diff options
author | Vitaly Buka <vitalybuka@google.com> | 2017-10-31 20:49:48 +0000 |
---|---|---|
committer | Vitaly Buka <vitalybuka@google.com> | 2017-10-31 20:49:48 +0000 |
commit | 8ddc9eb9566b6cafb848d87323303cd5089fa4b2 (patch) | |
tree | 73f94285e57bfde5ab72da78e58a59b51fd2bd72 | |
parent | 8ff5640b48c4c4a3b974daa10a5f445e86ed7428 (diff) | |
download | compiler-rt-8ddc9eb9566b6cafb848d87323303cd5089fa4b2.tar.gz |
[fuzzer] Fix threaded stack printing and nested mallocs
Summary: Nested mallocs are possible with internal symbolizer.
Reviewers: kcc
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D39397
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317034 91177308-0d34-0410-b5e6-96231b3b80d8
-rw-r--r-- | lib/fuzzer/FuzzerLoop.cpp | 19 | ||||
-rw-r--r-- | test/fuzzer/TraceMallocThreadedTest.cpp | 22 | ||||
-rw-r--r-- | test/fuzzer/trace-malloc-threaded.test | 36 |
3 files changed, 77 insertions, 0 deletions
diff --git a/lib/fuzzer/FuzzerLoop.cpp b/lib/fuzzer/FuzzerLoop.cpp index d3ac4ce7e..9cb580a30 100644 --- a/lib/fuzzer/FuzzerLoop.cpp +++ b/lib/fuzzer/FuzzerLoop.cpp @@ -19,6 +19,7 @@ #include <algorithm> #include <cstring> #include <memory> +#include <mutex> #include <set> #if defined(__has_include) @@ -73,11 +74,24 @@ struct MallocFreeTracer { static MallocFreeTracer AllocTracer; +static thread_local bool IsMallocFreeHookDisabled; +static std::mutex MallocFreeStackMutex; + +struct MallocFreeHookDisabler { + MallocFreeHookDisabler() { IsMallocFreeHookDisabled = true; } + ~MallocFreeHookDisabler() { IsMallocFreeHookDisabled = false; } +}; + ATTRIBUTE_NO_SANITIZE_MEMORY void MallocHook(const volatile void *ptr, size_t size) { + // Avoid nested hooks for mallocs/frees in sanitizer. + if (IsMallocFreeHookDisabled) + return; + MallocFreeHookDisabler Disable; size_t N = AllocTracer.Mallocs++; F->HandleMalloc(size); if (int TraceLevel = AllocTracer.TraceLevel) { + std::lock_guard<std::mutex> Lock(MallocFreeStackMutex); Printf("MALLOC[%zd] %p %zd\n", N, ptr, size); if (TraceLevel >= 2 && EF) EF->__sanitizer_print_stack_trace(); @@ -86,8 +100,13 @@ void MallocHook(const volatile void *ptr, size_t size) { ATTRIBUTE_NO_SANITIZE_MEMORY void FreeHook(const volatile void *ptr) { + // Avoid nested hooks for mallocs/frees in sanitizer. + if (IsMallocFreeHookDisabled) + return; + MallocFreeHookDisabler Disable; size_t N = AllocTracer.Frees++; if (int TraceLevel = AllocTracer.TraceLevel) { + std::lock_guard<std::mutex> Lock(MallocFreeStackMutex); Printf("FREE[%zd] %p\n", N, ptr); if (TraceLevel >= 2 && EF) EF->__sanitizer_print_stack_trace(); diff --git a/test/fuzzer/TraceMallocThreadedTest.cpp b/test/fuzzer/TraceMallocThreadedTest.cpp new file mode 100644 index 000000000..5603af344 --- /dev/null +++ b/test/fuzzer/TraceMallocThreadedTest.cpp @@ -0,0 +1,22 @@ +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. + +// Check that allocation tracing from different threads does not cause +// interleaving of stack traces. +#include <assert.h> +#include <cstddef> +#include <cstdint> +#include <cstring> +#include <thread> + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + auto C = [&] { + volatile void *a = malloc(5639); + free((void *)a); + }; + std::thread T[] = {std::thread(C), std::thread(C), std::thread(C), + std::thread(C), std::thread(C), std::thread(C)}; + for (auto &X : T) + X.join(); + return 0; +} diff --git a/test/fuzzer/trace-malloc-threaded.test b/test/fuzzer/trace-malloc-threaded.test new file mode 100644 index 000000000..11f3f0491 --- /dev/null +++ b/test/fuzzer/trace-malloc-threaded.test @@ -0,0 +1,36 @@ +// FIXME: This test infinite loops on darwin because it crashes +// printing a stack trace repeatedly +UNSUPPORTED: darwin + +RUN: %cpp_compiler %S/TraceMallocThreadedTest.cpp -o %t-TraceMallocThreadedTest + +RUN: %t-TraceMallocThreadedTest -trace_malloc=2 -runs=1 2>&1 | FileCheck %s +CHECK: {{MALLOC\[[0-9]+] +0x[0-9]+ 5639}} +CHECK-NEXT: {{ +\#0 +}} +CHECK-NEXT: {{ +\#1 +}} +CHECK-NEXT: {{ +\#2 +}} + +CHECK: {{MALLOC\[[0-9]+] +0x[0-9]+ 5639}} +CHECK-NEXT: {{ +\#0 +}} +CHECK-NEXT: {{ +\#1 +}} +CHECK-NEXT: {{ +\#2 +}} + +CHECK: {{MALLOC\[[0-9]+] +0x[0-9]+ 5639}} +CHECK-NEXT: {{ +\#0 +}} +CHECK-NEXT: {{ +\#1 +}} +CHECK-NEXT: {{ +\#2 +}} + +CHECK: {{MALLOC\[[0-9]+] +0x[0-9]+ 5639}} +CHECK-NEXT: {{ +\#0 +}} +CHECK-NEXT: {{ +\#1 +}} +CHECK-NEXT: {{ +\#2 +}} + +CHECK: {{MALLOC\[[0-9]+] +0x[0-9]+ 5639}} +CHECK-NEXT: {{ +\#0 +}} +CHECK-NEXT: {{ +\#1 +}} +CHECK-NEXT: {{ +\#2 +}} + +CHECK: {{MALLOC\[[0-9]+] +0x[0-9]+ 5639}} +CHECK-NEXT: {{ +\#0 +}} +CHECK-NEXT: {{ +\#1 +}} +CHECK-NEXT: {{ +\#2 +}} |