From 1ebb2bf7eb66c3cde49fe8a8991306156788b17c Mon Sep 17 00:00:00 2001 From: Nick Bray Date: Tue, 20 Aug 2024 15:02:14 -0700 Subject: [PATCH] hashtest: synthesize two more wigits needed for non-Silifuzz hashtests 1) return instructions 2) breakpoint padding PiperOrigin-RevId: 665541841 --- fuzzer/hashtest/synthesize_test.cc | 12 ++++++++++++ fuzzer/hashtest/synthesize_test.h | 7 +++++++ 2 files changed, 19 insertions(+) diff --git a/fuzzer/hashtest/synthesize_test.cc b/fuzzer/hashtest/synthesize_test.cc index 2a4b50df..5dd1f649 100644 --- a/fuzzer/hashtest/synthesize_test.cc +++ b/fuzzer/hashtest/synthesize_test.cc @@ -337,6 +337,18 @@ void SynthesizeJnle(int32_t offset, InstructionBlock& block) { Emit(builder, block); } +void SynthesizeReturn(InstructionBlock& block) { + InstructionBuilder builder(XED_ICLASS_RET_NEAR, 64U); + Emit(builder, block); +} + +void SynthesizeBreakpointTraps(size_t count, InstructionBlock& block) { + for (size_t i = 0; i < count; ++i) { + block.bytes.push_back(0xCC); + block.num_instructions++; + } +} + void SynthesizeLoopBody(Rng& rng, const InstructionPool& ipool, const RegisterPool& rpool, InstructionBlock& block) { std::vector greg_schedule = diff --git a/fuzzer/hashtest/synthesize_test.h b/fuzzer/hashtest/synthesize_test.h index cc51c49f..46b329f7 100644 --- a/fuzzer/hashtest/synthesize_test.h +++ b/fuzzer/hashtest/synthesize_test.h @@ -15,6 +15,7 @@ #ifndef THIRD_PARTY_SILIFUZZ_FUZZER_HASHTEST_SYNTHESIZE_TEST_H_ #define THIRD_PARTY_SILIFUZZ_FUZZER_HASHTEST_SYNTHESIZE_TEST_H_ +#include #include #include "./fuzzer/hashtest/instruction_pool.h" @@ -44,6 +45,12 @@ void SynthesizeGPRegDec(unsigned int dst, InstructionBlock& block); // end. This is different than how x86 encodes branch displacements. void SynthesizeJnle(int32_t offset, InstructionBlock& block); +// Synthesize a return instruction. +void SynthesizeReturn(InstructionBlock& block); + +// Synthesize `count` breakpoint traps. Useful for padding executable data. +void SynthesizeBreakpointTraps(size_t count, InstructionBlock& block); + } // namespace silifuzz #endif // THIRD_PARTY_SILIFUZZ_FUZZER_HASHTEST_SYNTHESIZE_TEST_H_