From 62c8fc571a345f8f2e462aa8451849d4d2dd48d8 Mon Sep 17 00:00:00 2001 From: Marcos Pividori Date: Sun, 22 Jan 2017 01:58:26 +0000 Subject: [PATCH] [libFuzzer] Portably disassemble and find calls to sanitizer_cov_trace_pc_guard. Instead of directly using objdump, which is not present on Windows, we consider different tools depending on the platform. For Windows, we consider dumpbin and llvm-objdump. Differential Revision: https://reviews.llvm.org/D28635 llvm-svn: 292739 --- llvm/lib/Fuzzer/FuzzerTracePC.cpp | 9 +++++++-- llvm/lib/Fuzzer/FuzzerUtil.h | 4 ++++ llvm/lib/Fuzzer/FuzzerUtilPosix.cpp | 8 ++++++++ llvm/lib/Fuzzer/FuzzerUtilWindows.cpp | 14 ++++++++++++++ 4 files changed, 33 insertions(+), 2 deletions(-) diff --git a/llvm/lib/Fuzzer/FuzzerTracePC.cpp b/llvm/lib/Fuzzer/FuzzerTracePC.cpp index 71f4b66f8bbb..53454371f3e3 100644 --- a/llvm/lib/Fuzzer/FuzzerTracePC.cpp +++ b/llvm/lib/Fuzzer/FuzzerTracePC.cpp @@ -18,6 +18,7 @@ #include "FuzzerExtFunctions.h" #include "FuzzerIO.h" #include "FuzzerTracePC.h" +#include "FuzzerUtil.h" #include "FuzzerValueBitMap.h" #include #include @@ -141,8 +142,8 @@ void TracePC::PrintCoverage() { Printf("MODULE_WITH_COVERAGE: %s\n", ModuleName.c_str()); // sancov does not yet fully support DSOs. // std::string Cmd = "sancov -print-coverage-pcs " + ModuleName; - std::string Cmd = "objdump -d " + ModuleName + - " | grep 'call.*__sanitizer_cov_trace_pc_guard' | awk -F: '{print $1}'"; + std::string Cmd = DisassembleCmd(ModuleName) + " | " + + SearchRegexCmd("call.*__sanitizer_cov_trace_pc_guard"); std::string SanCovOutput; if (!ExecuteCommandAndReadOutput(Cmd, &SanCovOutput)) { Printf("INFO: Command failed: %s\n", Cmd.c_str()); @@ -151,6 +152,10 @@ void TracePC::PrintCoverage() { std::istringstream ISS(SanCovOutput); std::string S; while (std::getline(ISS, S, '\n')) { + size_t PcOffsetEnd = S.find(':'); + if (PcOffsetEnd == std::string::npos) + continue; + S.resize(PcOffsetEnd); uintptr_t PcOffset = std::stol(S, 0, 16); if (!std::binary_search(CoveredOffsets.begin(), CoveredOffsets.end(), PcOffset)) { diff --git a/llvm/lib/Fuzzer/FuzzerUtil.h b/llvm/lib/Fuzzer/FuzzerUtil.h index 08058c56e4c5..f84fd9ef0fce 100644 --- a/llvm/lib/Fuzzer/FuzzerUtil.h +++ b/llvm/lib/Fuzzer/FuzzerUtil.h @@ -67,6 +67,10 @@ inline std::string CloneArgsWithoutX(const std::vector &Args, return CloneArgsWithoutX(Args, X, X); } +std::string DisassembleCmd(const std::string &FileName); + +std::string SearchRegexCmd(const std::string &Regex); + } // namespace fuzzer #endif // LLVM_FUZZER_UTIL_H diff --git a/llvm/lib/Fuzzer/FuzzerUtilPosix.cpp b/llvm/lib/Fuzzer/FuzzerUtilPosix.cpp index e8d48dc81a3b..0161309fbf86 100644 --- a/llvm/lib/Fuzzer/FuzzerUtilPosix.cpp +++ b/llvm/lib/Fuzzer/FuzzerUtilPosix.cpp @@ -118,6 +118,14 @@ const void *SearchMemory(const void *Data, size_t DataLen, const void *Patt, return memmem(Data, DataLen, Patt, PattLen); } +std::string DisassembleCmd(const std::string &FileName) { + return "objdump -d " + FileName; +} + +std::string SearchRegexCmd(const std::string &Regex) { + return "grep '" + Regex + "'"; +} + } // namespace fuzzer #endif // LIBFUZZER_POSIX diff --git a/llvm/lib/Fuzzer/FuzzerUtilWindows.cpp b/llvm/lib/Fuzzer/FuzzerUtilWindows.cpp index 3ca1f2c8f562..b9e039f81e53 100644 --- a/llvm/lib/Fuzzer/FuzzerUtilWindows.cpp +++ b/llvm/lib/Fuzzer/FuzzerUtilWindows.cpp @@ -178,6 +178,20 @@ const void *SearchMemory(const void *Data, size_t DataLen, const void *Patt, return NULL; } +std::string DisassembleCmd(const std::string &FileName) { + if (ExecuteCommand("dumpbin > nul") == 0) + return "dumpbin /disasm " + FileName; + if (ExecuteCommand("llvm-objdump > nul") == 0) + return "llvm-objdump -d " + FileName; + Printf("libFuzzer: couldn't find tool to disassemble (dumpbin, " + "llvm-objdump)\n"); + exit(1); +} + +std::string SearchRegexCmd(const std::string &Regex) { + return "findstr /r \"" + Regex + "\""; +} + } // namespace fuzzer #endif // LIBFUZZER_WINDOWS