Thread (10 messages) 10 messages, 4 authors, 2017-09-12

Re: [PATCH 1/3] kcov: support comparison operands collection

From: Dmitry Vyukov <dvyukov@google.com>
Date: 2017-09-12 17:42:23
Also in: lkml 

On Wed, Aug 30, 2017 at 9:08 PM, Dmitry Vyukov [off-list ref] wrote:
On Wed, Aug 30, 2017 at 8:23 PM, Mark Rutland [off-list ref] wrote:
quoted
Hi,

On Wed, Aug 30, 2017 at 06:23:29PM +0200, Dmitry Vyukov wrote:
quoted
From: Victor Chibotaru <redacted>

Enables kcov to collect comparison operands from instrumented code.
This is done by using Clang's -fsanitize=trace-cmp instrumentation
(currently not available for GCC).
What's needed to build the kernel with Clang these days?

I was under the impression that it still wasn't possible to build arm64
with clang due to a number of missing features (e.g. the %a assembler
output template).
quoted
The comparison operands help a lot in fuzz testing. E.g. they are
used in Syzkaller to cover the interiors of conditional statements
with way less attempts and thus make previously unreachable code
reachable.

To allow separate collection of coverage and comparison operands two
different work modes are implemented. Mode selection is now done via
a KCOV_ENABLE ioctl call with corresponding argument value.

Signed-off-by: Victor Chibotaru <redacted>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Alexander Popov <redacted>
Cc: Andrey Ryabinin <redacted>
Cc: Kees Cook <redacted>
Cc: Vegard Nossum <redacted>
Cc: Quentin Casasnovas <redacted>
Cc: syzkaller@googlegroups.com
Cc: linux-mm@kvack.org
Cc: linux-kernel@vger.kernel.org
---
Clang instrumentation:
https://clang.llvm.org/docs/SanitizerCoverage.html#tracing-data-flow
How stable is this?

The comment at the end says "This interface is a subject to change."

The intention is that this is not subject to change anymore (since we
are using it in kernel).
I've mailed change to docs: https://reviews.llvm.org/D37303

FWIW, there is patch in flight that adds this instrumentation to gcc:
https://groups.google.com/forum/#!topic/syzkaller/CSLynn6nI-A
It seems to be stalled on review phase, though.

Good news is that this is submitted to gcc in 251801.

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help