From 54b7e144b126beb89e86dd8f3dc7ddc7a13871c9 Mon Sep 17 00:00:00 2001 From: Andrew Kelley Date: Sun, 21 Jul 2024 18:12:22 -0700 Subject: initial support for integrated fuzzing * Add the `-ffuzz` and `-fno-fuzz` CLI arguments. * Detect fuzz testing flags from zig cc. * Set the correct clang flags when fuzz testing is requested. It can be combined with TSAN and UBSAN. * Compilation: build fuzzer library when needed which is currently an empty zig file. * Add optforfuzzing to every function in the llvm backend for modules that have requested fuzzing. * In ZigLLVMTargetMachineEmitToFile, add the optimization passes for sanitizer coverage. * std.mem.eql uses a naive implementation optimized for fuzzing when builtin.fuzz is true. Tracked by #20702 --- src/zig_llvm.cpp | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) (limited to 'src/zig_llvm.cpp') diff --git a/src/zig_llvm.cpp b/src/zig_llvm.cpp index 72f1026617..86861ef427 100644 --- a/src/zig_llvm.cpp +++ b/src/zig_llvm.cpp @@ -54,6 +54,7 @@ #include #include #include +#include #include #include #include @@ -188,9 +189,10 @@ struct TimeTracerRAII { }; } // end anonymous namespace + bool ZigLLVMTargetMachineEmitToFile(LLVMTargetMachineRef targ_machine_ref, LLVMModuleRef module_ref, char **error_message, bool is_debug, - bool is_small, bool time_report, bool tsan, bool lto, + bool is_small, bool time_report, bool tsan, bool sancov, bool lto, const char *asm_filename, const char *bin_filename, const char *llvm_ir_filename, const char *bitcode_filename) { @@ -303,13 +305,18 @@ bool ZigLLVMTargetMachineEmitToFile(LLVMTargetMachineRef targ_machine_ref, LLVMM }); } - // Thread sanitizer - if (tsan) { - pass_builder.registerOptimizerLastEPCallback([](ModulePassManager &module_pm, OptimizationLevel level) { + pass_builder.registerOptimizerLastEPCallback([&](ModulePassManager &module_pm, OptimizationLevel level) { + // Code coverage instrumentation. + if (sancov) { + module_pm.addPass(SanitizerCoveragePass()); + } + + // Thread sanitizer + if (tsan) { module_pm.addPass(ModuleThreadSanitizerPass()); module_pm.addPass(createModuleToFunctionPassAdaptor(ThreadSanitizerPass())); - }); - } + } + }); ModulePassManager module_pm; OptimizationLevel opt_level; -- cgit v1.2.3 From 105b91d30f732d127a7f23a1a1d4a2c794c05d3d Mon Sep 17 00:00:00 2001 From: Andrew Kelley Date: Sun, 21 Jul 2024 23:53:29 -0700 Subject: ZigLLVMTargetMachineEmitToFile: make sancov enable the options --- src/zig_llvm.cpp | 67 ++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 41 insertions(+), 26 deletions(-) (limited to 'src/zig_llvm.cpp') diff --git a/src/zig_llvm.cpp b/src/zig_llvm.cpp index 86861ef427..5580b61367 100644 --- a/src/zig_llvm.cpp +++ b/src/zig_llvm.cpp @@ -189,6 +189,27 @@ struct TimeTracerRAII { }; } // end anonymous namespace +static SanitizerCoverageOptions getSanCovOptions(void) { + SanitizerCoverageOptions o; + o.CoverageType = SanitizerCoverageOptions::SCK_Edge; + o.IndirectCalls = true; + o.TraceBB = false; + o.TraceCmp = true; + o.TraceDiv = false; + o.TraceGep = false; + o.Use8bitCounters = false; + o.TracePC = false; + o.TracePCGuard = false; + o.Inline8bitCounters = true; + o.InlineBoolFlag = false; + o.PCTable = true; + o.NoPrune = false; + o.StackDepth = true; + o.TraceLoads = false; + o.TraceStores = false; + o.CollectControlFlow = false; + return o; +} bool ZigLLVMTargetMachineEmitToFile(LLVMTargetMachineRef targ_machine_ref, LLVMModuleRef module_ref, char **error_message, bool is_debug, @@ -279,36 +300,23 @@ bool ZigLLVMTargetMachineEmitToFile(LLVMTargetMachineRef targ_machine_ref, LLVMM pass_builder.registerCGSCCAnalyses(cgscc_am); pass_builder.registerFunctionAnalyses(function_am); pass_builder.registerLoopAnalyses(loop_am); - pass_builder.crossRegisterProxies(loop_am, function_am, - cgscc_am, module_am); - - // IR verification - if (assertions_on) { - // Verify the input - pass_builder.registerPipelineStartEPCallback( - [](ModulePassManager &module_pm, OptimizationLevel OL) { - module_pm.addPass(VerifierPass()); - }); - // Verify the output - pass_builder.registerOptimizerLastEPCallback( - [](ModulePassManager &module_pm, OptimizationLevel OL) { - module_pm.addPass(VerifierPass()); - }); - } + pass_builder.crossRegisterProxies(loop_am, function_am, cgscc_am, module_am); - // Passes specific for release build - if (!is_debug) { - pass_builder.registerPipelineStartEPCallback( - [](ModulePassManager &module_pm, OptimizationLevel OL) { - module_pm.addPass( - createModuleToFunctionPassAdaptor(AddDiscriminatorsPass())); - }); - } + pass_builder.registerPipelineStartEPCallback([&](ModulePassManager &module_pm, OptimizationLevel OL) { + // Verify the input + if (assertions_on) { + module_pm.addPass(VerifierPass()); + } - pass_builder.registerOptimizerLastEPCallback([&](ModulePassManager &module_pm, OptimizationLevel level) { + if (!is_debug) { + module_pm.addPass(createModuleToFunctionPassAdaptor(AddDiscriminatorsPass())); + } + }); + + pass_builder.registerOptimizerEarlyEPCallback([&](ModulePassManager &module_pm, OptimizationLevel OL) { // Code coverage instrumentation. if (sancov) { - module_pm.addPass(SanitizerCoveragePass()); + module_pm.addPass(SanitizerCoveragePass(getSanCovOptions())); } // Thread sanitizer @@ -318,6 +326,13 @@ bool ZigLLVMTargetMachineEmitToFile(LLVMTargetMachineRef targ_machine_ref, LLVMM } }); + pass_builder.registerOptimizerLastEPCallback([&](ModulePassManager &module_pm, OptimizationLevel level) { + // Verify the output + if (assertions_on) { + module_pm.addPass(VerifierPass()); + } + }); + ModulePassManager module_pm; OptimizationLevel opt_level; // Setting up the optimization level -- cgit v1.2.3