mirror of https://github.com/golang/go.git
c1d197a96e
libFuzzer provides a special mode known as “value profiling” in which it
tracks the bit-wise progress made by the fuzzer in satisfying tracked
comparisons. Furthermore, libFuzzer uses the value of the return address
in its hooks to distinguish the progress for different comparisons.
The original implementation of the interception for integer comparisons
in Go simply called the libFuzzer hooks from a function written in Go
assembly. The libFuzzer hooks thus always see the same return address
(i.e., the address of the call instruction in the assembly snippet) and
thus can’t distinguish individual comparisons anymore. This drastically
reduces the usefulness of value profiling.
This is fixed by using an assembly trampoline that injects synthetic but
valid return addresses on the stack before calling the libFuzzer hook,
otherwise preserving the calling convention of the respective platform
(for starters, x86_64 Windows or Unix). These fake PCs are generated
deterministically based on the location of the compare instruction in
the IR representation.
Change-Id: Iea68057c83aea7f9dc226fba7128708e8637d07a
GitHub-Last-Rev:
|
||
|---|---|---|
| .. | ||
| abi | ||
| buildcfg | ||
| bytealg | ||
| cfg | ||
| cpu | ||
| diff | ||
| fmtsort | ||
| fuzz | ||
| goarch | ||
| godebug | ||
| goexperiment | ||
| goos | ||
| goroot | ||
| goversion | ||
| intern | ||
| itoa | ||
| lazyregexp | ||
| lazytemplate | ||
| nettrace | ||
| obscuretestdata | ||
| oserror | ||
| pkgbits | ||
| poll | ||
| profile | ||
| race | ||
| reflectlite | ||
| singleflight | ||
| syscall | ||
| sysinfo | ||
| testenv | ||
| testlog | ||
| trace | ||
| txtar | ||
| unsafeheader | ||
| xcoff | ||