Commit Graph

8 Commits

Author SHA1 Message Date
Khaled Yakdan 77d9252ddf runtime: fix inline assembly trampoline for arm64
Use the program counter to compute the address of the first instruction
of the ret sled. The ret sled is located after 5 instructions from the
MOVD instruction saving the value of the program counter.

Change-Id: Ie7ae7a0807785d6fea035cf7a770dba7f37de0ec
GitHub-Last-Rev: 2719208c6a
GitHub-Pull-Request: golang/go#53039
Reviewed-on: https://go-review.googlesource.com/c/go/+/407895
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Alan Donovan <adonovan@google.com>
2022-06-07 14:47:46 +00:00
Ikko Ashimine 2730c6af9f runtime: fix typo in libfuzzer_arm64.s
statment -> statement

Change-Id: Ia93a466fdc20157a7d6048903e359fe8717ecb8f
GitHub-Last-Rev: 0a9bc5cab0
GitHub-Pull-Request: golang/go#53231
Reviewed-on: https://go-review.googlesource.com/c/go/+/410374
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
2022-06-04 21:17:14 +00:00
Khaled Yakdan c1d197a96e cmd/compile: support libFuzzer value profiling mode for integer compares
libFuzzer provides a special mode known as “value profiling” in which it
tracks the bit-wise progress made by the fuzzer in satisfying tracked
comparisons. Furthermore, libFuzzer uses the value of the return address
in its hooks to distinguish the progress for different comparisons.

The original implementation of the interception for integer comparisons
in Go simply called the libFuzzer hooks from a function written in Go
assembly. The libFuzzer hooks thus always see the same return address
(i.e., the address of the call instruction in the assembly snippet) and
thus can’t distinguish individual comparisons anymore. This drastically
reduces the usefulness of value profiling.

This is fixed by using an assembly trampoline that injects synthetic but
valid return addresses on the stack before calling the libFuzzer hook,
otherwise preserving the calling convention of the respective platform
(for starters, x86_64 Windows or Unix). These fake PCs are generated
deterministically based on the location of the compare instruction in
the IR representation.

Change-Id: Iea68057c83aea7f9dc226fba7128708e8637d07a
GitHub-Last-Rev: f9184baafd
GitHub-Pull-Request: golang/go#51321
Reviewed-on: https://go-review.googlesource.com/c/go/+/387336
Reviewed-by: Michael Knyszek <mknyszek@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Keith Randall <khr@golang.org>
Reviewed-by: Keith Randall <khr@golang.org>
Reviewed-by: Keith Randall <khr@google.com>
2022-05-23 16:21:22 +00:00
Khaled Yakdan 2b0e457b42 cmd/compile: intercept string compares in libFuzzer mode
IR string compares as well as calls to string comparison functions such
as `strings.EqualFold` are intercepted and the corresponding libFuzzer
callbacks are invoked with the corresponding arguments. As a result, the
compared strings will be added to libFuzzer’s table of recent compares,
which feeds future mutations performed by the fuzzer and thus allow it
to reach into branches guarded by string comparisons.

The list of methods to intercept is maintained in
`cmd/compile/internal/walk/expr.go` and can easily be extended to cover
more standard library functions in the future.

Change-Id: I5c8b89499c4e19459406795dea923bf777779c51
GitHub-Last-Rev: 6b8529b555
GitHub-Pull-Request: golang/go#51319
Reviewed-on: https://go-review.googlesource.com/c/go/+/387335
Reviewed-by: Keith Randall <khr@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Keith Randall <khr@google.com>
Run-TryBot: Keith Randall <khr@golang.org>
2022-05-20 22:30:37 +00:00
Khaled Yakdan 7ec6ef432a cmd/compile, cmd/link: use libFuzzer 8-bit instead of extra counters
By using libFuzzer’s 8-bit counters instead of extra counters, the
coverage instrumentation in libFuzzer mode is improved in three ways:
  1- 8-bit counters are supported on all platforms, including macOS and
     Windows, with all relevant versions of libFuzzer, whereas extra
     counters are a Linux-only feature that only recently received
     support on Windows.
  2- Newly covered blocks are now properly reported as new coverage by
     libFuzzer, not only as new features.
  3- The NeverZero strategy is used to ensure that coverage counters
     never become 0 again after having been positive once. This resolves
     issues encountered when fuzzing loops with iteration counts that
     are multiples of 256 (e.g., larger powers of two).

Change-Id: I9021210d7fbffd07c891ad08750402ee91cb3df5
GitHub-Last-Rev: 9057e4b21d
GitHub-Pull-Request: golang/go#51318
Reviewed-on: https://go-review.googlesource.com/c/go/+/387334
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Keith Randall <khr@golang.org>
2022-05-20 21:32:57 +00:00
Tobias Klauser f19e400180 all: remove more leftover // +build lines
CL 344955 and CL 359476 removed almost all // +build lines, but leaving
some assembly files and generating scripts. Also, some files were added
with // +build lines after CL 359476 was merged. Remove these or rename
files where more appropriate.

For #41184

Change-Id: I7eb85a498ed9788b42a636e775f261d755504ffa
Reviewed-on: https://go-review.googlesource.com/c/go/+/361480
Trust: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
2021-11-06 10:24:44 +00:00
Tobias Klauser 2c76a6f7f8 all: add //go:build lines to assembly files
Don't add them to files in vendor and cmd/vendor though. These will be
pulled in by updating the respective dependencies.

For #41184

Change-Id: Icc57458c9b3033c347124323f33084c85b224c70
Reviewed-on: https://go-review.googlesource.com/c/go/+/319389
Trust: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
2021-05-13 09:12:17 +00:00
Matthew Dempsky ea0b4e7c7d cmd/compile, runtime: add comparison tracing for libFuzzer
This CL extends cmd/compile's experimental libFuzzer support with
calls to __sanitizer_cov_trace_{,const_}cmp{1,2,4,8}. This allows much
more efficient fuzzing of comparisons.

Only supports amd64 and arm64 for now.

Updates #14565.

Change-Id: Ibf82a8d9658f2bc50d955bdb1ae26723a3f0584d
Reviewed-on: https://go-review.googlesource.com/c/go/+/203887
Run-TryBot: Matthew Dempsky <mdempsky@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Keith Randall <khr@golang.org>
2019-11-05 00:00:43 +00:00