[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC PATCH 3/3] fuzz: Add callbacks for dma-access functions
From: |
Alexander Bulekov |
Subject: |
Re: [RFC PATCH 3/3] fuzz: Add callbacks for dma-access functions |
Date: |
Thu, 9 Jul 2020 19:48:55 -0400 |
User-agent: |
NeoMutt/20180716 |
On 200623 1514, Stefan Hajnoczi wrote:
> On Thu, Jun 11, 2020 at 01:56:51AM -0400, Alexander Bulekov wrote:
> > Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
> > ---
> > exec.c | 17 ++++++++++++++++-
> > include/exec/memory.h | 8 ++++++++
> > include/exec/memory_ldst_cached.inc.h | 9 +++++++++
> > include/sysemu/dma.h | 5 ++++-
> > memory_ldst.inc.c | 12 ++++++++++++
> > 5 files changed, 49 insertions(+), 2 deletions(-)
>
> Please rename dma_read_cb() to fuzz_dma_read_cb() so the purpose of the
> function is clear.
>
> The ifdefs can be avoided by defining an empty function when CONFIG_FUZZ
> is undefined. In a header file:
>
> #ifdef CONFIG_FUZZ
> void fuzz_dma_read_cb(size_t addr, size_t len);
> #else
> static inline void fuzz_dma_read_cb(size_t addr, size_t len)
> {
> /* Do nothing */
> }
> #endif
>
If I understand correctly, this still has the problem that normal
qemu-system builds under --enable-fuzzing are broken. I'm not sure if
there is some nice solution for this. For example, a sort-of ugly
solution could add this to softmmu/main.c (ie something that is linked
for the qemu-system build, but not for qemu-fuzz).
#ifdef CONFIG_FUZZ
#include "something.h"
static void fuzz_dma_read_cb(size_t addr, size_t len)
{
/* Do nothing */
}
#endif
> Now the compiler should eliminate the deadcode:
>
> #ifdef CONFIG_FUZZ
> if (as->root == get_system_memory()) {
> dma_read_cb(addr, len);
> }
> #endif
>
> becomes:
>
> if (as->root == get_system_memory()) {
> fuzz_dma_read_cb(addr, len);
> }
>
> Hopefully gcc and clang will eliminate this and emit no instructions
> when CONFIG_FUZZ is undefined. If not, you can simply pass in 'as' and
> 'is_write' too:
>
> void fuzz_dma_read_cb(AddressSpace *as, bool is_write, size_t addr, size_t
> len)
>
Yes I'll add in is_write. Hopefully that will make life easier for the
compiler.
Thanks
> This way the conditional is moved inside fuzz_dma_read_cb() and deadcode
> elimination becomes trivial for the compiler:
>
> fuzz_read_cb(as, is_write, addr, len);
- Re: [RFC PATCH 3/3] fuzz: Add callbacks for dma-access functions,
Alexander Bulekov <=