtilPosix.cpp b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerUtilPosix.cpp index 0446d732a9e..392c1e5be4e 100644 --- a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerUtilPosix.cpp +++ b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerUtilPosix.cpp @@ -183,6 +183,11 @@ std::string SearchRegexCmd(const std::string &Regex) { return "grep '" + Regex + "'"; } +size_t PageSize() { + static size_t PageSizeCached = sysconf(_SC_PAGESIZE); + return PageSizeCached; +} + } // namespace fuzzer #endif // LIBFUZZER_POSIX diff --git a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerUtilWindows.cpp b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerUtilWindows.cpp index 3598758dbb4..71770166805 100644 --- a/contrib/libs/libfuzzer/lib/fuzzer/FuzzerUtilWindows.cpp +++ b/contrib/libs/libfuzzer/lib/fuzzer/FuzzerUtilWindows.cpp @@ -224,6 +224,20 @@ void DiscardOutput(int Fd) { fclose(Temp); } +size_t PageSize() { + static size_t PageSizeCached = []() -> size_t { + SYSTEM_INFO si; + GetSystemInfo(&si); + return si.dwPageSize; + }(); + return PageSizeCached; +} + +void SetThreadName(std::thread &thread, const std::string &name) { + // TODO ? + // to UTF-8 then SetThreadDescription ? +} + } // namespace fuzzer #endif // LIBFUZZER_WINDOWS diff --git a/contrib/libs/libfuzzer/lib/fuzzer/afl/ya.make b/contrib/libs/libfuzzer/lib/fuzzer/afl/ya.make index f6f3a618719..a27f6fa1e67 100644 --- a/contrib/libs/libfuzzer/lib/fuzzer/afl/ya.make +++ b/contrib/libs/libfuzzer/lib/fuzzer/afl/ya.make @@ -8,7 +8,7 @@ LICENSE_TEXTS(.yandex_meta/licenses.list.txt) SUBSCRIBER(g:cpp-contrib) -VERSION(15.0.5) +VERSION(18.1.8) PEERDIR( contrib/libs/afl/llvm_mode diff --git a/contrib/libs/libfuzzer/ya.make b/contrib/libs/libfuzzer/ya.make index bd9b1ea640f..59598cb1cf8 100644 --- a/contrib/libs/libfuzzer/ya.make +++ b/contrib/libs/libfuzzer/ya.make @@ -12,9 +12,9 @@ LICENSE( LICENSE_TEXTS(.yandex_meta/licenses.list.txt) -VERSION(15.0.5) +VERSION(18.1.8) -ORIGINAL_SOURCE(https://github.com/llvm/llvm-project/archive/llvmorg-15.0.5.tar.gz) +ORIGINAL_SOURCE(https://github.com/llvm/llvm-project/archive/llvmorg-18.1.8.tar.gz) SET(SANITIZER_CFLAGS) |