diff options
| author | Khaled Yakdan <yakdan@code-intelligence.com> | 2022-05-18 08:54:30 +0000 |
|---|---|---|
| committer | Keith Randall <khr@golang.org> | 2022-05-20 21:32:57 +0000 |
| commit | 7ec6ef432a85a390365f2daed788f0d14c830c73 (patch) | |
| tree | c8f554af168c03e3fe383dfac516b034e10f71c3 /src/runtime/libfuzzer_amd64.s | |
| parent | e66f895667cd51d0d28c42d369a803c12db8bb35 (diff) | |
| download | go-7ec6ef432a85a390365f2daed788f0d14c830c73.tar.xz | |
cmd/compile, cmd/link: use libFuzzer 8-bit instead of extra counters
By using libFuzzer’s 8-bit counters instead of extra counters, the
coverage instrumentation in libFuzzer mode is improved in three ways:
1- 8-bit counters are supported on all platforms, including macOS and
Windows, with all relevant versions of libFuzzer, whereas extra
counters are a Linux-only feature that only recently received
support on Windows.
2- Newly covered blocks are now properly reported as new coverage by
libFuzzer, not only as new features.
3- The NeverZero strategy is used to ensure that coverage counters
never become 0 again after having been positive once. This resolves
issues encountered when fuzzing loops with iteration counts that
are multiples of 256 (e.g., larger powers of two).
Change-Id: I9021210d7fbffd07c891ad08750402ee91cb3df5
GitHub-Last-Rev: 9057e4b21d146ce9ffb3993982bfb84b96705989
GitHub-Pull-Request: golang/go#51318
Reviewed-on: https://go-review.googlesource.com/c/go/+/387334
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Keith Randall <khr@golang.org>
Diffstat (limited to 'src/runtime/libfuzzer_amd64.s')
| -rw-r--r-- | src/runtime/libfuzzer_amd64.s | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/src/runtime/libfuzzer_amd64.s b/src/runtime/libfuzzer_amd64.s index 253fe15198..5ea77f59de 100644 --- a/src/runtime/libfuzzer_amd64.s +++ b/src/runtime/libfuzzer_amd64.s @@ -40,3 +40,26 @@ call: CALL AX MOVQ R12, SP RET + +// void runtime·libfuzzerCallWithTwoByteBuffers(fn, start, end *byte) +// Calls C function fn from libFuzzer and passes 2 arguments of type *byte to it. +TEXT runtime·libfuzzerCallWithTwoByteBuffers(SB), NOSPLIT, $0-24 + MOVQ fn+0(FP), AX + MOVQ start+8(FP), RARG0 + MOVQ end+16(FP), RARG1 + + get_tls(R12) + MOVQ g(R12), R14 + MOVQ g_m(R14), R13 + + // Switch to g0 stack. + MOVQ SP, R12 // callee-saved, preserved across the CALL + MOVQ m_g0(R13), R10 + CMPQ R10, R14 + JE call // already on g0 + MOVQ (g_sched+gobuf_sp)(R10), SP +call: + ANDQ $~15, SP // alignment for gcc ABI + CALL AX + MOVQ R12, SP + RET |