
<div dir="ltr">Thanks.</div><br><div class="gmail_quote"><div dir="ltr">On Mon, May 15, 2017 at 4:18 PM Kostya Serebryany <<a href="mailto:kcc@google.com">kcc@google.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">fixed already in r303128.</div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, May 15, 2017 at 4:14 PM, Vitaly Buka <span dir="ltr"><<a href="mailto:vitalybuka@google.com" target="_blank">vitalybuka@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Breaks Windows bot <a href="http://lab.llvm.org:8011/builders/sanitizer-windows/builds/11357/steps/run%20fuzzer%20tests/logs/stdio" target="_blank">http://lab.llvm.org:8011/builders/sanitizer-windows/builds/11357/steps/run%20fuzzer%20tests/logs/stdio</a></div><div class="m_6312878534355508091HOEnZb"><div class="m_6312878534355508091h5"><br><div class="gmail_quote"><div dir="ltr">On Mon, May 15, 2017 at 3:51 PM Kostya Serebryany via llvm-commits <<a href="mailto:llvm-commits@lists.llvm.org" target="_blank">llvm-commits@lists.llvm.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Author: kcc<br>

Date: Mon May 15 17:38:29 2017<br>

New Revision: 303125<br>

<br>

URL: <a href="http://llvm.org/viewvc/llvm-project?rev=303125&view=rev" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project?rev=303125&view=rev</a><br>

Log:<br>

[libFuzzer] improve the afl driver and it's tests. Make it possible to run individual inputs with afl driver<br>

<br>

Added:<br>

    llvm/trunk/lib/Fuzzer/test/afl-driver.test<br>

Modified:<br>

    llvm/trunk/lib/Fuzzer/afl/afl_driver.cpp<br>

    llvm/trunk/lib/Fuzzer/test/AFLDriverTest.cpp<br>

<br>

Modified: llvm/trunk/lib/Fuzzer/afl/afl_driver.cpp<br>

URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/afl/afl_driver.cpp?rev=303125&r1=303124&r2=303125&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/afl/afl_driver.cpp?rev=303125&r1=303124&r2=303125&view=diff</a><br>

==============================================================================<br>

--- llvm/trunk/lib/Fuzzer/afl/afl_driver.cpp (original)<br>

+++ llvm/trunk/lib/Fuzzer/afl/afl_driver.cpp Mon May 15 17:38:29 2017<br>

@@ -59,6 +59,11 @@ statistics from the file. If that fails<br>

 #include <signal.h><br>

 #include <sys/resource.h><br>

 #include <sys/time.h><br>

+<br>

+#include <iostream><br>

+#include <fstream><br>

+#include <vector><br>

+<br>

 // Platform detection. Copied from FuzzerInternal.h<br>

 #ifdef __linux__<br>

 #define LIBFUZZER_LINUX 1<br>

@@ -245,17 +250,39 @@ extern "C" size_t LLVMFuzzerMutate(uint8<br>

   return 0;<br>

 }<br>

<br>

+// Execute any files provided as parameters.<br>

+int ExecuteFilesOnyByOne(int argc, char **argv) {<br>

+  for (int i = 1; i < argc; i++) {<br>

+    std::ifstream in(argv[i]);<br>

+    in.seekg(0, in.end);<br>

+    size_t length = in.tellg();<br>

+    in.seekg (0, in.beg);<br>

+    std::cout << "Reading " << length << " bytes from " << argv[i] << std::endl;<br>

+    // Allocate exactly length bytes so that we reliably catch buffer overflows.<br>

+    std::vector<char> bytes(length);<br>

+    in.read(bytes.data(), bytes.size());<br>

+    assert(in);<br>

+    LLVMFuzzerTestOneInput(reinterpret_cast<const uint8_t *>(bytes.data()),<br>

+                           bytes.size());<br>

+    std::cout << "Execution successfull" << std::endl;<br>

+  }<br>

+  return 0;<br>

+}<br>

+<br>

 int main(int argc, char **argv) {<br>

-  fprintf(stderr, "======================= INFO =========================\n"<br>

-                  "This binary is built for AFL-fuzz.\n"<br>

-                  "To run the target function on a single input execute this:\n"<br>

-                  "  %s < INPUT_FILE\n"<br>

-                  "To run the fuzzing execute this:\n"<br>

-                  "  afl-fuzz [afl-flags] %s [N] "<br>

-                  "-- run N fuzzing iterations before "<br>

-                  "re-spawning the process (default: 1000)\n"<br>

-                  "======================================================\n",<br>

-          argv[0], argv[0]);<br>

+  fprintf(stderr,<br>

+      "======================= INFO =========================\n"<br>

+      "This binary is built for AFL-fuzz.\n"<br>

+      "To run the target function on individual input(s) execute this:\n"<br>

+      "  %s < INPUT_FILE\n"<br>

+      "or\n"<br>

+      "  %s INPUT_FILE1 [INPUT_FILE2 ... ]\n"<br>

+      "To fuzz with afl-fuzz execute this:\n"<br>

+      "  afl-fuzz [afl-flags] %s [-N]\n"<br>

+      "afl-fuzz will run N iterations before "<br>

+      "re-spawning the process (default: 1000)\n"<br>

+      "======================================================\n",<br>

+          argv[0], argv[0], argv[0]);<br>

   if (LLVMFuzzerInitialize)<br>

     LLVMFuzzerInitialize(&argc, &argv);<br>

   // Do any other expensive one-time initialization here.<br>

@@ -266,8 +293,14 @@ int main(int argc, char **argv) {<br>

   __afl_manual_init();<br>

<br>

   int N = 1000;<br>

-  if (argc >= 2)<br>

-    N = atoi(argv[1]);<br>

+  if (argc == 2 && argv[1][0] == '-')<br>

+      N = atoi(argv[1] + 1);<br>

+  else if(argc == 2 && (N = atoi(argv[1])) > 0)<br>

+      fprintf(stderr, "WARNING: using the deprecated call style `%s %d`\n",<br>

+              argv[0], N);<br>

+  else if (argc > 1)<br>

+    return ExecuteFilesOnyByOne(argc, argv);<br>

+<br>

   assert(N > 0);<br>

   time_t unit_time_secs;<br>

   int num_runs = 0;<br>

<br>

Modified: llvm/trunk/lib/Fuzzer/test/AFLDriverTest.cpp<br>

URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/AFLDriverTest.cpp?rev=303125&r1=303124&r2=303125&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/AFLDriverTest.cpp?rev=303125&r1=303124&r2=303125&view=diff</a><br>

==============================================================================<br>

--- llvm/trunk/lib/Fuzzer/test/AFLDriverTest.cpp (original)<br>

+++ llvm/trunk/lib/Fuzzer/test/AFLDriverTest.cpp Mon May 15 17:38:29 2017<br>

@@ -4,19 +4,25 @@<br>

 // Contains dummy functions used to avoid dependency on AFL.<br>

 #include <stdint.h><br>

 #include <stdlib.h><br>

+#include <stdio.h><br>

<br>

 extern "C" void __afl_manual_init() {}<br>

<br>

-extern "C" int __afl_persistent_loop(unsigned int) {<br>

+extern "C" int __afl_persistent_loop(unsigned int N) {<br>

+  static int Count = N;<br>

+  fprintf(stderr, "__afl_persistent_loop calle, Count = %d\n", Count);<br>

+  if (Count--) return 1;<br>

   return 0;<br>

 }<br>

<br>

 // This declaration exists to prevent the Darwin linker<br>

 // from complaining about this being a missing weak symbol.<br>

 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {<br>

+  fprintf(stderr, "LLVMFuzzerInitialize called\n");<br>

   return 0;<br>

 }<br>

<br>

 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {<br>

+  fprintf(stderr, "LLVMFuzzerTestOneInput called; Size = %zd\n", Size);<br>

   return 0;<br>

 }<br>

<br>

Added: llvm/trunk/lib/Fuzzer/test/afl-driver.test<br>

URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/afl-driver.test?rev=303125&view=auto" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/afl-driver.test?rev=303125&view=auto</a><br>

==============================================================================<br>

--- llvm/trunk/lib/Fuzzer/test/afl-driver.test (added)<br>

+++ llvm/trunk/lib/Fuzzer/test/afl-driver.test Mon May 15 17:38:29 2017<br>

@@ -0,0 +1,25 @@<br>

+RUN: echo -n "abc" > %t.file3<br>

+RUN: echo -n "abcd" > %t.file4<br>

+<br>

+RUN: AFLDriverTest < %t.file3 2>&1 | FileCheck %s --check-prefix=CHECK1<br>

+CHECK1: __afl_persistent_loop calle, Count = 1000<br>

+CHECK1: LLVMFuzzerTestOneInput called; Size = 3<br>

+<br>

+<br>

+RUN: AFLDriverTest < %t.file3 -42 2>&1 | FileCheck %s --check-prefix=CHECK2<br>

+CHECK2: __afl_persistent_loop calle, Count = 42<br>

+CHECK2: LLVMFuzzerTestOneInput called; Size = 3<br>

+<br>

+<br>

+RUN: AFLDriverTest < %t.file3 666 2>&1 | FileCheck %s --check-prefix=CHECK3<br>

+CHECK3: WARNING: using the deprecated call style<br>

+CHECK3: __afl_persistent_loop calle, Count = 666<br>

+CHECK3: LLVMFuzzerTestOneInput called; Size = 3<br>

+<br>

+<br>

+RUN: AFLDriverTest %t.file3 2>&1 | FileCheck %s --check-prefix=CHECK4<br>

+CHECK4: LLVMFuzzerTestOneInput called; Size = 3<br>

+<br>

+RUN: AFLDriverTest %t.file3 %t.file4  2>&1 | FileCheck %s --check-prefix=CHECK5<br>

+CHECK5: LLVMFuzzerTestOneInput called; Size = 3<br>

+CHECK5: LLVMFuzzerTestOneInput called; Size = 4<br>

<br>

<br>

_______________________________________________<br>

llvm-commits mailing list<br>

<a href="mailto:llvm-commits@lists.llvm.org" target="_blank">llvm-commits@lists.llvm.org</a><br>

<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits</a><br>

</blockquote></div>

</div></div></blockquote></div><br></div>

</blockquote></div>