[llvm] r289772 - [libFuzzer] enable the failure-resistant merge by default (with trace-pc-guard only)

Kostya Serebryany via llvm-commits llvm-commits at lists.llvm.org
Wed Dec 14 22:21:21 PST 2016 

Author: kcc
Date: Thu Dec 15 00:21:21 2016
New Revision: 289772

URL: http://llvm.org/viewvc/llvm-project?rev=289772&view=rev
Log:
[libFuzzer] enable the failure-resistant merge by default (with trace-pc-guard only)

Modified:
    llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
    llvm/trunk/lib/Fuzzer/FuzzerFlags.def
    llvm/trunk/lib/Fuzzer/FuzzerMerge.cpp
    llvm/trunk/lib/Fuzzer/test/merge.test

Modified: llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp?rev=289772&r1=289771&r2=289772&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp Thu Dec 15 00:21:21 2016
@@ -15,6 +15,7 @@
 #include "FuzzerIO.h"
 #include "FuzzerMutate.h"
 #include "FuzzerRandom.h"
+#include "FuzzerTracePC.h"
 #include <algorithm>
 #include <atomic>
 #include <chrono>
@@ -493,17 +494,14 @@ int FuzzerDriver(int *argc, char ***argv
   if (Flags.merge) {
     if (Options.MaxLen == 0)
       F->SetMaxInputLen(kMaxSaneLen);
-    F->Merge(*Inputs);
-    exit(0);
-  }
-
-  if (Flags.experimental_merge) {
-    if (Options.MaxLen == 0)
-      F->SetMaxInputLen(kMaxSaneLen);
-    if (Flags.merge_control_file)
-      F->CrashResistantMergeInternalStep(Flags.merge_control_file);
-    else
-      F->CrashResistantMerge(Args, *Inputs);
+    if (TPC.UsingTracePcGuard()) {
+      if (Flags.merge_control_file)
+        F->CrashResistantMergeInternalStep(Flags.merge_control_file);
+      else
+        F->CrashResistantMerge(Args, *Inputs);
+    } else {
+      F->Merge(*Inputs);
+    }
     exit(0);
   }
 

Modified: llvm/trunk/lib/Fuzzer/FuzzerFlags.def
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerFlags.def?rev=289772&r1=289771&r2=289772&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerFlags.def (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerFlags.def Thu Dec 15 00:21:21 2016
@@ -37,8 +37,6 @@ FUZZER_FLAG_INT(help, 0, "Print help.")
 FUZZER_FLAG_INT(merge, 0, "If 1, the 2-nd, 3-rd, etc corpora will be "
   "merged into the 1-st corpus. Only interesting units will be taken. "
   "This flag can be used to minimize a corpus.")
-FUZZER_FLAG_INT(experimental_merge, 0, "Experimental crash-resistant, "
-                "may eventually replace -merge.")
 FUZZER_FLAG_STRING(merge_control_file, "internal flag")
 FUZZER_FLAG_INT(minimize_crash, 0, "If 1, minimizes the provided"
   " crash input. Use with -runs=N or -max_total_time=N to limit "

Modified: llvm/trunk/lib/Fuzzer/FuzzerMerge.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerMerge.cpp?rev=289772&r1=289771&r2=289772&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerMerge.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerMerge.cpp Thu Dec 15 00:21:21 2016
@@ -176,8 +176,8 @@ void Fuzzer::CrashResistantMergeInternal
   std::ofstream OF(CFPath, std::ofstream::out | std::ofstream::app);
   for (size_t i = M.FirstNotProcessedFile; i < M.Files.size(); i++) {
     auto U = FileToVector(M.Files[i].Name);
-    if (U.size() > Options.MaxLen) {
-      U.resize(Options.MaxLen);
+    if (U.size() > MaxInputLen) {
+      U.resize(MaxInputLen);
       U.shrink_to_fit();
     }
     std::ostringstream StartedLine;

Modified: llvm/trunk/lib/Fuzzer/test/merge.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/merge.test?rev=289772&r1=289771&r2=289772&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/merge.test (original)
+++ llvm/trunk/lib/Fuzzer/test/merge.test Thu Dec 15 00:21:21 2016
@@ -8,8 +8,8 @@ RUN: echo ..Z... > %tmp/T1/3
 
 # T1 has 3 elements, T2 is empty.
 RUN: LLVMFuzzer-FullCoverageSetTest         -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=CHECK1
-CHECK1: === Minimizing the initial corpus of 3 units
-CHECK1: === Merge: written 0 units
+CHECK1: MERGE-OUTER: 3 files, 3 in the initial corpus
+CHECK1: MERGE-OUTER: 0 new files with 0 new features added
 
 RUN: echo ...Z.. > %tmp/T2/1
 RUN: echo ....E. > %tmp/T2/2
@@ -20,19 +20,27 @@ RUN: echo ..Z... > %tmp/T2/c
 
 # T1 has 3 elements, T2 has 6 elements, only 3 are new.
 RUN: LLVMFuzzer-FullCoverageSetTest         -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=CHECK2
-CHECK2: === Minimizing the initial corpus of 3 units
-CHECK2: === Merging extra 6 units
-CHECK2: === Merge: written 3 units
+CHECK2: MERGE-OUTER: 9 files, 3 in the initial corpus
+CHECK2: MERGE-OUTER: 3 new files with 3 new features added
 
 # Now, T1 has 6 units and T2 has no new interesting units.
 RUN: LLVMFuzzer-FullCoverageSetTest         -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=CHECK3
-CHECK3: === Minimizing the initial corpus of 6 units
-CHECK3: === Merge: written 0 units
+CHECK3: MERGE-OUTER: 12 files, 6 in the initial corpus
+CHECK3: MERGE-OUTER: 0 new files with 0 new features added
 
 # Check that we respect max_len during the merge and don't crash.
-RUN: LLVMFuzzer-FullCoverageSetTest         -merge=1 %tmp/T1 %tmp/T2 -max_len=4
-
-# Check that when merge fails we print an error message.
-RUN: echo 'Hi!' > %tmp/T1/HiI
-RUN: not LLVMFuzzer-NullDerefTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=MERGE_FAIL
-MERGE_FAIL: NOTE: merge did not succeed due to a failure on one of the inputs.
+RUN: rm %tmp/T1/??*
+RUN: echo looooooooong > %tmp/T2/looooooooong
+RUN: LLVMFuzzer-FullCoverageSetTest         -merge=1 %tmp/T1 %tmp/T2 -max_len=6 2>&1 | FileCheck %s --check-prefix=MAX_LEN
+MAX_LEN: MERGE-OUTER: 3 new files
+
+# Check that merge tolerates failures.
+RUN: rm %tmp/T1/??*
+RUN: echo 'FUZZER' > %tmp/T2/FUZZER
+RUN: LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=MERGE_WITH_CRASH
+MERGE_WITH_CRASH: MERGE-OUTER: succesfull in 2 attempt(s)
+MERGE_WITH_CRASH: MERGE-OUTER: 3 new files
+
+# Check that we actually limit the size with max_len
+RUN: LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2  -max_len=5 2>&1 | FileCheck %s --check-prefix=MERGE_LEN5
+MERGE_LEN5: MERGE-OUTER: succesfull in 1 attempt(s)

More information about the llvm-commits mailing list