diff options
| author | Jake Ehrlich <jakehehrlich@google.com> | 2019-09-17 00:34:41 +0000 |
|---|---|---|
| committer | Jake Ehrlich <jakehehrlich@google.com> | 2019-09-17 00:34:41 +0000 |
| commit | c47e688f48a50aaf27ac05e073630057517d4674 (patch) | |
| tree | 5bb0e8aa673ef21d6bd1fff9fd52696af69871d8 | |
| parent | e6a6d6c9c3259a7e9b7cc1541be5dc5e2c1c8445 (diff) | |
| download | compiler-rt-c47e688f48a50aaf27ac05e073630057517d4674.tar.gz | |
[libFuzzer] Always print DSO map on Fuchsia libFuzzer launch
Fuchsia doesn't have /proc/id/maps, so it relies on the kernel logging system
to provide the DSO map to be able to symbolize in the context of ASLR. The DSO
map is logged automatically on Fuchsia when encountering a crash or writing to
the sanitizer log for the first time in a process. There are several cases
where libFuzzer doesn't encounter a crash, e.g. on timeouts, OOMs, and when
configured to print new PCs as they become covered, to name a few. Therefore,
this change always writes to the sanitizer log on startup to ensure the DSO map
is available in the log.
Author: aarongreen
Differential Revision: https://reviews.llvm.org/D66233
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@372056 91177308-0d34-0410-b5e6-96231b3b80d8
| -rw-r--r-- | lib/fuzzer/FuzzerExtFunctions.def | 1 | ||||
| -rw-r--r-- | lib/fuzzer/FuzzerUtilFuchsia.cpp | 11 |
2 files changed, 12 insertions, 0 deletions
diff --git a/lib/fuzzer/FuzzerExtFunctions.def b/lib/fuzzer/FuzzerExtFunctions.def index 7b53b0855..51edf8444 100644 --- a/lib/fuzzer/FuzzerExtFunctions.def +++ b/lib/fuzzer/FuzzerExtFunctions.def @@ -33,6 +33,7 @@ EXT_FUNC(__sanitizer_install_malloc_and_free_hooks, int, (void (*malloc_hook)(const volatile void *, size_t), void (*free_hook)(const volatile void *)), false); +EXT_FUNC(__sanitizer_log_write, void, (const char *buf, size_t len), false); EXT_FUNC(__sanitizer_purge_allocator, void, (), false); EXT_FUNC(__sanitizer_print_memory_profile, void, (size_t, size_t), false); EXT_FUNC(__sanitizer_print_stack_trace, void, (), true); diff --git a/lib/fuzzer/FuzzerUtilFuchsia.cpp b/lib/fuzzer/FuzzerUtilFuchsia.cpp index 1f04b33c1..36010f7f1 100644 --- a/lib/fuzzer/FuzzerUtilFuchsia.cpp +++ b/lib/fuzzer/FuzzerUtilFuchsia.cpp @@ -311,6 +311,17 @@ bool Mprotect(void *Ptr, size_t Size, bool AllowReadWrite) { // Platform specific functions. void SetSignalHandler(const FuzzingOptions &Options) { + // Make sure information from libFuzzer and the sanitizers are easy to + // reassemble. `__sanitizer_log_write` has the added benefit of ensuring the + // DSO map is always available for the symbolizer. + // A uint64_t fits in 20 chars, so 64 is plenty. + char Buf[64]; + memset(Buf, 0, sizeof(Buf)); + snprintf(Buf, sizeof(Buf), "==%lu== INFO: libFuzzer starting.\n", GetPid()); + if (EF->__sanitizer_log_write) + __sanitizer_log_write(Buf, sizeof(Buf)); + Printf("%s", Buf); + // Set up alarm handler if needed. if (Options.UnitTimeoutSec > 0) { std::thread T(AlarmHandler, Options.UnitTimeoutSec / 2 + 1); |