[fuzzer] Fix threaded stack printing and nested mallocs

Summary: Nested mallocs are possible with internal symbolizer. Reviewers: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39397 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317034 91177308-0d34-0410-b5e6-96231b3b80d8
author: Vitaly Buka <vitalybuka@google.com> 2017-10-31 20:49:48 +0000
committer: Vitaly Buka <vitalybuka@google.com> 2017-10-31 20:49:48 +0000
commit: 8ddc9eb9566b6cafb848d87323303cd5089fa4b2 (patch)
tree: 73f94285e57bfde5ab72da78e58a59b51fd2bd72
parent: 8ff5640b48c4c4a3b974daa10a5f445e86ed7428 (diff)
download: compiler-rt-8ddc9eb9566b6cafb848d87323303cd5089fa4b2.tar.gz
3 files changed, 77 insertions, 0 deletions
diff --git a/lib/fuzzer/FuzzerLoop.cpp b/lib/fuzzer/FuzzerLoop.cpp
index d3ac4ce7e..9cb580a30 100644
--- a/lib/fuzzer/FuzzerLoop.cpp
+++ b/lib/fuzzer/FuzzerLoop.cpp
@@ -19,6 +19,7 @@
 #include <algorithm>
 #include <cstring>
 #include <memory>
+#include <mutex>
 #include <set>
 
 #if defined(__has_include)
@@ -73,11 +74,24 @@ struct MallocFreeTracer {
 
 static MallocFreeTracer AllocTracer;
 
+static thread_local bool IsMallocFreeHookDisabled;
+static std::mutex MallocFreeStackMutex;
+
+struct MallocFreeHookDisabler {
+  MallocFreeHookDisabler() { IsMallocFreeHookDisabled = true; }
+  ~MallocFreeHookDisabler() { IsMallocFreeHookDisabled = false; }
+};
+
 ATTRIBUTE_NO_SANITIZE_MEMORY
 void MallocHook(const volatile void *ptr, size_t size) {
+  // Avoid nested hooks for mallocs/frees in sanitizer.
+  if (IsMallocFreeHookDisabled)
+    return;
+  MallocFreeHookDisabler Disable;
   size_t N = AllocTracer.Mallocs++;
   F->HandleMalloc(size);
   if (int TraceLevel = AllocTracer.TraceLevel) {
+    std::lock_guard<std::mutex> Lock(MallocFreeStackMutex);
     Printf("MALLOC[%zd] %p %zd\n", N, ptr, size);
     if (TraceLevel >= 2 && EF)
       EF->__sanitizer_print_stack_trace();
@@ -86,8 +100,13 @@ void MallocHook(const volatile void *ptr, size_t size) {
 
 ATTRIBUTE_NO_SANITIZE_MEMORY
 void FreeHook(const volatile void *ptr) {
+  // Avoid nested hooks for mallocs/frees in sanitizer.
+  if (IsMallocFreeHookDisabled)
+    return;
+  MallocFreeHookDisabler Disable;
   size_t N = AllocTracer.Frees++;
   if (int TraceLevel = AllocTracer.TraceLevel) {
+    std::lock_guard<std::mutex> Lock(MallocFreeStackMutex);
     Printf("FREE[%zd]   %p\n", N, ptr);
     if (TraceLevel >= 2 && EF)
       EF->__sanitizer_print_stack_trace();
diff --git a/test/fuzzer/TraceMallocThreadedTest.cpp b/test/fuzzer/TraceMallocThreadedTest.cpp
new file mode 100644
index 000000000..5603af344
--- /dev/null
+++ b/test/fuzzer/TraceMallocThreadedTest.cpp
@@ -0,0 +1,22 @@
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+
+// Check that allocation tracing from different threads does not cause
+// interleaving of stack traces.
+#include <assert.h>
+#include <cstddef>
+#include <cstdint>
+#include <cstring>
+#include <thread>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  auto C = [&] {
+    volatile void *a = malloc(5639);
+    free((void *)a);
+  };
+  std::thread T[] = {std::thread(C), std::thread(C), std::thread(C),
+                     std::thread(C), std::thread(C), std::thread(C)};
+  for (auto &X : T)
+    X.join();
+  return 0;
+}
diff --git a/test/fuzzer/trace-malloc-threaded.test b/test/fuzzer/trace-malloc-threaded.test
new file mode 100644
index 000000000..11f3f0491
--- /dev/null
+++ b/test/fuzzer/trace-malloc-threaded.test
@@ -0,0 +1,36 @@
+// FIXME: This test infinite loops on darwin because it crashes
+// printing a stack trace repeatedly
+UNSUPPORTED: darwin
+
+RUN: %cpp_compiler %S/TraceMallocThreadedTest.cpp -o %t-TraceMallocThreadedTest
+
+RUN: %t-TraceMallocThreadedTest -trace_malloc=2 -runs=1 2>&1 | FileCheck %s
+CHECK: {{MALLOC\[[0-9]+] +0x[0-9]+ 5639}}
+CHECK-NEXT: {{ +\#0 +}}
+CHECK-NEXT: {{ +\#1 +}}
+CHECK-NEXT: {{ +\#2 +}}
+
+CHECK: {{MALLOC\[[0-9]+] +0x[0-9]+ 5639}}
+CHECK-NEXT: {{ +\#0 +}}
+CHECK-NEXT: {{ +\#1 +}}
+CHECK-NEXT: {{ +\#2 +}}
+
+CHECK: {{MALLOC\[[0-9]+] +0x[0-9]+ 5639}}
+CHECK-NEXT: {{ +\#0 +}}
+CHECK-NEXT: {{ +\#1 +}}
+CHECK-NEXT: {{ +\#2 +}}
+
+CHECK: {{MALLOC\[[0-9]+] +0x[0-9]+ 5639}}
+CHECK-NEXT: {{ +\#0 +}}
+CHECK-NEXT: {{ +\#1 +}}
+CHECK-NEXT: {{ +\#2 +}}
+
+CHECK: {{MALLOC\[[0-9]+] +0x[0-9]+ 5639}}
+CHECK-NEXT: {{ +\#0 +}}
+CHECK-NEXT: {{ +\#1 +}}
+CHECK-NEXT: {{ +\#2 +}}
+
+CHECK: {{MALLOC\[[0-9]+] +0x[0-9]+ 5639}}
+CHECK-NEXT: {{ +\#0 +}}
+CHECK-NEXT: {{ +\#1 +}}
+CHECK-NEXT: {{ +\#2 +}}
author	Vitaly Buka <vitalybuka@google.com>	2017-10-31 20:49:48 +0000
committer	Vitaly Buka <vitalybuka@google.com>	2017-10-31 20:49:48 +0000
commit	8ddc9eb9566b6cafb848d87323303cd5089fa4b2 (patch)
tree	73f94285e57bfde5ab72da78e58a59b51fd2bd72
parent	8ff5640b48c4c4a3b974daa10a5f445e86ed7428 (diff)
download	compiler-rt-8ddc9eb9566b6cafb848d87323303cd5089fa4b2.tar.gz