[PATCH] D27433: [libFuzzer] Diff 16 - Fix bug in detecting timeouts when input string is empty.
Marcos Pividori via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Dec 13 09:56:51 PST 2016
This revision was automatically updated to reflect the committed changes.
Closed by commit rL289561: [libFuzzer] Fix bug in detecting timeouts when input string is empty. (authored by mpividori).
Changed prior to commit:
https://reviews.llvm.org/D27433?vs=80372&id=81245#toc
Repository:
rL LLVM
https://reviews.llvm.org/D27433
Files:
llvm/trunk/lib/Fuzzer/FuzzerInternal.h
llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
llvm/trunk/lib/Fuzzer/test/CMakeLists.txt
llvm/trunk/lib/Fuzzer/test/TimeoutEmptyTest.cpp
llvm/trunk/lib/Fuzzer/test/fuzzer-timeout.test
Index: llvm/trunk/lib/Fuzzer/FuzzerInternal.h
===================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerInternal.h
+++ llvm/trunk/lib/Fuzzer/FuzzerInternal.h
@@ -147,6 +147,7 @@
uint8_t *CurrentUnitData = nullptr;
std::atomic<size_t> CurrentUnitSize;
uint8_t BaseSha1[kSHA1NumBytes]; // Checksum of the base unit.
+ bool RunningCB = false;
size_t TotalNumberOfRuns = 0;
size_t NumberOfNewUnitsAdded = 0;
Index: llvm/trunk/lib/Fuzzer/test/fuzzer-timeout.test
===================================================================
--- llvm/trunk/lib/Fuzzer/test/fuzzer-timeout.test
+++ llvm/trunk/lib/Fuzzer/test/fuzzer-timeout.test
@@ -12,3 +12,8 @@
SingleInputTimeoutTest-NOT: Test unit written to ./timeout-
RUN: LLVMFuzzer-TimeoutTest -timeout=1 -timeout_exitcode=0
+
+RUN: not LLVMFuzzer-TimeoutEmptyTest -timeout=1 2>&1 | FileCheck %s --check-prefix=TimeoutEmptyTest
+TimeoutEmptyTest: ALARM: working on the last Unit for
+TimeoutEmptyTest: == ERROR: libFuzzer: timeout after
+TimeoutEmptyTest: SUMMARY: libFuzzer: timeout
Index: llvm/trunk/lib/Fuzzer/test/TimeoutEmptyTest.cpp
===================================================================
--- llvm/trunk/lib/Fuzzer/test/TimeoutEmptyTest.cpp
+++ llvm/trunk/lib/Fuzzer/test/TimeoutEmptyTest.cpp
@@ -0,0 +1,14 @@
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+
+// Simple test for a fuzzer. The fuzzer must find the empty string.
+#include <cstdint>
+#include <cstddef>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+ static volatile int Zero = 0;
+ if (!Size)
+ while(!Zero)
+ ;
+ return 0;
+}
Index: llvm/trunk/lib/Fuzzer/test/CMakeLists.txt
===================================================================
--- llvm/trunk/lib/Fuzzer/test/CMakeLists.txt
+++ llvm/trunk/lib/Fuzzer/test/CMakeLists.txt
@@ -109,6 +109,7 @@
ThreadedLeakTest
ThreadedTest
TimeoutTest
+ TimeoutEmptyTest
TraceMallocTest
)
Index: llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
===================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
+++ llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
@@ -286,7 +286,7 @@
void Fuzzer::AlarmCallback() {
assert(Options.UnitTimeoutSec > 0);
if (!InFuzzingThread()) return;
- if (!CurrentUnitSize)
+ if (!RunningCB)
return; // We have not started running units yet.
size_t Seconds =
duration_cast<seconds>(system_clock::now() - UnitStartTime).count();
@@ -532,7 +532,9 @@
UnitStartTime = system_clock::now();
ResetCounters(); // Reset coverage right before the callback.
TPC.ResetMaps();
+ RunningCB = true;
int Res = CB(DataCopy, Size);
+ RunningCB = false;
UnitStopTime = system_clock::now();
(void)Res;
assert(Res == 0);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D27433.81245.patch
Type: text/x-patch
Size: 2864 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20161213/0b330ed2/attachment.bin>
More information about the llvm-commits
mailing list