[libFuzzer] improve -print_pcs to not print new PCs coming from libFuzzer itself

llvm-svn: 281016

2 files changed, 19 insertions, 8 deletions

diff --git a/llvm/lib/Fuzzer/FuzzerInternal.h b/llvm/lib/Fuzzer/FuzzerInternal.h
index a83d64fa811..06e20057245 100644
--- a/llvm/lib/Fuzzer/FuzzerInternal.h
+++ b/llvm/lib/Fuzzer/FuzzerInternal.h
@@ -374,14 +374,12 @@ public:
       PCMapBits = 0;
       VPMap.Reset();
       VPMapBits = 0;
-      PcBufferPos = 0;
     }
 
     std::string DebugString() const;
 
     size_t BlockCoverage;
     size_t CallerCalleeCoverage;
-    size_t PcBufferPos;
     // Precalculated number of bits in CounterBitmap.
     size_t CounterBitmapBits;
     std::vector<uint8_t> CounterBitmap;
@@ -486,6 +484,7 @@ private:
   void DeathCallback();
 
   void ResetEdgeCoverage();
+  void ResetCounters();
   void PrepareCounters(Fuzzer::Coverage *C);
   bool RecordMaxCoverage(Fuzzer::Coverage *C);
 
@@ -518,7 +517,7 @@ private:
   // For -print_pcs
   uintptr_t* PcBuffer = nullptr;
   size_t PcBufferLen = 0;
-  size_t PrevPcBufferPos;
+  size_t PcBufferPos = 0, PrevPcBufferPos = 0;
 
   // Need to know our own thread.
   static thread_local bool IsMyThread;
diff --git a/llvm/lib/Fuzzer/FuzzerLoop.cpp b/llvm/lib/Fuzzer/FuzzerLoop.cpp
index caae98e4648..017ea03eaf7 100644
--- a/llvm/lib/Fuzzer/FuzzerLoop.cpp
+++ b/llvm/lib/Fuzzer/FuzzerLoop.cpp
@@ -57,6 +57,14 @@ void Fuzzer::ResetEdgeCoverage() {
   EF->__sanitizer_reset_coverage();
 }
 
+void Fuzzer::ResetCounters() {
+  if (Options.UseCounters) {
+    EF->__sanitizer_update_counter_bitset_and_clear_counters(0);
+  }
+  if (EF->__sanitizer_get_coverage_pc_buffer_pos)
+    PcBufferPos = EF->__sanitizer_get_coverage_pc_buffer_pos();
+}
+
 void Fuzzer::PrepareCounters(Fuzzer::Coverage *C) {
   if (Options.UseCounters) {
     size_t NumCounters = EF->__sanitizer_get_number_of_counters();
@@ -109,9 +117,9 @@ bool Fuzzer::RecordMaxCoverage(Fuzzer::Coverage *C) {
 
   if (EF->__sanitizer_get_coverage_pc_buffer_pos) {
     uint64_t NewPcBufferPos = EF->__sanitizer_get_coverage_pc_buffer_pos();
-    if (NewPcBufferPos > C->PcBufferPos) {
+    if (NewPcBufferPos > PcBufferPos) {
       Res = true;
-      C->PcBufferPos = NewPcBufferPos;
+      PcBufferPos = NewPcBufferPos;
     }
 
     if (PcBufferLen && NewPcBufferPos >= PcBufferLen) {
@@ -417,7 +425,7 @@ void Fuzzer::ShuffleAndMinimize() {
 }
 
 bool Fuzzer::UpdateMaxCoverage() {
-  PrevPcBufferPos = MaxCoverage.PcBufferPos;
+  PrevPcBufferPos = PcBufferPos;
   bool Res = RecordMaxCoverage(&MaxCoverage);
 
   return Res;
@@ -470,6 +478,7 @@ void Fuzzer::ExecuteCallback(const uint8_t *Data, size_t Size) {
   AssignTaintLabels(DataCopy, Size);
   CurrentUnitSize = Size;
   AllocTracer.Start();
+  ResetCounters();  // Reset coverage right before the callback.
   int Res = CB(DataCopy, Size);
   (void)Res;
   HasMoreMallocsThanFrees = AllocTracer.Stop();
@@ -535,12 +544,15 @@ void Fuzzer::PrintStatusForNewUnit(const Unit &U) {
 }
 
 void Fuzzer::PrintNewPCs() {
-  if (Options.PrintNewCovPcs && PrevPcBufferPos != MaxCoverage.PcBufferPos) {
-    for (size_t I = PrevPcBufferPos; I < MaxCoverage.PcBufferPos; ++I) {
+  if (Options.PrintNewCovPcs && PrevPcBufferPos != PcBufferPos) {
+    int NumPrinted = 0;
+    for (size_t I = PrevPcBufferPos; I < PcBufferPos; ++I) {
+      if (NumPrinted++ > 30) break;  // Don't print too many new PCs.
       if (EF->__sanitizer_symbolize_pc) {
         char PcDescr[1024];
         EF->__sanitizer_symbolize_pc(reinterpret_cast<void*>(PcBuffer[I]),
                                      "%p %F %L", PcDescr, sizeof(PcDescr));
+        PcDescr[sizeof(PcDescr) - 1] = 0;  // Just in case.
         Printf("\tNEW_PC: %s\n", PcDescr);
       } else {
         Printf("\tNEW_PC: %p\n", PcBuffer[I]);