Record refcounter trace into a file in the artefacts dir.

sippy · Sep 4, 2024 · 2e08fb5 · 2e08fb5
1 parent 0ca6a5b
commit 2e08fb5
Show file tree

Hide file tree

Showing 6 changed files with 52 additions and 3 deletions.
diff --git a/scripts/fuzz/fuzz_command_parser.c b/scripts/fuzz/fuzz_command_parser.c
@@ -11,6 +11,19 @@
 int
 LLVMFuzzerInitialize(int *_argc, char ***_argv)
 {
+#if 1
+    char * const *argv = *_argv;
+
+    for (int i = 0; i < *_argc; i++) {
+        int aplen = sizeof("-artifact_prefix=") - 1;
+        if (memcmp(argv[i], "-artifact_prefix=", aplen))
+            continue;
+        RTPPInitializeParams.artifact_prefix = argv[i] + aplen;
+        fprintf(stderr, "RTPPInitializeParams.artifact_prefix = %s\n", RTPPInitializeParams.artifact_prefix);
+    }
+#else
+    RTPPInitializeParams.artifact_prefix = "/out";
+#endif
 
     return RTPPInitialize();
 }

diff --git a/scripts/fuzz/fuzz_standalone.h b/scripts/fuzz/fuzz_standalone.h
@@ -15,6 +15,7 @@ extern int LLVMFuzzerInitialize(int *argc, char ***argv) __attribute__((__weak__
 
 int LLVMFuzzerTestOneInput(const char *data, size_t size);
 
+#if 0
 __attribute__((constructor)) static void
 rtpp_init()
 {
@@ -24,6 +25,7 @@ rtpp_init()
             abort();
     }
 }
+#endif
 
 int
 main(int argc, char *argv[])
@@ -32,12 +34,19 @@ main(int argc, char *argv[])
     char *cp;
     size_t size;
 
+    if (LLVMFuzzerInitialize == NULL)
+        return (-1);
+    int r = LLVMFuzzerInitialize(&argc, &argv);
+    if (r != 0)
+        return (-1);
     fflag = 0;
-    while ((ch = getopt(argc, argv, "f")) != -1) {
+    while ((ch = getopt(argc, argv, "a:f")) != -1) {
         switch (ch) {
         case 'f':
             fflag = 1;
             break;
+        case 'a':
+            break;
         default:
             return (-1);
         }

diff --git a/scripts/fuzz/rfz_utils.c b/scripts/fuzz/rfz_utils.c
@@ -1,4 +1,5 @@
 #include <sys/socket.h>
+#include <sys/stat.h>
 #include <assert.h>
 #include <fcntl.h>
 #include <stdio.h>
@@ -61,6 +62,10 @@ cleanupHandler(void)
     printf("Cleaning up before exit...\n");
     rtpp_shutdown(gconf.cfsp);
     close(gconf.tfd);
+    if (rtpp_refcnt_tracefile != NULL) {
+        fflush(rtpp_refcnt_tracefile);
+        fclose(rtpp_refcnt_tracefile);
+    }
 }
 
 static unsigned char deterministic_data[32] = {
@@ -138,6 +143,14 @@ RTPPInitialize(void)
     if (__afl_manual_init != NULL)
         __afl_manual_init();
 
+    if (rp->artifact_prefix != NULL) {
+        char buf[512];
+        snprintf(buf, sizeof(buf), "%s/rtpp_refcnt.%d.txt", rp->artifact_prefix, getpid());
+        rtpp_refcnt_tracefile = fopen(buf, "w");
+        if (rtpp_refcnt_tracefile == NULL)
+            goto e0;
+    }
+
     OPT_SAVE();
     assert(RAND_set_rand_method(&dummy) == 1);
     SeedRNGs();

diff --git a/scripts/fuzz/rfz_utils.h b/scripts/fuzz/rfz_utils.h
@@ -8,6 +8,7 @@ struct RTPPInitializeParams {
     const char *notify_socket;
     const char *rec_spool_dir;
     const char *rec_final_dir;
+    const char *artifact_prefix;
     const char *modules[];
 };
 

diff --git a/src/rtpp_refcnt.c b/src/rtpp_refcnt.c
@@ -80,6 +80,8 @@ struct rtpp_refcnt_priv
     int flags;
 };
 const size_t rtpp_refcnt_osize = sizeof(struct rtpp_refcnt_priv);
+FILE *rtpp_refcnt_tracefile = NULL;
+#define TRFD ((rtpp_refcnt_tracefile == NULL) ? stderr : rtpp_refcnt_tracefile)
 
 static void rtpp_refcnt_attach(struct rtpp_refcnt *, rtpp_refcnt_dtor_t,
   void *);
@@ -185,7 +187,8 @@ rtpp_refcnt_incref(struct rtpp_refcnt *pub, HERETYPE mlp)
             free(dbuf);
         }
 #else
-        fprintf(stderr, CODEPTR_FMT(": rtpp_refcnt(%p, %u).incref()\n", mlp, pub, oldcnt));
+        fprintf(TRFD, CODEPTR_FMT(": rtpp_refcnt(%p, %u).incref()\n", mlp, pub, oldcnt));
+        fflush(TRFD);
 #endif
     }
 #endif
@@ -223,7 +226,8 @@ rtpp_refcnt_decref(struct rtpp_refcnt *pub, HERETYPE mlp)
             free(dbuf);
         }
 #else
-        fprintf(stderr, CODEPTR_FMT(": rtpp_refcnt(%p, %u).decref()\n", mlp, pub, oldcnt));
+        fprintf(TRFD, CODEPTR_FMT(": rtpp_refcnt(%p, %u).decref()\n", mlp, pub, oldcnt));
+        fflush(TRFD);
 #endif
     }
 #endif

diff --git a/src/rtpp_refcnt.h b/src/rtpp_refcnt.h
@@ -31,6 +31,14 @@ struct rtpp_codeptr;
 
 typedef void (*rtpp_refcnt_dtor_t)(void *);
 
+#if defined(__FreeBSD__)
+struct __sFILE;
+typedef struct __sFILE FILE;
+#else
+struct _IO_FILE;
+typedef struct _IO_FILE FILE;
+#endif
+
 DECLARE_CLASS(rtpp_refcnt, void *, rtpp_refcnt_dtor_t);
 
 DECLARE_METHOD(rtpp_refcnt, refcnt_incref, void, const struct rtpp_codeptr *);
@@ -63,6 +71,7 @@ struct rtpp_refcnt
 };
 
 extern const size_t rtpp_refcnt_osize;
+extern FILE *rtpp_refcnt_tracefile;
 rtpp_refcnt_rot *rtpp_refcnt_ctor_pa(void *);
 
 #define _GET_ARG_3(_1, _2, _3, ...) _3