[fuzzer] Fix threaded stack printing and nested mallocs

Summary: Nested mallocs are possible with internal symbolizer. Reviewers: kcc Subscribers: llvm-commits Differential Revision: https://reviews.llvm.org/D39397 llvm-svn: 317034
author: Vitaly Buka <vitalybuka@google.com> 2017-10-31 20:49:48 +0000
committer: Vitaly Buka <vitalybuka@google.com> 2017-10-31 20:49:48 +0000
commit: 58da33e35ccdb19cf789ba0cd9b5c021a0f9f43a (patch)
tree: 8207e4c8b70ed70629b7b04d226ac12c21890a17 /compiler-rt
parent: f87c142d9e19795596681b7f18bbaf8380cd41b7 (diff)
download: bcm5719-llvm-58da33e35ccdb19cf789ba0cd9b5c021a0f9f43a.tar.gz
bcm5719-llvm-58da33e35ccdb19cf789ba0cd9b5c021a0f9f43a.zip
3 files changed, 77 insertions, 0 deletions
diff --git a/compiler-rt/lib/fuzzer/FuzzerLoop.cpp b/compiler-rt/lib/fuzzer/FuzzerLoop.cpp
index d3ac4ce7ee9..9cb580a30d7 100644
--- a/compiler-rt/lib/fuzzer/FuzzerLoop.cpp
+++ b/compiler-rt/lib/fuzzer/FuzzerLoop.cpp
@@ -19,6 +19,7 @@
 #include <algorithm>
 #include <cstring>
 #include <memory>
+#include <mutex>
 #include <set>
 
 #if defined(__has_include)
@@ -73,11 +74,24 @@ struct MallocFreeTracer {
 
 static MallocFreeTracer AllocTracer;
 
+static thread_local bool IsMallocFreeHookDisabled;
+static std::mutex MallocFreeStackMutex;
+
+struct MallocFreeHookDisabler {
+  MallocFreeHookDisabler() { IsMallocFreeHookDisabled = true; }
+  ~MallocFreeHookDisabler() { IsMallocFreeHookDisabled = false; }
+};
+
 ATTRIBUTE_NO_SANITIZE_MEMORY
 void MallocHook(const volatile void *ptr, size_t size) {
+  // Avoid nested hooks for mallocs/frees in sanitizer.
+  if (IsMallocFreeHookDisabled)
+    return;
+  MallocFreeHookDisabler Disable;
   size_t N = AllocTracer.Mallocs++;
   F->HandleMalloc(size);
   if (int TraceLevel = AllocTracer.TraceLevel) {
+    std::lock_guard<std::mutex> Lock(MallocFreeStackMutex);
     Printf("MALLOC[%zd] %p %zd\n", N, ptr, size);
     if (TraceLevel >= 2 && EF)
       EF->__sanitizer_print_stack_trace();
@@ -86,8 +100,13 @@ void MallocHook(const volatile void *ptr, size_t size) {
 
 ATTRIBUTE_NO_SANITIZE_MEMORY
 void FreeHook(const volatile void *ptr) {
+  // Avoid nested hooks for mallocs/frees in sanitizer.
+  if (IsMallocFreeHookDisabled)
+    return;
+  MallocFreeHookDisabler Disable;
   size_t N = AllocTracer.Frees++;
   if (int TraceLevel = AllocTracer.TraceLevel) {
+    std::lock_guard<std::mutex> Lock(MallocFreeStackMutex);
     Printf("FREE[%zd]   %p\n", N, ptr);
     if (TraceLevel >= 2 && EF)
       EF->__sanitizer_print_stack_trace();
diff --git a/compiler-rt/test/fuzzer/TraceMallocThreadedTest.cpp b/compiler-rt/test/fuzzer/TraceMallocThreadedTest.cpp
new file mode 100644
index 00000000000..5603af344cb
--- /dev/null
+++ b/compiler-rt/test/fuzzer/TraceMallocThreadedTest.cpp
@@ -0,0 +1,22 @@
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+
+// Check that allocation tracing from different threads does not cause
+// interleaving of stack traces.
+#include <assert.h>
+#include <cstddef>
+#include <cstdint>
+#include <cstring>
+#include <thread>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  auto C = [&] {
+    volatile void *a = malloc(5639);
+    free((void *)a);
+  };
+  std::thread T[] = {std::thread(C), std::thread(C), std::thread(C),
+                     std::thread(C), std::thread(C), std::thread(C)};
+  for (auto &X : T)
+    X.join();
+  return 0;
+}
diff --git a/compiler-rt/test/fuzzer/trace-malloc-threaded.test b/compiler-rt/test/fuzzer/trace-malloc-threaded.test
new file mode 100644
index 00000000000..11f3f049155
--- /dev/null
+++ b/compiler-rt/test/fuzzer/trace-malloc-threaded.test
@@ -0,0 +1,36 @@
+// FIXME: This test infinite loops on darwin because it crashes
+// printing a stack trace repeatedly
+UNSUPPORTED: darwin
+
+RUN: %cpp_compiler %S/TraceMallocThreadedTest.cpp -o %t-TraceMallocThreadedTest
+
+RUN: %t-TraceMallocThreadedTest -trace_malloc=2 -runs=1 2>&1 | FileCheck %s
+CHECK: {{MALLOC\[[0-9]+] +0x[0-9]+ 5639}}
+CHECK-NEXT: {{ +\#0 +}}
+CHECK-NEXT: {{ +\#1 +}}
+CHECK-NEXT: {{ +\#2 +}}
+
+CHECK: {{MALLOC\[[0-9]+] +0x[0-9]+ 5639}}
+CHECK-NEXT: {{ +\#0 +}}
+CHECK-NEXT: {{ +\#1 +}}
+CHECK-NEXT: {{ +\#2 +}}
+
+CHECK: {{MALLOC\[[0-9]+] +0x[0-9]+ 5639}}
+CHECK-NEXT: {{ +\#0 +}}
+CHECK-NEXT: {{ +\#1 +}}
+CHECK-NEXT: {{ +\#2 +}}
+
+CHECK: {{MALLOC\[[0-9]+] +0x[0-9]+ 5639}}
+CHECK-NEXT: {{ +\#0 +}}
+CHECK-NEXT: {{ +\#1 +}}
+CHECK-NEXT: {{ +\#2 +}}
+
+CHECK: {{MALLOC\[[0-9]+] +0x[0-9]+ 5639}}
+CHECK-NEXT: {{ +\#0 +}}
+CHECK-NEXT: {{ +\#1 +}}
+CHECK-NEXT: {{ +\#2 +}}
+
+CHECK: {{MALLOC\[[0-9]+] +0x[0-9]+ 5639}}
+CHECK-NEXT: {{ +\#0 +}}
+CHECK-NEXT: {{ +\#1 +}}
+CHECK-NEXT: {{ +\#2 +}}
author	Vitaly Buka <vitalybuka@google.com>	2017-10-31 20:49:48 +0000
committer	Vitaly Buka <vitalybuka@google.com>	2017-10-31 20:49:48 +0000
commit	58da33e35ccdb19cf789ba0cd9b5c021a0f9f43a (patch)
tree	8207e4c8b70ed70629b7b04d226ac12c21890a17 /compiler-rt
parent	f87c142d9e19795596681b7f18bbaf8380cd41b7 (diff)
download	bcm5719-llvm-58da33e35ccdb19cf789ba0cd9b5c021a0f9f43a.tar.gz bcm5719-llvm-58da33e35ccdb19cf789ba0cd9b5c021a0f9f43a.zip