hashtest: synthesize two more wigits needed for non-Silifuzz hashtests

1) return instructions 2) breakpoint padding PiperOrigin-RevId: 665541841
google · Aug 20, 2024 · 1ebb2bf · 1ebb2bf
1 parent 850303e
commit 1ebb2bf
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/fuzzer/hashtest/synthesize_test.cc b/fuzzer/hashtest/synthesize_test.cc
@@ -337,6 +337,18 @@ void SynthesizeJnle(int32_t offset, InstructionBlock& block) {
   Emit(builder, block);
 }
 
+void SynthesizeReturn(InstructionBlock& block) {
+  InstructionBuilder builder(XED_ICLASS_RET_NEAR, 64U);
+  Emit(builder, block);
+}
+
+void SynthesizeBreakpointTraps(size_t count, InstructionBlock& block) {
+  for (size_t i = 0; i < count; ++i) {
+    block.bytes.push_back(0xCC);
+    block.num_instructions++;
+  }
+}
+
 void SynthesizeLoopBody(Rng& rng, const InstructionPool& ipool,
                         const RegisterPool& rpool, InstructionBlock& block) {
   std::vector<TestRegisters> greg_schedule =

diff --git a/fuzzer/hashtest/synthesize_test.h b/fuzzer/hashtest/synthesize_test.h
@@ -15,6 +15,7 @@
 #ifndef THIRD_PARTY_SILIFUZZ_FUZZER_HASHTEST_SYNTHESIZE_TEST_H_
 #define THIRD_PARTY_SILIFUZZ_FUZZER_HASHTEST_SYNTHESIZE_TEST_H_
 
+#include <cstddef>
 #include <cstdint>
 
 #include "./fuzzer/hashtest/instruction_pool.h"
@@ -44,6 +45,12 @@ void SynthesizeGPRegDec(unsigned int dst, InstructionBlock& block);
 // end. This is different than how x86 encodes branch displacements.
 void SynthesizeJnle(int32_t offset, InstructionBlock& block);
 
+// Synthesize a return instruction.
+void SynthesizeReturn(InstructionBlock& block);
+
+// Synthesize `count` breakpoint traps. Useful for padding executable data.
+void SynthesizeBreakpointTraps(size_t count, InstructionBlock& block);
+
 }  // namespace silifuzz
 
 #endif  // THIRD_PARTY_SILIFUZZ_FUZZER_HASHTEST_SYNTHESIZE_TEST_H_