aboutsummaryrefslogtreecommitdiffstats
path: root/contrib/libs/libfuzzer
diff options
context:
space:
mode:
authorrobot-dts-analyst <robot-dts-analyst@yandex-team.com>2022-11-08 02:52:54 +0300
committerrobot-dts-analyst <robot-dts-analyst@yandex-team.com>2022-11-08 02:52:54 +0300
commit4279a48238a1a4105a3d77a50f245591649245a7 (patch)
treee3733a66963e7d577e33f9976dd63d50e28c058f /contrib/libs/libfuzzer
parentc2c68f821b20a5ebda2d7b52c0d6036241952311 (diff)
downloadydb-4279a48238a1a4105a3d77a50f245591649245a7.tar.gz
Rebalancing autocheck partitions and distbuild clusters.
The process of preparing changes https://sandbox.yandex-team.ru/task/1510045946/view
Diffstat (limited to 'contrib/libs/libfuzzer')
-rw-r--r--contrib/libs/libfuzzer/CODE_OWNERS.TXT4
-rw-r--r--contrib/libs/libfuzzer/FuzzerInternal.h5
-rw-r--r--contrib/libs/libfuzzer/FuzzerLoop.cpp24
-rw-r--r--contrib/libs/libfuzzer/FuzzerTracePC.cpp9
4 files changed, 27 insertions, 15 deletions
diff --git a/contrib/libs/libfuzzer/CODE_OWNERS.TXT b/contrib/libs/libfuzzer/CODE_OWNERS.TXT
index 125487816b..02558d9271 100644
--- a/contrib/libs/libfuzzer/CODE_OWNERS.TXT
+++ b/contrib/libs/libfuzzer/CODE_OWNERS.TXT
@@ -20,8 +20,8 @@ N: Timur Iskhodzhanov
E: timurrrr@google.com
D: AddressSanitizer for Windows
-N: Howard Hinnant
-E: howard.hinnant@gmail.com
+N: Saleem Abdulrasool
+E: compnerd@compnerd.org
D: builtins library
N: Alexander Potapenko
diff --git a/contrib/libs/libfuzzer/FuzzerInternal.h b/contrib/libs/libfuzzer/FuzzerInternal.h
index 6637b0034e..31f54eaa47 100644
--- a/contrib/libs/libfuzzer/FuzzerInternal.h
+++ b/contrib/libs/libfuzzer/FuzzerInternal.h
@@ -65,7 +65,10 @@ public:
static void StaticFileSizeExceedCallback();
static void StaticGracefulExitCallback();
- void ExecuteCallback(const uint8_t *Data, size_t Size);
+ // Executes the target callback on {Data, Size} once.
+ // Returns false if the input was rejected by the target (target returned -1),
+ // and true otherwise.
+ bool ExecuteCallback(const uint8_t *Data, size_t Size);
bool RunOne(const uint8_t *Data, size_t Size, bool MayDeleteFile = false,
InputInfo *II = nullptr, bool ForceAddToCorpus = false,
bool *FoundUniqFeatures = nullptr);
diff --git a/contrib/libs/libfuzzer/FuzzerLoop.cpp b/contrib/libs/libfuzzer/FuzzerLoop.cpp
index cbfe73d813..f2d4b88931 100644
--- a/contrib/libs/libfuzzer/FuzzerLoop.cpp
+++ b/contrib/libs/libfuzzer/FuzzerLoop.cpp
@@ -513,7 +513,7 @@ bool Fuzzer::RunOne(const uint8_t *Data, size_t Size, bool MayDeleteFile,
// Largest input length should be INT_MAX.
assert(Size < std::numeric_limits<uint32_t>::max());
- ExecuteCallback(Data, Size);
+ if(!ExecuteCallback(Data, Size)) return false;
auto TimeOfUnit = duration_cast<microseconds>(UnitStopTime - UnitStartTime);
UniqFeatureSetTmp.clear();
@@ -588,7 +588,7 @@ static bool LooseMemeq(const uint8_t *A, const uint8_t *B, size_t Size) {
// This method is not inlined because it would cause a test to fail where it
// is part of the stack unwinding. See D97975 for details.
-ATTRIBUTE_NOINLINE void Fuzzer::ExecuteCallback(const uint8_t *Data,
+ATTRIBUTE_NOINLINE bool Fuzzer::ExecuteCallback(const uint8_t *Data,
size_t Size) {
TPC.RecordInitialStack();
TotalNumberOfRuns++;
@@ -604,23 +604,24 @@ ATTRIBUTE_NOINLINE void Fuzzer::ExecuteCallback(const uint8_t *Data,
if (CurrentUnitData && CurrentUnitData != Data)
memcpy(CurrentUnitData, Data, Size);
CurrentUnitSize = Size;
+ int CBRes = 0;
{
ScopedEnableMsanInterceptorChecks S;
AllocTracer.Start(Options.TraceMalloc);
UnitStartTime = system_clock::now();
TPC.ResetMaps();
RunningUserCallback = true;
- int Res = CB(DataCopy, Size);
+ CBRes = CB(DataCopy, Size);
RunningUserCallback = false;
UnitStopTime = system_clock::now();
- (void)Res;
- assert(Res == 0);
+ assert(CBRes == 0 || CBRes == -1);
HasMoreMallocsThanFrees = AllocTracer.Stop();
}
if (!LooseMemeq(DataCopy, Data, Size))
CrashOnOverwrittenData();
CurrentUnitSize = 0;
delete[] DataCopy;
+ return CBRes == 0;
}
std::string Fuzzer::WriteToOutputCorpus(const Unit &U) {
@@ -845,9 +846,16 @@ void Fuzzer::ReadAndExecuteSeedCorpora(std::vector<SizedFile> &CorporaFiles) {
}
if (Corpus.empty() && Options.MaxNumberOfRuns) {
- Printf("ERROR: no interesting inputs were found. "
- "Is the code instrumented for coverage? Exiting.\n");
- exit(1);
+ Printf("WARNING: no interesting inputs were found so far. "
+ "Is the code instrumented for coverage?\n"
+ "This may also happen if the target rejected all inputs we tried so "
+ "far\n");
+ // The remaining logic requires that the corpus is not empty,
+ // so we add one fake input to the in-memory corpus.
+ Corpus.AddToCorpus({'\n'}, /*NumFeatures=*/1, /*MayDeleteFile=*/true,
+ /*HasFocusFunction=*/false, /*NeverReduce=*/false,
+ /*TimeOfUnit=*/duration_cast<microseconds>(0s), {0}, DFT,
+ /*BaseII*/ nullptr);
}
}
diff --git a/contrib/libs/libfuzzer/FuzzerTracePC.cpp b/contrib/libs/libfuzzer/FuzzerTracePC.cpp
index af8d1ce50f..f12f7aa61b 100644
--- a/contrib/libs/libfuzzer/FuzzerTracePC.cpp
+++ b/contrib/libs/libfuzzer/FuzzerTracePC.cpp
@@ -133,13 +133,14 @@ inline ALWAYS_INLINE uintptr_t GetPreviousInstructionPc(uintptr_t PC) {
// so we return (pc-2) in that case in order to be safe.
// For A32 mode we return (pc-4) because all instructions are 32 bit long.
return (PC - 3) & (~1);
-#elif defined(__powerpc__) || defined(__powerpc64__) || defined(__aarch64__)
- // PCs are always 4 byte aligned.
- return PC - 4;
#elif defined(__sparc__) || defined(__mips__)
return PC - 8;
-#else
+#elif defined(__riscv__)
+ return PC - 2;
+#elif defined(__i386__) || defined(__x86_64__) || defined(_M_IX86) || defined(_M_X64)
return PC - 1;
+#else
+ return PC - 4;
#endif
}