void dfsan_add_label(dfsan_label label, void *addr, size_t size);
__attribute__((weak))
const struct dfsan_label_info *dfsan_get_label_info(dfsan_label label);
+__attribute__((weak))
+dfsan_label dfsan_read_label(const void *addr, size_t size);
} // extern "C"
namespace {
uint64_t Type = (SizeAndType << 32) >> 32;
DFSan->DFSanCmpCallback(PC, CmpSize, Type, Arg1, Arg2, L1, L2);
}
+
+void dfsan_weak_hook_memcmp(void *caller_pc, const void *s1, const void *s2,
+ size_t n, dfsan_label s1_label,
+ dfsan_label s2_label, dfsan_label n_label) {
+ uintptr_t PC = reinterpret_cast<uintptr_t>(caller_pc);
+ uint64_t S1, S2;
+ // Simplification: handle only first 8 bytes.
+ memcpy(&S1, s1, std::min(n, sizeof(S1)));
+ memcpy(&S2, s2, std::min(n, sizeof(S2)));
+ dfsan_label L1 = dfsan_read_label(s1, n);
+ dfsan_label L2 = dfsan_read_label(s2, n);
+ DFSan->DFSanCmpCallback(PC, n, ICMP_EQ, S1, S2, L1, L2);
+}
} // extern "C"
#include <iostream>
static void Found() {
- std::cout << "Found the target, exiting\n";
+ std::cout << "BINGO; Found the target, exiting\n";
exit(1);
}
if (Size > 1 && Data[1] == 'i') {
Sink = 2;
if (Size > 2 && Data[2] == '!') {
- std::cout << "Found the target, exiting\n";
+ std::cout << "BINGO; Found the target, exiting\n";
exit(0);
}
}
// Simple test for a fuzzer. The fuzzer must find a particular string.
#include <cstring>
#include <cstdint>
+#include <cstdio>
+#include <cstdlib>
extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
- if (Size >= 10 && memcmp(Data, "0123456789", 10) == 0)
- __builtin_trap();
+ if (Size >= 8 && memcmp(Data, "01234567", 8) == 0) {
+ fprintf(stderr, "BINGO\n");
+ exit(1);
+ }
}
z >= -10005 &&
z != -10003 &&
a == 4242) {
- fprintf(stderr, "Found the target: size %zd (%zd, %zd, %d, %d), exiting.\n",
+ fprintf(stderr, "BINGO; Found the target: size %zd (%zd, %zd, %d, %d), exiting.\n",
Size, x, y, z, a);
exit(1);
}
-RUN: ./LLVMFuzzer-SimpleTest 2>&1 | FileCheck %s --check-prefix=SimpleTest
-SimpleTest: Found the target, exiting
+CHECK: BINGO
+
+RUN: ./LLVMFuzzer-SimpleTest 2>&1 | FileCheck %s
RUN: not ./LLVMFuzzer-InfiniteTest -timeout=2 2>&1 | FileCheck %s --check-prefix=InfiniteTest
InfiniteTest: ALARM: working on the last Unit for
RUN: not ./LLVMFuzzer-NullDerefTest 2>&1 | FileCheck %s --check-prefix=NullDerefTest
NullDerefTest: CRASHED; file written to crash-
-RUN: not ./LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s --check-prefix=FullCoverageSetTest
-FullCoverageSetTest: BINGO
+RUN: not ./LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s
+
+RUN: not ./LLVMFuzzer-FourIndependentBranchesTest -timeout=15 -seed=1 -use_coverage_pairs=1 2>&1 | FileCheck %s
+
+RUN: not ./LLVMFuzzer-CounterTest -use_counters=1 -max_len=6 -seed=1 -timeout=15 2>&1 | FileCheck %s
-RUN: not ./LLVMFuzzer-FourIndependentBranchesTest -timeout=15 -seed=1 -use_coverage_pairs=1 2>&1 | FileCheck %s --check-prefix=FourIndependentBranchesTest
-FourIndependentBranchesTest: BINGO
+RUN: not ./LLVMFuzzer-DFSanSimpleCmpTest -seed=1 -timeout=15 2>&1 | FileCheck %s
-RUN: not ./LLVMFuzzer-CounterTest -use_counters=1 -max_len=6 -seed=1 -timeout=15 2>&1 | FileCheck %s --check-prefix=CounterTest
-CounterTest: BINGO
+RUN: not ./LLVMFuzzer-DFSanMemcmpTest -seed=1 -timeout=15 2>&1 | FileCheck %s
-RUN: not ./LLVMFuzzer-DFSanSimpleCmpTest -seed=1 -timeout=15 2>&1 | FileCheck %s --check-prefix=DFSanSimpleCmpTest
-DFSanSimpleCmpTest: Found the target:
+RUN: not ./LLVMFuzzer-CxxTokensTest -seed=1 -timeout=15 -tokens=%S/../cxx_fuzzer_tokens.txt 2>&1 | FileCheck %s
-RUN: not ./LLVMFuzzer-CxxTokensTest -seed=1 -timeout=15 -tokens=%S/../cxx_fuzzer_tokens.txt 2>&1 | FileCheck %s --check-prefix=CxxTokensTest
-CxxTokensTest: Found the target, exiting