[fuzzer] Script to detect unbalanced allocation in -trace_malloc output (ca907527) · Commits · llvm-doe / llvm-project

compiler-rt/lib/fuzzer/scripts/unbalanced_allocs.py

0 → 100755

+93 −0

Original line number	Diff line number	Diff line
		#!/usr/bin/env python
		#===- lib/fuzzer/scripts/unbalanced_allocs.py ------------------------------===#
		#
		# The LLVM Compiler Infrastructure
		#
		# This file is distributed under the University of Illinois Open Source
		# License. See LICENSE.TXT for details.
		#
		#===------------------------------------------------------------------------===#
		#
		# Post-process -trace_malloc=2 output and printout only allocations and frees
		# unbalanced inside of fuzzer runs.
		# Usage:
		# my_fuzzer -trace_malloc=2 -runs=10 2>&1 \| unbalanced_allocs.py -skip=5
		#
		#===------------------------------------------------------------------------===#

		import argparse
		import sys

		_skip = 0

		def PrintStack(line, stack):
		global _skip
		if _skip > 0:
		return
		print 'Unbalanced ' + line.rstrip();
		for l in stack:
		print l.rstrip()

		def ProcessStack(line, f):
		stack = []
		while line and line.startswith(' #'):
		stack += [line]
		line = f.readline()
		return line, stack

		def ProcessFree(line, f, allocs):
		if not line.startswith('FREE['):
		return f.readline()

		addr = int(line.split()[1], 16)
		next_line, stack = ProcessStack(f.readline(), f)
		if addr in allocs:
		del allocs[addr]
		else:
		PrintStack(line, stack)
		return next_line

		def ProcessMalloc(line, f, allocs):
		if not line.startswith('MALLOC['):
		return ProcessFree(line, f, allocs)

		addr = int(line.split()[1], 16)
		assert not addr in allocs

		next_line, stack = ProcessStack(f.readline(), f)
		allocs[addr] = (line, stack)
		return next_line

		def ProcessRun(line, f):
		if not line.startswith('MallocFreeTracer: START'):
		return ProcessMalloc(line, f, {})

		allocs = {}
		print line.rstrip()
		line = f.readline()
		while line:
		if line.startswith('MallocFreeTracer: STOP'):
		global _skip
		_skip = _skip - 1
		for _, (l, s) in allocs.iteritems():
		PrintStack(l, s)
		print line.rstrip()
		return f.readline()
		line = ProcessMalloc(line, f, allocs)
		return line

		def ProcessFile(f):
		line = f.readline()
		while line:
		line = ProcessRun(line, f);

		def main(argv):
		parser = argparse.ArgumentParser()
		parser.add_argument('--skip', default=0, help='number of runs to ignore')
		args = parser.parse_args()
		global _skip
		_skip = int(args.skip) + 1
		ProcessFile(sys.stdin)

		if __name__ == '__main__':
		main(sys.argv)

compiler-rt/test/fuzzer/trace-malloc-unbalanced.test

0 → 100644

+27 −0

Original line number	Diff line number	Diff line
		// FIXME: This test infinite loops on darwin because it crashes
		// printing a stack trace repeatedly
		UNSUPPORTED: darwin

		// Verifies lib/fuzzer/scripts/unbalanced_allocs.py script

		RUN: %cpp_compiler %S/TraceMallocTest.cpp -o %t-TraceMallocTest

		RUN: %t-TraceMallocTest -seed=1 -trace_malloc=1 -runs=100 2>&1 \| \
		RUN: %libfuzzer_src/scripts/unbalanced_allocs.py --skip=5 \| FileCheck %s

		RUN: %t-TraceMallocTest -seed=1 -trace_malloc=2 -runs=100 2>&1 \| \
		RUN: %libfuzzer_src/scripts/unbalanced_allocs.py --skip=5 \| FileCheck %s --check-prefixes=CHECK,CHECK2

		CHECK: MallocFreeTracer: START
		CHECK: Unbalanced MALLOC[{{[0-9]+}}] [[PTR:0x[0-9a-f]+]] 4
		CHECK2-NEXT: {{ #0 0x[0-9a-f]+ in }}
		CHECK2-NEXT: {{ #1 0x[0-9a-f]+ in }}
		CHECK2-NEXT: {{ #2 0x[0-9a-f]+ in }}
		CHECK: MallocFreeTracer: STOP

		CHECK: MallocFreeTracer: START
		CHECK: Unbalanced FREE[{{[0-9]+}}] [[PTR]]
		CHECK2-NEXT: {{ #0 0x[0-9a-f]+ in }}
		CHECK2-NEXT: {{ #1 0x[0-9a-f]+ in }}
		CHECK2-NEXT: {{ #2 0x[0-9a-f]+ in }}
		CHECK: MallocFreeTracer: STOP