[libFuzzer] use the in-binary pc table (instead of PCs captured at run-time) to implement -exit_on_src_pos

llvm-svn: 310151

lib/Fuzzer/FuzzerLoop.cpp

@@ -328,17 +328,16 @@ void Fuzzer::SetMaxMutationLen(size_t MaxMutationLen) {
 void Fuzzer::CheckExitOnSrcPosOrItem() {
   if (!Options.ExitOnSrcPos.empty()) {
     static auto *PCsSet = new std::set<uintptr_t>;
-    for (size_t i = 1, N = TPC.GetNumPCs(); i < N; i++) {
-      uintptr_t PC = TPC.GetPC(i);
-      if (!PC) continue;
-      if (!PCsSet->insert(PC).second) continue;
-      std::string Descr = DescribePC("%L", PC);
+    auto HandlePC = [&](uintptr_t PC) {
+      if (!PCsSet->insert(PC).second) return;
+      std::string Descr = DescribePC("%F %L", PC + 1);
       if (Descr.find(Options.ExitOnSrcPos) != std::string::npos) {
         Printf("INFO: found line matching '%s', exiting.\n",
                Options.ExitOnSrcPos.c_str());
         _Exit(0);
       }
-    }
+    };
+    TPC.ForEachObservedPC(HandlePC);
   }
   if (!Options.ExitOnItem.empty()) {
     if (Corpus.HasUnit(Options.ExitOnItem)) {

lib/Fuzzer/FuzzerTracePC.h

@@ -133,6 +133,13 @@ class TracePC {
   }
   uintptr_t GetMaxStackOffset() const { return InitialStack - LowestStack; }
 
+  template<class CallBack>
+  void ForEachObservedPC(CallBack CB) {
+    if (ObservedPCs)
+      for (auto PC : *ObservedPCs)
+        CB(PC);
+  }
+
 private:
   bool UseCounters = false;
   bool UseValueProfile = false;

lib/Fuzzer/test/ShrinkControlFlowTest.cpp

@@ -10,6 +10,10 @@
 
 static volatile int Sink;
 
+void Foo() {
+  Sink++;
+}
+
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
   int8_t Ids[256];
   memset(Ids, -1, sizeof(Ids));
@@ -20,8 +24,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
   int U = Ids[(unsigned char)'U'];
   int Z = Ids[(unsigned char)'Z'];
   if (F >= 0 && U > F && Z > U) {
-    Sink++;
-    //fprintf(stderr, "IDS: %d %d %d\n", F, U, Z);
+    Foo();
   }
   return 0;
 }

lib/Fuzzer/test/exit_on_src_pos.test

@@ -0,0 +1,8 @@
+# Temporary use -mllvm -use-unknown-locations=Disable so that
+# all instructions have debug info (file line numbers) attached.
+RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest -mllvm -use-unknown-locations=Disable
+RUN: %cpp_compiler %S/ShrinkControlFlowTest.cpp -o %t-ShrinkControlFlowTest
+
+RUN: %t-SimpleTest  -exit_on_src_pos=SimpleTest.cpp:18                 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
+RUN: %t-ShrinkControlFlowTest  -exit_on_src_pos=Foo 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
+EXIT_ON_SRC_POS: INFO: found line matching '{{.*}}', exiting.

lib/Fuzzer/test/fuzzer.test

@@ -11,7 +11,6 @@ RUN: %cpp_compiler %S/InitializeTest.cpp -o %t-InitializeTest
 RUN: %cpp_compiler %S/NotinstrumentedTest.cpp -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters,trace-pc-guard -o %t-NotinstrumentedTest-NoCoverage
 RUN: %cpp_compiler %S/NullDerefOnEmptyTest.cpp -o %t-NullDerefOnEmptyTest
 RUN: %cpp_compiler %S/NullDerefTest.cpp -o %t-NullDerefTest
-RUN: %cpp_compiler %S/ShrinkControlFlowTest.cpp -o %t-ShrinkControlFlowTest
 RUN: %cpp_compiler %S/SimpleCmpTest.cpp -o %t-SimpleCmpTest
 RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-SimpleTest
 RUN: %cpp_compiler %S/StrncmpOOBTest.cpp -o %t-StrncmpOOBTest
@@ -62,10 +61,6 @@ RUN: not %t-DSOTest 2>&1 | FileCheck %s --check-prefix=DSO
 DSO: INFO: Loaded 3 modules
 DSO: BINGO
 
-RUN: %t-SimpleTest  -exit_on_src_pos=SimpleTest.cpp:18                 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
-RUN: %t-ShrinkControlFlowTest  -exit_on_src_pos=ShrinkControlFlowTest.cpp:23 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
-EXIT_ON_SRC_POS: INFO: found line matching '{{.*}}', exiting.
-
 RUN: env ASAN_OPTIONS=strict_string_checks=1 not %t-StrncmpOOBTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=STRNCMP
 STRNCMP: AddressSanitizer: heap-buffer-overflow
 STRNCMP-NOT: __sanitizer_weak_hook_strncmp