/src/php-src/sapi/fuzzer/fuzzer-tracing-jit.c
Line | Count | Source |
1 | | /* |
2 | | +----------------------------------------------------------------------+ |
3 | | | Copyright (c) The PHP Group | |
4 | | +----------------------------------------------------------------------+ |
5 | | | This source file is subject to version 3.01 of the PHP license, | |
6 | | | that is bundled with this package in the file LICENSE, and is | |
7 | | | available through the world-wide-web at the following url: | |
8 | | | https://www.php.net/license/3_01.txt | |
9 | | | If you did not receive a copy of the PHP license and are unable to | |
10 | | | obtain it through the world-wide-web, please send a note to | |
11 | | | license@php.net so we can mail you a copy immediately. | |
12 | | +----------------------------------------------------------------------+ |
13 | | | Authors: Nikita Popov <nikic@php.net> | |
14 | | +----------------------------------------------------------------------+ |
15 | | */ |
16 | | |
17 | | #include "fuzzer-execute-common.h" |
18 | | |
19 | 47.9k | int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { |
20 | 47.9k | if (Size > MAX_SIZE) { |
21 | | /* Large inputs have a large impact on fuzzer performance, |
22 | | * but are unlikely to be necessary to reach new codepaths. */ |
23 | 17 | return 0; |
24 | 17 | } |
25 | | |
26 | 47.9k | zend_string *jit_option = ZSTR_INIT_LITERAL("opcache.jit", 1); |
27 | | |
28 | | /* First run without JIT to determine whether we bail out. We should not run JITed code if |
29 | | * we bail out here, as the JIT code may loop infinitely. */ |
30 | 47.9k | steps_left = MAX_STEPS; |
31 | 47.9k | bailed_out = false; |
32 | 47.9k | zend_alter_ini_entry_chars( |
33 | 47.9k | jit_option, "off", sizeof("off")-1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); |
34 | 47.9k | fuzzer_do_request_from_buffer( |
35 | 47.9k | FILE_NAME, (const char *) Data, Size, /* execute */ 1, opcache_invalidate); |
36 | | |
37 | 47.9k | if (!bailed_out) { |
38 | 33.1k | steps_left = MAX_STEPS; |
39 | 33.1k | zend_alter_ini_entry_chars(jit_option, |
40 | 33.1k | "tracing", sizeof("tracing")-1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); |
41 | 33.1k | zend_execute_ex = orig_execute_ex; |
42 | | /* Trace & compile */ |
43 | 33.1k | fuzzer_do_request_from_buffer( |
44 | 33.1k | FILE_NAME, (const char *) Data, Size, /* execute */ 1, NULL); |
45 | | /* Execute trace */ |
46 | 33.1k | fuzzer_do_request_from_buffer( |
47 | 33.1k | FILE_NAME, (const char *) Data, Size, /* execute */ 1, opcache_invalidate); |
48 | 33.1k | zend_execute_ex = fuzzer_execute_ex; |
49 | 33.1k | } |
50 | | |
51 | 47.9k | zend_string_release(jit_option); |
52 | | |
53 | 47.9k | return 0; |
54 | 47.9k | } |
55 | | |
56 | 4 | int LLVMFuzzerInitialize(int *argc, char ***argv) { |
57 | 4 | char *opcache_path = get_opcache_path(); |
58 | 4 | assert(opcache_path && "Failed to determine opcache path"); |
59 | | |
60 | 4 | char ini_buf[512]; |
61 | 4 | snprintf(ini_buf, sizeof(ini_buf), |
62 | 4 | "zend_extension=%s\n" |
63 | 4 | "opcache.validate_timestamps=0\n" |
64 | 4 | "opcache.file_update_protection=0\n" |
65 | 4 | "opcache.memory_consumption=1024\n" |
66 | 4 | "opcache.jit_buffer_size=128M\n" |
67 | 4 | "opcache.jit_hot_func=1\n" |
68 | 4 | "opcache.jit_hot_loop=1\n" |
69 | 4 | "opcache.jit_hot_return=1\n" |
70 | 4 | "opcache.jit_hot_side_exit=1\n" |
71 | 4 | "opcache.jit_max_root_traces=100000\n" |
72 | 4 | "opcache.jit_max_side_traces=100000\n" |
73 | 4 | "opcache.jit_max_exit_counters=100000\n" |
74 | 4 | "opcache.protect_memory=1\n", |
75 | 4 | opcache_path); |
76 | 4 | free(opcache_path); |
77 | | |
78 | 4 | create_file(); |
79 | 4 | fuzzer_init_php_for_execute(ini_buf); |
80 | 4 | return 0; |
81 | 4 | } |