Merge pull request #63 from fitzgen/update-libfuzzer-to-4a4cafa

Update libfuzzer to 4a4cafa

Author: fitzgen

CHANGELOG.md

@@ -28,6 +28,23 @@ Released YYYY-MM-DD.
 
 --------------------------------------------------------------------------------
 
+## 0.3.3
+
+Released 2020-07-27.
+
+### Changed
+
+* Upgraded libfuzzer to commit
+  [4a4cafa](https://github.com/llvm/llvm-project/commit/4a4cafabc9067fced5890a245b03ef5897ad988b).
+
+  Notably, this pulls in [the new Entropic engine for
+  libFuzzer](https://mboehme.github.io/paper/FSE20.Entropy.pdf), which should
+  boost fuzzing efficiency when enabled. You can enable Entropic by passing
+  `-entropic=1` to your built fuzz targets (although, note that it is still
+  labeled "experimental").
+
+--------------------------------------------------------------------------------
+
 ## 0.3.2
 
 Released 2020-03-18.

Cargo.toml

@@ -6,7 +6,7 @@ license = "MIT/Apache-2.0/NCSA"
 name = "libfuzzer-sys"
 readme = "./README.md"
 repository = "https://github.com/rust-fuzz/libfuzzer"
-version = "0.3.2"
+version = "0.3.3"
 
 [dependencies]
 arbitrary = "0.4.1"

README.md

@@ -63,7 +63,7 @@ $ ./target/debug/fuzzed
 ## Updating libfuzzer from upstream
 
 ```
-./update-libfuzzer.sh <llvm/compiler-rt SHA1>
+./update-libfuzzer.sh <github.com/llvm-mirror/llvm-project SHA1>
 ```
 
 ## License

libfuzzer/CMakeLists.txt

@@ -46,6 +46,8 @@ set(LIBFUZZER_HEADERS
   FuzzerUtil.h
   FuzzerValueBitMap.h)
 
+include_directories(../../include)
+
 CHECK_CXX_SOURCE_COMPILES("
   static thread_local int blah;
   int main() {
@@ -82,8 +84,6 @@ else()
   endif()
 endif()
 
-set(FUZZER_SUPPORTED_OS ${SANITIZER_COMMON_SUPPORTED_OS})
-
 add_compiler_rt_component(fuzzer)
 
 add_compiler_rt_object_libraries(RTfuzzer
@@ -101,6 +101,13 @@ add_compiler_rt_object_libraries(RTfuzzer_main
   CFLAGS ${LIBFUZZER_CFLAGS}
   DEPS ${LIBFUZZER_DEPS})
 
+add_compiler_rt_object_libraries(RTfuzzer_interceptors
+  OS ${FUZZER_SUPPORTED_OS}
+  ARCHS ${FUZZER_SUPPORTED_ARCH}
+  SOURCES FuzzerInterceptors.cpp
+  CFLAGS ${LIBFUZZER_CFLAGS}
+  DEPS ${LIBFUZZER_DEPS})
+
 add_compiler_rt_runtime(clang_rt.fuzzer
   STATIC
   OS ${FUZZER_SUPPORTED_OS}
@@ -117,6 +124,14 @@ add_compiler_rt_runtime(clang_rt.fuzzer_no_main
   CFLAGS ${LIBFUZZER_CFLAGS}
   PARENT_TARGET fuzzer)
 
+add_compiler_rt_runtime(clang_rt.fuzzer_interceptors
+  STATIC
+  OS ${FUZZER_SUPPORTED_OS}
+  ARCHS ${FUZZER_SUPPORTED_ARCH}
+  OBJECT_LIBS RTfuzzer_interceptors
+  CFLAGS ${LIBFUZZER_CFLAGS}
+  PARENT_TARGET fuzzer)
+
 if(OS_NAME MATCHES "Linux|Fuchsia" AND
    COMPILER_RT_LIBCXX_PATH AND
    COMPILER_RT_LIBCXXABI_PATH)
@@ -143,12 +158,17 @@ if(OS_NAME MATCHES "Linux|Fuchsia" AND
     add_custom_libcxx(libcxx_fuzzer_${arch} ${LIBCXX_${arch}_PREFIX}
       CFLAGS ${TARGET_CFLAGS}
       CMAKE_ARGS -DCMAKE_CXX_COMPILER_WORKS=ON
-                 -DLIBCXX_ABI_NAMESPACE=Fuzzer)
+                 -DCMAKE_POSITION_INDEPENDENT_CODE=ON
+                 -DLIBCXXABI_ENABLE_EXCEPTIONS=OFF
+                 -DLIBCXX_ABI_NAMESPACE=__Fuzzer)
     target_compile_options(RTfuzzer.${arch} PRIVATE -isystem ${LIBCXX_${arch}_PREFIX}/include/c++/v1)
     add_dependencies(RTfuzzer.${arch} libcxx_fuzzer_${arch}-build)
     target_compile_options(RTfuzzer_main.${arch} PRIVATE -isystem ${LIBCXX_${arch}_PREFIX}/include/c++/v1)
     add_dependencies(RTfuzzer_main.${arch} libcxx_fuzzer_${arch}-build)
+    target_compile_options(RTfuzzer_interceptors.${arch} PRIVATE -isystem ${LIBCXX_${arch}_PREFIX}/include/c++/v1)
+    add_dependencies(RTfuzzer_interceptors.${arch} libcxx_fuzzer_${arch}-build)
     partially_link_libcxx(fuzzer_no_main ${LIBCXX_${arch}_PREFIX} ${arch})
+    partially_link_libcxx(fuzzer_interceptors ${LIBCXX_${arch}_PREFIX} ${arch})
     partially_link_libcxx(fuzzer ${LIBCXX_${arch}_PREFIX} ${arch})
   endforeach()
 endif()

libfuzzer/FuzzerBuiltins.h

@@ -11,7 +11,7 @@
 #ifndef LLVM_FUZZER_BUILTINS_H
 #define LLVM_FUZZER_BUILTINS_H
 
-#include "FuzzerDefs.h"
+#include "FuzzerPlatform.h"
 
 #if !LIBFUZZER_MSVC
 #include <cstdint>

libfuzzer/FuzzerBuiltinsMsvc.h

@@ -12,12 +12,9 @@
 #ifndef LLVM_FUZZER_BUILTINS_MSVC_H
 #define LLVM_FUZZER_BUILTINS_MSVC_H
 
-#include "FuzzerDefs.h"
+#include "FuzzerPlatform.h"
 
 #if LIBFUZZER_MSVC
-#if !defined(_M_ARM) && !defined(_M_X64)
-#error "_BitScanReverse64 unavailable on this platform so MSVC is unsupported."
-#endif
 #include <intrin.h>
 #include <cstdint>
 #include <cstdlib>
@@ -40,7 +37,18 @@ inline uint64_t Bswap(uint64_t x) { return _byteswap_uint64(x); }
 // outside of Windows.
 inline uint32_t Clzll(uint64_t X) {
   unsigned long LeadZeroIdx = 0;
+
+#if !defined(_M_ARM) && !defined(_M_X64)
+  // Scan the high 32 bits.
+  if (_BitScanReverse(&LeadZeroIdx, static_cast<unsigned long>(X >> 32)))
+    return static_cast<int>(63 - (LeadZeroIdx + 32)); // Create a bit offset from the MSB.
+  // Scan the low 32 bits.
+  if (_BitScanReverse(&LeadZeroIdx, static_cast<unsigned long>(X)))
+    return static_cast<int>(63 - LeadZeroIdx);
+
+#else
   if (_BitScanReverse64(&LeadZeroIdx, X)) return 63 - LeadZeroIdx;
+#endif
   return 64;
 }
 
@@ -50,7 +58,13 @@ inline uint32_t Clz(uint32_t X) {
   return 32;
 }
 
-inline int Popcountll(unsigned long long X) { return __popcnt64(X); }
+inline int Popcountll(unsigned long long X) {
+#if !defined(_M_ARM) && !defined(_M_X64)
+  return __popcnt(X) + __popcnt(X >> 32);
+#else
+  return __popcnt64(X);
+#endif
+}
 
 }  // namespace fuzzer