diff options
author | robot-dts-analyst <robot-dts-analyst@yandex-team.com> | 2022-11-08 02:52:54 +0300 |
---|---|---|
committer | robot-dts-analyst <robot-dts-analyst@yandex-team.com> | 2022-11-08 02:52:54 +0300 |
commit | 4279a48238a1a4105a3d77a50f245591649245a7 (patch) | |
tree | e3733a66963e7d577e33f9976dd63d50e28c058f /contrib/libs/libfuzzer | |
parent | c2c68f821b20a5ebda2d7b52c0d6036241952311 (diff) | |
download | ydb-4279a48238a1a4105a3d77a50f245591649245a7.tar.gz |
Rebalancing autocheck partitions and distbuild clusters.
The process of preparing changes https://sandbox.yandex-team.ru/task/1510045946/view
Diffstat (limited to 'contrib/libs/libfuzzer')
-rw-r--r-- | contrib/libs/libfuzzer/CODE_OWNERS.TXT | 4 | ||||
-rw-r--r-- | contrib/libs/libfuzzer/FuzzerInternal.h | 5 | ||||
-rw-r--r-- | contrib/libs/libfuzzer/FuzzerLoop.cpp | 24 | ||||
-rw-r--r-- | contrib/libs/libfuzzer/FuzzerTracePC.cpp | 9 |
4 files changed, 27 insertions, 15 deletions
diff --git a/contrib/libs/libfuzzer/CODE_OWNERS.TXT b/contrib/libs/libfuzzer/CODE_OWNERS.TXT index 125487816b..02558d9271 100644 --- a/contrib/libs/libfuzzer/CODE_OWNERS.TXT +++ b/contrib/libs/libfuzzer/CODE_OWNERS.TXT @@ -20,8 +20,8 @@ N: Timur Iskhodzhanov E: timurrrr@google.com D: AddressSanitizer for Windows -N: Howard Hinnant -E: howard.hinnant@gmail.com +N: Saleem Abdulrasool +E: compnerd@compnerd.org D: builtins library N: Alexander Potapenko diff --git a/contrib/libs/libfuzzer/FuzzerInternal.h b/contrib/libs/libfuzzer/FuzzerInternal.h index 6637b0034e..31f54eaa47 100644 --- a/contrib/libs/libfuzzer/FuzzerInternal.h +++ b/contrib/libs/libfuzzer/FuzzerInternal.h @@ -65,7 +65,10 @@ public: static void StaticFileSizeExceedCallback(); static void StaticGracefulExitCallback(); - void ExecuteCallback(const uint8_t *Data, size_t Size); + // Executes the target callback on {Data, Size} once. + // Returns false if the input was rejected by the target (target returned -1), + // and true otherwise. + bool ExecuteCallback(const uint8_t *Data, size_t Size); bool RunOne(const uint8_t *Data, size_t Size, bool MayDeleteFile = false, InputInfo *II = nullptr, bool ForceAddToCorpus = false, bool *FoundUniqFeatures = nullptr); diff --git a/contrib/libs/libfuzzer/FuzzerLoop.cpp b/contrib/libs/libfuzzer/FuzzerLoop.cpp index cbfe73d813..f2d4b88931 100644 --- a/contrib/libs/libfuzzer/FuzzerLoop.cpp +++ b/contrib/libs/libfuzzer/FuzzerLoop.cpp @@ -513,7 +513,7 @@ bool Fuzzer::RunOne(const uint8_t *Data, size_t Size, bool MayDeleteFile, // Largest input length should be INT_MAX. assert(Size < std::numeric_limits<uint32_t>::max()); - ExecuteCallback(Data, Size); + if(!ExecuteCallback(Data, Size)) return false; auto TimeOfUnit = duration_cast<microseconds>(UnitStopTime - UnitStartTime); UniqFeatureSetTmp.clear(); @@ -588,7 +588,7 @@ static bool LooseMemeq(const uint8_t *A, const uint8_t *B, size_t Size) { // This method is not inlined because it would cause a test to fail where it // is part of the stack unwinding. See D97975 for details. -ATTRIBUTE_NOINLINE void Fuzzer::ExecuteCallback(const uint8_t *Data, +ATTRIBUTE_NOINLINE bool Fuzzer::ExecuteCallback(const uint8_t *Data, size_t Size) { TPC.RecordInitialStack(); TotalNumberOfRuns++; @@ -604,23 +604,24 @@ ATTRIBUTE_NOINLINE void Fuzzer::ExecuteCallback(const uint8_t *Data, if (CurrentUnitData && CurrentUnitData != Data) memcpy(CurrentUnitData, Data, Size); CurrentUnitSize = Size; + int CBRes = 0; { ScopedEnableMsanInterceptorChecks S; AllocTracer.Start(Options.TraceMalloc); UnitStartTime = system_clock::now(); TPC.ResetMaps(); RunningUserCallback = true; - int Res = CB(DataCopy, Size); + CBRes = CB(DataCopy, Size); RunningUserCallback = false; UnitStopTime = system_clock::now(); - (void)Res; - assert(Res == 0); + assert(CBRes == 0 || CBRes == -1); HasMoreMallocsThanFrees = AllocTracer.Stop(); } if (!LooseMemeq(DataCopy, Data, Size)) CrashOnOverwrittenData(); CurrentUnitSize = 0; delete[] DataCopy; + return CBRes == 0; } std::string Fuzzer::WriteToOutputCorpus(const Unit &U) { @@ -845,9 +846,16 @@ void Fuzzer::ReadAndExecuteSeedCorpora(std::vector<SizedFile> &CorporaFiles) { } if (Corpus.empty() && Options.MaxNumberOfRuns) { - Printf("ERROR: no interesting inputs were found. " - "Is the code instrumented for coverage? Exiting.\n"); - exit(1); + Printf("WARNING: no interesting inputs were found so far. " + "Is the code instrumented for coverage?\n" + "This may also happen if the target rejected all inputs we tried so " + "far\n"); + // The remaining logic requires that the corpus is not empty, + // so we add one fake input to the in-memory corpus. + Corpus.AddToCorpus({'\n'}, /*NumFeatures=*/1, /*MayDeleteFile=*/true, + /*HasFocusFunction=*/false, /*NeverReduce=*/false, + /*TimeOfUnit=*/duration_cast<microseconds>(0s), {0}, DFT, + /*BaseII*/ nullptr); } } diff --git a/contrib/libs/libfuzzer/FuzzerTracePC.cpp b/contrib/libs/libfuzzer/FuzzerTracePC.cpp index af8d1ce50f..f12f7aa61b 100644 --- a/contrib/libs/libfuzzer/FuzzerTracePC.cpp +++ b/contrib/libs/libfuzzer/FuzzerTracePC.cpp @@ -133,13 +133,14 @@ inline ALWAYS_INLINE uintptr_t GetPreviousInstructionPc(uintptr_t PC) { // so we return (pc-2) in that case in order to be safe. // For A32 mode we return (pc-4) because all instructions are 32 bit long. return (PC - 3) & (~1); -#elif defined(__powerpc__) || defined(__powerpc64__) || defined(__aarch64__) - // PCs are always 4 byte aligned. - return PC - 4; #elif defined(__sparc__) || defined(__mips__) return PC - 8; -#else +#elif defined(__riscv__) + return PC - 2; +#elif defined(__i386__) || defined(__x86_64__) || defined(_M_IX86) || defined(_M_X64) return PC - 1; +#else + return PC - 4; #endif } |