1 //===- FuzzerTracePC.cpp - PC tracing--------------------------------------===//
10 // the callback required for -fsanitize-coverage=trace-pc-guard instrumentation.
90     Printf("INFO: Loaded %zd PC tables (%zd PCs): ", NumPCTables,  in PrintModuleInfo()
99       Printf("ERROR: The size of coverage PC tables does not match the\n"  in PrintModuleInfo()
112     Printf("WARNING: The coverage PC tables may produce up to %zu features.\n"  in PrintModuleInfo()
130 inline ALWAYS_INLINE uintptr_t GetPreviousInstructionPc(uintptr_t PC) {  in GetPreviousInstructionPc()  argument
133   // so we return (pc-2) in that case in order to be safe.  in GetPreviousInstructionPc()
134   // For A32 mode we return (pc-4) because all instructions are 32 bit long.  in GetPreviousInstructionPc()
135   return (PC - 3) & (~1);  in GetPreviousInstructionPc()
137   return PC - 8;  in GetPreviousInstructionPc()
139   return PC - 2;  in GetPreviousInstructionPc()
141   return PC - 1;  in GetPreviousInstructionPc()
143   return PC - 4;  in GetPreviousInstructionPc()
149 ALWAYS_INLINE uintptr_t TracePC::GetNextInstructionPc(uintptr_t PC) {  in GetNextInstructionPc()  argument
151   return PC + 8;  in GetNextInstructionPc()
154   return PC + 4;  in GetNextInstructionPc()
156   return PC + 1;  in GetNextInstructionPc()
165               GetNextInstructionPc(TE->PC));  in UpdateObservedPCs()
172       if (++ObservedFuncs[TE->PC] == 1 && NumPrintNewFuncs)  in UpdateObservedPCs()
173         CoveredFuncs.push_back(TE->PC);  in UpdateObservedPCs()
224 static std::string GetModuleName(uintptr_t PC) {  in GetModuleName()  argument
228       reinterpret_cast<void *>(PC), ModulePathRaw,  in GetModuleName()
239     auto ModuleName = GetModuleName(M.Start->PC);  in IterateCoveredFunctions()
246       CB(FE, NextFE, ObservedFuncs[FE->PC]);  in IterateCoveredFunctions()
263       auto Name = DescribePC("%F", GetNextInstructionPc(PCTE.Start[I].PC));  in SetFocusFunction()
295     auto VisualizePC = GetNextInstructionPc(First->PC);  in PrintCoverage()
308         UncoveredPCs.push_back(TE->PC);  in PrintCoverage()
310         CoveredPCs.push_back(TE->PC);  in PrintCoverage()
314       for (auto PC : UncoveredPCs)  in PrintCoverage()  local
315         Printf(DescribePC(" %l", GetNextInstructionPc(PC)).c_str());  in PrintCoverage()
319       for (auto PC : CoveredPCs)  in PrintCoverage()  local
320         Printf(DescribePC(" %l", GetNextInstructionPc(PC)).c_str());  in PrintCoverage()
328         for (auto PC : UncoveredPCs)  in PrintCoverage()  local
330                  DescribePC("%s:%l", GetNextInstructionPc(PC)).c_str());  in PrintCoverage()
345 // The interesting value is mixed up with the PC and is then added to the map.
373   size_t PC = reinterpret_cast<size_t>(caller_pc);  in AddValueForMemcmp()  local
374   size_t Idx = (PC & 4095) | (I << 12);  in AddValueForMemcmp()
383 void TracePC::HandleCmp(uintptr_t PC, T Arg1, T Arg2) {  in HandleCmp()  argument
391   ValueProfileMap.AddValue(PC * 128 + HammingDistance);  in HandleCmp()
392   ValueProfileMap.AddValue(PC * 128 + 64 + AbsoluteDistance);  in HandleCmp()
446       "-fsanitize-coverage=trace-pc-guard");  in __sanitizer_cov_trace_pc_guard()
449 // Best-effort support for -fsanitize-coverage=trace-pc, which is available
454   fuzzer::WarnAboutDeprecatedInstrumentation("-fsanitize-coverage=trace-pc");  in __sanitizer_cov_trace_pc()
460       "-fsanitize-coverage=trace-pc-guard");  in __sanitizer_cov_trace_pc_guard_init()
477   uintptr_t PC = reinterpret_cast<uintptr_t>(GET_CALLER_PC());  in __sanitizer_cov_trace_pc_indir()  local
478   fuzzer::TPC.HandleCallerCallee(PC, Callee);  in __sanitizer_cov_trace_pc_indir()
485   uintptr_t PC = reinterpret_cast<uintptr_t>(GET_CALLER_PC());  in __sanitizer_cov_trace_cmp8()  local
486   fuzzer::TPC.HandleCmp(PC, Arg1, Arg2);  in __sanitizer_cov_trace_cmp8()
496   uintptr_t PC = reinterpret_cast<uintptr_t>(GET_CALLER_PC());  in __sanitizer_cov_trace_const_cmp8()  local
497   fuzzer::TPC.HandleCmp(PC, Arg1, Arg2);  in __sanitizer_cov_trace_const_cmp8()
504   uintptr_t PC = reinterpret_cast<uintptr_t>(GET_CALLER_PC());  in __sanitizer_cov_trace_cmp4()  local
505   fuzzer::TPC.HandleCmp(PC, Arg1, Arg2);  in __sanitizer_cov_trace_cmp4()
512   uintptr_t PC = reinterpret_cast<uintptr_t>(GET_CALLER_PC());  in __sanitizer_cov_trace_const_cmp4()  local
513   fuzzer::TPC.HandleCmp(PC, Arg1, Arg2);  in __sanitizer_cov_trace_const_cmp4()
520   uintptr_t PC = reinterpret_cast<uintptr_t>(GET_CALLER_PC());  in __sanitizer_cov_trace_cmp2()  local
521   fuzzer::TPC.HandleCmp(PC, Arg1, Arg2);  in __sanitizer_cov_trace_cmp2()
528   uintptr_t PC = reinterpret_cast<uintptr_t>(GET_CALLER_PC());  in __sanitizer_cov_trace_const_cmp2()  local
529   fuzzer::TPC.HandleCmp(PC, Arg1, Arg2);  in __sanitizer_cov_trace_const_cmp2()
536   uintptr_t PC = reinterpret_cast<uintptr_t>(GET_CALLER_PC());  in __sanitizer_cov_trace_cmp1()  local
537   fuzzer::TPC.HandleCmp(PC, Arg1, Arg2);  in __sanitizer_cov_trace_cmp1()
544   uintptr_t PC = reinterpret_cast<uintptr_t>(GET_CALLER_PC());  in __sanitizer_cov_trace_const_cmp1()  local
545   fuzzer::TPC.HandleCmp(PC, Arg1, Arg2);  in __sanitizer_cov_trace_const_cmp1()
563   uintptr_t PC = reinterpret_cast<uintptr_t>(GET_CALLER_PC());  in __sanitizer_cov_trace_switch()  local
578   // use i as the PC modifier for HandleCmp.  in __sanitizer_cov_trace_switch()
580     fuzzer::TPC.HandleCmp(PC + 2 * i, static_cast<uint16_t>(Val),  in __sanitizer_cov_trace_switch()
582     fuzzer::TPC.HandleCmp(PC + 2 * i + 1, static_cast<uint16_t>(Val),  in __sanitizer_cov_trace_switch()
585     fuzzer::TPC.HandleCmp(PC + 2 * i, static_cast<uint32_t>(Val),  in __sanitizer_cov_trace_switch()
587     fuzzer::TPC.HandleCmp(PC + 2 * i + 1, static_cast<uint32_t>(Val),  in __sanitizer_cov_trace_switch()
590     fuzzer::TPC.HandleCmp(PC + 2*i, Val, Smaller);  in __sanitizer_cov_trace_switch()
591     fuzzer::TPC.HandleCmp(PC + 2*i + 1, Val, Larger);  in __sanitizer_cov_trace_switch()
599   uintptr_t PC = reinterpret_cast<uintptr_t>(GET_CALLER_PC());  in __sanitizer_cov_trace_div4()  local
600   fuzzer::TPC.HandleCmp(PC, Val, (uint32_t)0);  in __sanitizer_cov_trace_div4()
607   uintptr_t PC = reinterpret_cast<uintptr_t>(GET_CALLER_PC());  in __sanitizer_cov_trace_div8()  local
608   fuzzer::TPC.HandleCmp(PC, Val, (uint64_t)0);  in __sanitizer_cov_trace_div8()
615   uintptr_t PC = reinterpret_cast<uintptr_t>(GET_CALLER_PC());  in __sanitizer_cov_trace_gep()  local
616   fuzzer::TPC.HandleCmp(PC, Idx, (uintptr_t)0);  in __sanitizer_cov_trace_gep()