Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromium / llvm-project / compiler-rt / lib / fuzzer / 00da648c46e83b8655bd34007de57a928a944a30^! / .
commit00da648c46e83b8655bd34007de57a928a944a30[log] [tgz]
authorkcc <kcc>Fri Aug 25 20:09:25 2017 +0000
committerkcc <kcc>Fri Aug 25 20:09:25 2017 +0000
tree4b59366259859c33b1515e9d2191729c4520af88
parent98957a113fe8a7456ae468c66d613efe94d7d7e2 [diff]
[libFuzzer] add -print_funcs=1 (on bey default): print newly discovered functions during fuzzing

git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk/lib/fuzzer@311797 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/FuzzerDriver.cpp b/FuzzerDriver.cpp
index 17891d2..d0d0f7d 100644
--- a/FuzzerDriver.cpp
+++ b/FuzzerDriver.cpp

@@ -603,6 +603,7 @@
   Options.SaveArtifacts =
       !DoPlainRun || Flags.minimize_crash_internal_step;
   Options.PrintNewCovPcs = Flags.print_pcs;
+  Options.PrintNewCovFuncs = Flags.print_funcs;
   Options.PrintFinalStats = Flags.print_final_stats;
   Options.PrintCorpusStats = Flags.print_corpus_stats;
   Options.PrintCoverage = Flags.print_coverage;

diff --git a/FuzzerFlags.def b/FuzzerFlags.def
index 2887fd2..6968c77 100644
--- a/FuzzerFlags.def
+++ b/FuzzerFlags.def

@@ -91,6 +91,7 @@
                    "and will not use checksum in the file name. Do not "
                    "use the same path for several parallel processes.")
 FUZZER_FLAG_INT(print_pcs, 0, "If 1, print out newly covered PCs.")
+FUZZER_FLAG_INT(print_funcs, 1, "If 1, print out newly covered functions.")
 FUZZER_FLAG_INT(print_final_stats, 0, "If 1, print statistics at exit.")
 FUZZER_FLAG_INT(print_corpus_stats, 0,
   "If 1, print statistics on corpus elements at exit.")

diff --git a/FuzzerLoop.cpp b/FuzzerLoop.cpp
index 2349459..d2d096a 100644
--- a/FuzzerLoop.cpp
+++ b/FuzzerLoop.cpp

@@ -626,6 +626,7 @@
 
 void Fuzzer::Loop() {
   TPC.SetPrintNewPCs(Options.PrintNewCovPcs);
+  TPC.SetPrintNewFuncs(Options.PrintNewCovFuncs);
   system_clock::time_point LastCorpusReload = system_clock::now();
   if (Options.DoCrossOver)
     MD.SetCorpus(&Corpus);

diff --git a/FuzzerOptions.h b/FuzzerOptions.h
index 9500235..d387242 100644
--- a/FuzzerOptions.h
+++ b/FuzzerOptions.h

@@ -47,6 +47,7 @@
   bool SaveArtifacts = true;
   bool PrintNEW = true; // Print a status line when new units are found;
   bool PrintNewCovPcs = false;
+  bool PrintNewCovFuncs = false;
   bool PrintFinalStats = false;
   bool PrintCorpusStats = false;
   bool PrintCoverage = false;

diff --git a/FuzzerTracePC.cpp b/FuzzerTracePC.cpp
index 2df850b..812a619 100644
--- a/FuzzerTracePC.cpp
+++ b/FuzzerTracePC.cpp

@@ -143,11 +143,18 @@
 }
 
 void TracePC::UpdateObservedPCs() {
-  auto Observe = [&](uintptr_t PC) {
-    bool Inserted = ObservedPCs.insert(PC).second;
-    if (Inserted && DoPrintNewPCs)
+  auto ObservePC = [&](uintptr_t PC) {
+    if (ObservedPCs.insert(PC).second && DoPrintNewPCs)
       PrintPC("\tNEW_PC: %p %F %L\n", "\tNEW_PC: %p\n", PC + 1);
   };
+
+  auto Observe = [&](const PCTableEntry &TE) {
+    if (TE.PCFlags & 1)
+      if (ObservedFuncs.insert(TE.PC).second && DoPrintNewFuncs)
+        PrintPC("\tNEW_FUNC: %p %F %L\n", "\tNEW_PC: %p\n", TE.PC + 1);
+    ObservePC(TE.PC);
+  };
+
   if (NumPCsInPCTables) {
     if (NumInline8bitCounters == NumPCsInPCTables) {
       for (size_t i = 0; i < NumModulesWithInline8bitCounters; i++) {
@@ -157,7 +164,7 @@
                (size_t)(ModulePCTable[i].Stop - ModulePCTable[i].Start));
         for (size_t j = 0; j < Size; j++)
           if (Beg[j])
-            Observe(ModulePCTable[i].Start[j].PC);
+            Observe(ModulePCTable[i].Start[j]);
       }
     } else if (NumGuards == NumPCsInPCTables) {
       size_t GuardIdx = 1;
@@ -168,7 +175,7 @@
                (size_t)(ModulePCTable[i].Stop - ModulePCTable[i].Start));
         for (size_t j = 0; j < Size; j++, GuardIdx++)
           if (Counters()[GuardIdx])
-            Observe(ModulePCTable[i].Start[j].PC);
+            Observe(ModulePCTable[i].Start[j]);
       }
     }
   }
@@ -177,7 +184,7 @@
     auto P = ClangCountersBegin();
     for (size_t Idx = 0; Idx < NumClangCounters; Idx++)
       if (P[Idx])
-        Observe((uintptr_t)Idx);
+        ObservePC((uintptr_t)Idx);
   }
 }
 

diff --git a/FuzzerTracePC.h b/FuzzerTracePC.h
index 0c9d4b6..76aa074 100644
--- a/FuzzerTracePC.h
+++ b/FuzzerTracePC.h

@@ -82,6 +82,7 @@
   void SetUseCounters(bool UC) { UseCounters = UC; }
   void SetUseValueProfile(bool VP) { UseValueProfile = VP; }
   void SetPrintNewPCs(bool P) { DoPrintNewPCs = P; }
+  void SetPrintNewFuncs(bool P) { DoPrintNewFuncs = P; }
   void UpdateObservedPCs();
   template <class Callback> void CollectFeatures(Callback CB) const;
 
@@ -133,6 +134,7 @@
   bool UseCounters = false;
   bool UseValueProfile = false;
   bool DoPrintNewPCs = false;
+  bool DoPrintNewFuncs = false;
 
   struct Module {
     uint32_t *Start, *Stop;
@@ -158,6 +160,7 @@
   uintptr_t *PCs() const;
 
   std::set<uintptr_t> ObservedPCs;
+  std::set<uintptr_t> ObservedFuncs;
 
   ValueBitMap ValueProfileMap;
   uintptr_t InitialStack;