diff options
| author | Khaled Yakdan <yakdan@code-intelligence.com> | 2022-05-20 22:09:58 +0000 |
|---|---|---|
| committer | Keith Randall <khr@golang.org> | 2022-05-20 22:30:37 +0000 |
| commit | 2b0e457b42a64455ca2d3eebb5c6d4e6acfc5db2 (patch) | |
| tree | 5d524a6994b395136cf1e6e5954266856091bd08 /src/internal/fuzz | |
| parent | b58067013eaa2f2bf0dc24f4d848e10bb758b6bd (diff) | |
| download | go-2b0e457b42a64455ca2d3eebb5c6d4e6acfc5db2.tar.xz | |
cmd/compile: intercept string compares in libFuzzer mode
IR string compares as well as calls to string comparison functions such
as `strings.EqualFold` are intercepted and the corresponding libFuzzer
callbacks are invoked with the corresponding arguments. As a result, the
compared strings will be added to libFuzzer’s table of recent compares,
which feeds future mutations performed by the fuzzer and thus allow it
to reach into branches guarded by string comparisons.
The list of methods to intercept is maintained in
`cmd/compile/internal/walk/expr.go` and can easily be extended to cover
more standard library functions in the future.
Change-Id: I5c8b89499c4e19459406795dea923bf777779c51
GitHub-Last-Rev: 6b8529b55561faf57ea59cb7cff1caf8c9c94ecd
GitHub-Pull-Request: golang/go#51319
Reviewed-on: https://go-review.googlesource.com/c/go/+/387335
Reviewed-by: Keith Randall <khr@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Keith Randall <khr@google.com>
Run-TryBot: Keith Randall <khr@golang.org>
Diffstat (limited to 'src/internal/fuzz')
| -rw-r--r-- | src/internal/fuzz/trace.go | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/internal/fuzz/trace.go b/src/internal/fuzz/trace.go index cab0838fab..3aa684b49c 100644 --- a/src/internal/fuzz/trace.go +++ b/src/internal/fuzz/trace.go @@ -18,6 +18,9 @@ import _ "unsafe" // for go:linkname //go:linkname libfuzzerTraceConstCmp4 runtime.libfuzzerTraceConstCmp4 //go:linkname libfuzzerTraceConstCmp8 runtime.libfuzzerTraceConstCmp8 +//go:linkname libfuzzerHookStrCmp runtime.libfuzzerHookStrCmp +//go:linkname libfuzzerHookEqualFold runtime.libfuzzerHookEqualFold + func libfuzzerTraceCmp1(arg0, arg1 uint8) {} func libfuzzerTraceCmp2(arg0, arg1 uint16) {} func libfuzzerTraceCmp4(arg0, arg1 uint32) {} @@ -27,3 +30,6 @@ func libfuzzerTraceConstCmp1(arg0, arg1 uint8) {} func libfuzzerTraceConstCmp2(arg0, arg1 uint16) {} func libfuzzerTraceConstCmp4(arg0, arg1 uint32) {} func libfuzzerTraceConstCmp8(arg0, arg1 uint64) {} + +func libfuzzerHookStrCmp(arg0, arg1 string, fakePC int) {} +func libfuzzerHookEqualFold(arg0, arg1 string, fakePC int) {} |