[llvm] r258631 - [libFuzzer] add -abort_on_timeout option

Kostya Serebryany via llvm-commits llvm-commits at lists.llvm.org
Sat Jan 23 11:34:20 PST 2016 

Author: kcc
Date: Sat Jan 23 13:34:19 2016
New Revision: 258631

URL: http://llvm.org/viewvc/llvm-project?rev=258631&view=rev
Log:
[libFuzzer] add -abort_on_timeout option

Modified:
    llvm/trunk/docs/LibFuzzer.rst
    llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
    llvm/trunk/lib/Fuzzer/FuzzerFlags.def
    llvm/trunk/lib/Fuzzer/FuzzerInternal.h
    llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
    llvm/trunk/lib/Fuzzer/test/fuzzer-timeout.test

Modified: llvm/trunk/docs/LibFuzzer.rst
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/docs/LibFuzzer.rst?rev=258631&r1=258630&r2=258631&view=diff
==============================================================================
--- llvm/trunk/docs/LibFuzzer.rst (original)
+++ llvm/trunk/docs/LibFuzzer.rst Sat Jan 23 13:34:19 2016
@@ -61,6 +61,7 @@ The most important flags are::
   cross_over                         	1	If 1, cross over inputs.
   mutate_depth                       	5	Apply this number of consecutive mutations to each input.
   timeout                            	1200	Timeout in seconds (if positive). If one unit runs more than this number of seconds the process will abort.
+  abort_on_timeout                      0       If positive, call abort on timeout.
   max_total_time                        0       If positive, indicates the maximal total time in seconds to run the fuzzer.
   help                               	0	Print help.
   merge                                 0       If 1, the 2-nd, 3-rd, etc corpora will be merged into the 1-st corpus. Only interesting units will be taken.

Modified: llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp?rev=258631&r1=258630&r2=258631&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp Sat Jan 23 13:34:19 2016
@@ -268,6 +268,7 @@ int FuzzerDriver(const std::vector<std::
   Options.Verbosity = Flags.verbosity;
   Options.MaxLen = Flags.max_len;
   Options.UnitTimeoutSec = Flags.timeout;
+  Options.AbortOnTimeout = Flags.abort_on_timeout;
   Options.MaxTotalTimeSec = Flags.max_total_time;
   Options.DoCrossOver = Flags.cross_over;
   Options.MutateDepth = Flags.mutate_depth;

Modified: llvm/trunk/lib/Fuzzer/FuzzerFlags.def
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerFlags.def?rev=258631&r1=258630&r2=258631&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerFlags.def (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerFlags.def Sat Jan 23 13:34:19 2016
@@ -29,6 +29,7 @@ FUZZER_FLAG_INT(
     timeout, 1200,
     "Timeout in seconds (if positive). "
     "If one unit runs more than this number of seconds the process will abort.")
+FUZZER_FLAG_INT(abort_on_timeout, 0, "If positive, call abort on timeout.")
 FUZZER_FLAG_INT(max_total_time, 0, "If positive, indicates the maximal total "
                                    "time in seconds to run the fuzzer.")
 FUZZER_FLAG_INT(help, 0, "Print help.")

Modified: llvm/trunk/lib/Fuzzer/FuzzerInternal.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerInternal.h?rev=258631&r1=258630&r2=258631&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerInternal.h (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerInternal.h Sat Jan 23 13:34:19 2016
@@ -174,6 +174,7 @@ public:
     int Verbosity = 1;
     int MaxLen = 0;
     int UnitTimeoutSec = 300;
+    bool AbortOnTimeout = false;
     int MaxTotalTimeSec = 0;
     bool DoCrossOver = true;
     int MutateDepth = 5;

Modified: llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp?rev=258631&r1=258630&r2=258631&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp Sat Jan 23 13:34:19 2016
@@ -112,6 +112,8 @@ void Fuzzer::AlarmCallback() {
     if (__sanitizer_print_stack_trace)
       __sanitizer_print_stack_trace();
     Printf("SUMMARY: libFuzzer: timeout\n");
+    if (Options.AbortOnTimeout)
+      abort();
     exit(1);
   }
 }

Modified: llvm/trunk/lib/Fuzzer/test/fuzzer-timeout.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/fuzzer-timeout.test?rev=258631&r1=258630&r2=258631&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/fuzzer-timeout.test (original)
+++ llvm/trunk/lib/Fuzzer/test/fuzzer-timeout.test Sat Jan 23 13:34:19 2016
@@ -11,3 +11,4 @@ RUN: not LLVMFuzzer-TimeoutTest -timeout
 SingleInputTimeoutTest: ALARM: working on the last Unit for
 SingleInputTimeoutTest-NOT: Test unit written to ./timeout-
 
+RUN: not --crash LLVMFuzzer-TimeoutTest -timeout=1 -abort_on_timeout=1

More information about the llvm-commits mailing list