[llvm] r270639 - [libFuzzer] print stats if we crash on empty input

Kostya Serebryany via llvm-commits llvm-commits at lists.llvm.org
Tue May 24 17:15:37 PDT 2016


Author: kcc
Date: Tue May 24 19:15:36 2016
New Revision: 270639

URL: http://llvm.org/viewvc/llvm-project?rev=270639&view=rev
Log:
[libFuzzer] print stats if we crash on empty input

Added:
    llvm/trunk/lib/Fuzzer/test/NullDerefOnEmptyTest.cpp
Modified:
    llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
    llvm/trunk/lib/Fuzzer/test/CMakeLists.txt
    llvm/trunk/lib/Fuzzer/test/fuzzer.test

Modified: llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp?rev=270639&r1=270638&r2=270639&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp Tue May 24 19:15:36 2016
@@ -177,9 +177,10 @@ void Fuzzer::DumpCurrentUnit(const char
 
 NO_SANITIZE_MEMORY
 void Fuzzer::DeathCallback() {
-  if (!CurrentUnitSize) return;
-  Printf("DEATH:\n");
-  DumpCurrentUnit("crash-");
+  if (CurrentUnitSize) {
+    Printf("DEATH:\n");
+    DumpCurrentUnit("crash-");
+  }
   PrintFinalStats();
 }
 

Modified: llvm/trunk/lib/Fuzzer/test/CMakeLists.txt
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/CMakeLists.txt?rev=270639&r1=270638&r2=270639&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/CMakeLists.txt (original)
+++ llvm/trunk/lib/Fuzzer/test/CMakeLists.txt Tue May 24 19:15:36 2016
@@ -25,6 +25,7 @@ set(Tests
   LeakTest
   LeakTimeoutTest
   NullDerefTest
+  NullDerefOnEmptyTest
   NthRunCrashTest
   OutOfMemoryTest
   RepeatedMemcmp

Added: llvm/trunk/lib/Fuzzer/test/NullDerefOnEmptyTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/NullDerefOnEmptyTest.cpp?rev=270639&view=auto
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/NullDerefOnEmptyTest.cpp (added)
+++ llvm/trunk/lib/Fuzzer/test/NullDerefOnEmptyTest.cpp Tue May 24 19:15:36 2016
@@ -0,0 +1,19 @@
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+
+// Simple test for a fuzzer. The fuzzer must find the empty string.
+#include <cstdint>
+#include <cstdlib>
+#include <cstddef>
+#include <iostream>
+
+static volatile int *Null = 0;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (Size == 0) {
+    std::cout << "Found the target, dereferencing NULL\n";
+    *Null = 1;
+  }
+  return 0;
+}
+

Modified: llvm/trunk/lib/Fuzzer/test/fuzzer.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/fuzzer.test?rev=270639&r1=270638&r2=270639&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/fuzzer.test (original)
+++ llvm/trunk/lib/Fuzzer/test/fuzzer.test Tue May 24 19:15:36 2016
@@ -20,6 +20,9 @@ LIBFUZZER_OWN_SEGV_HANDLER: == ERROR: li
 LIBFUZZER_OWN_SEGV_HANDLER: SUMMARY: libFuzzer: deadly signal
 LIBFUZZER_OWN_SEGV_HANDLER: Test unit written to ./crash-
 
+RUN: not LLVMFuzzer-NullDerefOnEmptyTest -print_final_stats=1 2>&1 | FileCheck %s --check-prefix=NULL_DEREF_ON_EMPTY
+NULL_DEREF_ON_EMPTY: stat::number_of_executed_units:
+
 #not LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s
 
 RUN: not LLVMFuzzer-CounterTest -use_counters=1 -max_len=6 -seed=1 -timeout=15 2>&1 | FileCheck %s




More information about the llvm-commits mailing list