<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/72344>72344</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
libFuzzer's runtime argument -stop_file doesn't work with -fork
</td>
</tr>
<tr>
<th>Labels</th>
<td>
new issue
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
markszabo
</td>
</tr>
</table>
<pre>
libFuzzer's a runtime argument `-stop-file` doesn't work when used with `-fork`. [Here is the description of the two flags](https://github.com/llvm/llvm-project/blob/72accbfd0a1023b3182202276904120524ff9200/compiler-rt/lib/fuzzer/FuzzerFlags.def#L59-L76):
```
fork: "Experimental mode where fuzzing happens in a subprocess"
stop_file: "Stop fuzzing ASAP if this file exists"
```
When using the two flags together, fuzzing continues even after stop-file is created.
## Steps to reproduce
1. Create a simple fuzz test, e.g.
```cpp
#include <fuzzer/FuzzedDataProvider.h>
#include <assert.h>
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
FuzzedDataProvider provider(data, size);
int a = provider.ConsumeIntegral<int>();
int b = provider.ConsumeIntegral<int>();
assert(a+b == b+a);
return 0;
}
```
Save it as `test.cpp`
2. Compile the test
```sh
clang++ -g -fsanitize=address,fuzzer test.cpp -o test
```
3. Run the resulting binary with the `-stop_file` argument:
```sh
./test -fork=2 -stop_file=/tmp/stop-file
```
I recommend also adding the `-max_total_time=20` flag, as in fork mode fuzzing can't be stopped with `Ctrl+C` and otherwise will continue until the process is killed - or a crash is found.
4. In a separate terminal create the stop-file (with some content, see https://github.com/llvm/llvm-project/issues/72334):
```sh
echo abc > /tmp/stop-file
```
Observe that the fuzzing run continues.
5. Stop fuzzing, then start it without the `-fork` argument:
```sh
rm /tmp/stop-file
./test -stop_file=/tmp/stop-file
```
6. In a separate terminal create the stop-file:
```sh
echo abc > /tmp/stop-file
```
Observe that the fuzzing stops quickly with a message like `Done 5036370 runs in 21 second(s)`.
## Expected behavior
Fuzzing should stop even when running with `-fork`.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJykVt1u4zYTfRr6ZmCBpiRbvvBFbK_xBciHXTRFexlQ0shiQ5EqScXZPH0xlH83m7a7DQLZFjnDM4czZ0Z6r_YGccXyNcu3EzmE1rpVJ92zf5OlnZS2_rrSqtwNb2_omFh4kOAGE1SHIN1-6NAEYHM-9cH200ZpZHMOtUVvmFgEOFj3DIcWDQweazio0MbtjXXPbM4TYPn6f-gQlIfQItToK6f6oKwB28RX4WCh0XLvWb5lomhD6D1L75jYMbHbq9AOZVLZjomd1i-nj2nv7B9YBSZ2pbYlE7uFkFVVNjWXMy7SMp0VQnAhFvMlz2aC5yJrmqXgnIldZbteaXRTR_ZakXlzZGA3UrEjQEmNDRPpQ76cPizmTCwJFt8yfnrO-fE__owxp3fAhPj02qNTRJ7U0NkaiSOHQKcos4dW9j0aD8qABD-UvbMVes-EGF0R20-R7dHfY7D92fju8e4LKCJPeaBNgK_Kh4v1N7jG5-_jJZGDG9Yh2D2GlmLfnI-orAnKDOgBX9CAbAI6OKcAXWblUAaskxs-RMpECo8Be3ILDntn66HC602zBDbRliJXXa9HViCgDwQBk_3RKQCcI6n6_vJSpMpUeqgRWLq5vbh6K4P84uyLqtElLUs_fWAmvUcXvtlx-oKvAZ0h4jdMCFAmwMPDb_8fU-NX9OGzwXvTD4GJorLGBxiUCcVTACbuahkkBeLVGz6F-EGpM_pmi_X5FPp7Dxr64xcmimtXMf1ujQmXBJZuzzbJxho_dHhvAu6d1CzdKBMoRlF84KD8WQc3nkY6mSgkE-vokryWTKzltdnRxmEYnAF-426xfX_t5zeP8gVBBZCeFilXEkqJ2xQXCWzG0h5TnDLqnUvfnt9VWpo9E2sm1jDdw7Tx0qhAXKdbWdcuVuQxweB0JkztB56voaQJ_DKYCMOhH3SgqiqVke7rKJK0ctLVp5OunhT3rDMfAE-Y2BEGGHU23Qq4cpRuabnrmdhdVPtjau_BYWW7Dk0NUnsLsq5PKkEIO_n6FGyQ-om6Ah1G5lE8KDdlVDHCMQrdWULk2CFKjMLRX3WHTXCaifUmhmxqsCQ_B-URDkrrs_gA9SEdcRz1kYTnWWmNNUzBOpBQOelbet3YwdyqUZbAfZRX7KUjvQnoOmWkPmpXdHzRNCaKiM_bDiMEugeqPUT44Z6kvB_Qx66Uptl15_jufWLVWpBlBSz9BD90eZ9Lj-6FYpEhBnSi3w3mouI3vOQJXLcTijFQb_BBukA1RjTYIZwT4NjL_3V2uu7vYrjk7s9l7Pic_9Dl_hPin-X_Q_bJ1MOfg6qe9bHgJXTovdwjaPUcid1ag5DzdJ4uON1XLCQxA4-VNTUThafEmfPv9VgaMKqANZTYyhdlHVxv2p1gtHbQdUQzNvI4qbnBGFp9N6xN6lVaL9OlnOBqtuCci1k-55N2JRtZZE2xzLNikRdSZM1MNMUs49mibGqBE7USXKSz2SynYSvjSSl5gxx5JesyyxcFyzh2UumECiWxbj-JJbJaiDTLJlqWqH2cUoUweIC4SPNMvp24VSyucth7lnFNk87FS1BB4zcT7Lv59ZJp7yZXoiDGPxmcXv2nOs-yvwIAAP__vHJ9Pg">