[llvm] r305521 - [libFuzzer] change the default max_len from 64 to 4096. This will affect cases where libFuzzer is run w/o initial corpus or with a corpus of very small items.
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Thu Jun 15 15:43:41 PDT 2017
Author: kcc
Date: Thu Jun 15 17:43:40 2017
New Revision: 305521
URL: http://llvm.org/viewvc/llvm-project?rev=305521&view=rev
Log:
[libFuzzer] change the default max_len from 64 to 4096. This will affect cases where libFuzzer is run w/o initial corpus or with a corpus of very small items.
Modified:
llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
llvm/trunk/lib/Fuzzer/test/AbsNegAndConstant64Test.cpp
llvm/trunk/lib/Fuzzer/test/FourIndependentBranchesTest.cpp
llvm/trunk/lib/Fuzzer/test/ShrinkControlFlowTest.cpp
llvm/trunk/lib/Fuzzer/test/SimpleHashTest.cpp
llvm/trunk/lib/Fuzzer/test/SingleStrncmpTest.cpp
llvm/trunk/lib/Fuzzer/test/fuzzer-dirs.test
llvm/trunk/lib/Fuzzer/test/inline-8bit-counters.test
Modified: llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp?rev=305521&r1=305520&r2=305521&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp Thu Jun 15 17:43:40 2017
@@ -553,12 +553,12 @@ int FuzzerDriver(int *argc, char ***argv
return RunInMultipleProcesses(Args, Flags.workers, Flags.jobs);
const size_t kMaxSaneLen = 1 << 20;
- const size_t kMinDefaultLen = 64;
+ const size_t kMinDefaultLen = 4096;
FuzzingOptions Options;
Options.Verbosity = Flags.verbosity;
Options.MaxLen = Flags.max_len;
Options.ExperimentalLenControl = Flags.experimental_len_control;
- if (Flags.experimental_len_control && Flags.max_len == 64)
+ if (Flags.experimental_len_control && Flags.max_len == kMinDefaultLen)
Options.MaxLen = 1 << 20;
Options.UnitTimeoutSec = Flags.timeout;
Options.ErrorExitCode = Flags.error_exitcode;
Modified: llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp?rev=305521&r1=305520&r2=305521&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp Thu Jun 15 17:43:40 2017
@@ -301,7 +301,9 @@ void Fuzzer::SetMaxInputLen(size_t MaxIn
this->MaxInputLen = MaxInputLen;
this->MaxMutationLen = MaxInputLen;
AllocateCurrentUnitData();
- Printf("INFO: -max_len is not provided, using %zd\n", MaxInputLen);
+ Printf("INFO: -max_len is not provided; "
+ "libFuzzer will not generate inputs larger than %zd bytes\n",
+ MaxInputLen);
}
void Fuzzer::SetMaxMutationLen(size_t MaxMutationLen) {
Modified: llvm/trunk/lib/Fuzzer/test/AbsNegAndConstant64Test.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/AbsNegAndConstant64Test.cpp?rev=305521&r1=305520&r2=305521&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/AbsNegAndConstant64Test.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/AbsNegAndConstant64Test.cpp Thu Jun 15 17:43:40 2017
@@ -9,7 +9,7 @@
#include <cstring>
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
- if (Size < 16) return 0;
+ if (Size < 16 || Size > 64) return 0;
int64_t x;
uint64_t y;
memcpy(&x, Data, sizeof(x));
Modified: llvm/trunk/lib/Fuzzer/test/FourIndependentBranchesTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/FourIndependentBranchesTest.cpp?rev=305521&r1=305520&r2=305521&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/FourIndependentBranchesTest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/FourIndependentBranchesTest.cpp Thu Jun 15 17:43:40 2017
@@ -8,6 +8,7 @@
#include <iostream>
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+ if (Size > 64) return 0;
int bits = 0;
if (Size > 0 && Data[0] == 'F') bits |= 1;
if (Size > 1 && Data[1] == 'U') bits |= 2;
Modified: llvm/trunk/lib/Fuzzer/test/ShrinkControlFlowTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/ShrinkControlFlowTest.cpp?rev=305521&r1=305520&r2=305521&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/ShrinkControlFlowTest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/ShrinkControlFlowTest.cpp Thu Jun 15 17:43:40 2017
@@ -11,6 +11,7 @@
static volatile int Sink;
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+ if (Size > 64) return 0;
int8_t Ids[256];
memset(Ids, -1, sizeof(Ids));
for (size_t i = 0; i < Size; i++)
Modified: llvm/trunk/lib/Fuzzer/test/SimpleHashTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/SimpleHashTest.cpp?rev=305521&r1=305520&r2=305521&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/SimpleHashTest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/SimpleHashTest.cpp Thu Jun 15 17:43:40 2017
@@ -26,7 +26,7 @@ static uint32_t simple_hash(const uint8_
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
- if (Size < 14)
+ if (Size < 14 || Size > 64)
return 0;
uint32_t Hash = simple_hash(&Data[0], Size - 4);
Modified: llvm/trunk/lib/Fuzzer/test/SingleStrncmpTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/SingleStrncmpTest.cpp?rev=305521&r1=305520&r2=305521&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/SingleStrncmpTest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/SingleStrncmpTest.cpp Thu Jun 15 17:43:40 2017
@@ -8,6 +8,7 @@
#include <cstring>
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+ if (Size > 64) return 0;
char *S = (char*)Data;
volatile auto Strncmp = &(strncmp); // Make sure strncmp is not inlined.
if (Size >= 6 && !Strncmp(S, "qwerty", 6)) {
Modified: llvm/trunk/lib/Fuzzer/test/fuzzer-dirs.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/fuzzer-dirs.test?rev=305521&r1=305520&r2=305521&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/fuzzer-dirs.test (original)
+++ llvm/trunk/lib/Fuzzer/test/fuzzer-dirs.test Thu Jun 15 17:43:40 2017
@@ -5,9 +5,13 @@ RUN: echo b > %t/SUB1/SUB2/b
RUN: echo c > %t/SUB1/SUB2/SUB3/c
RUN: LLVMFuzzer-SimpleTest %t/SUB1 -runs=0 2>&1 | FileCheck %s --check-prefix=SUBDIRS
SUBDIRS: READ units: 3
-RUN: echo -n zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz > %t/SUB1/long
+RUN: echo -n zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz > %t/SUB1/f64
+RUN: cat %t/SUB1/f64 %t/SUB1/f64 %t/SUB1/f64 %t/SUB1/f64 > %t/SUB1/f256
+RUN: cat %t/SUB1/f256 %t/SUB1/f256 %t/SUB1/f256 %t/SUB1/f256 > %t/SUB1/f1024
+RUN: cat %t/SUB1/f1024 %t/SUB1/f1024 %t/SUB1/f1024 %t/SUB1/f1024 > %t/SUB1/f4096
+RUN: cat %t/SUB1/f4096 %t/SUB1/f4096 > %t/SUB1/f8192
RUN: LLVMFuzzer-SimpleTest %t/SUB1 -runs=0 2>&1 | FileCheck %s --check-prefix=LONG
-LONG: INFO: -max_len is not provided, using 93
+LONG: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 8192 bytes
RUN: rm -rf %t/SUB1
RUN: not LLVMFuzzer-SimpleTest NONEXISTENT_DIR 2>&1 | FileCheck %s --check-prefix=NONEXISTENT_DIR
Modified: llvm/trunk/lib/Fuzzer/test/inline-8bit-counters.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/inline-8bit-counters.test?rev=305521&r1=305520&r2=305521&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/inline-8bit-counters.test (original)
+++ llvm/trunk/lib/Fuzzer/test/inline-8bit-counters.test Thu Jun 15 17:43:40 2017
@@ -1,4 +1,4 @@
REQUIRES: linux
CHECK: INFO: Loaded 1 modules with {{.*}} inline 8-bit counters
CHECK: BINGO
-RUN: LLVMFuzzer-SimpleTest-Inline8bitCounters -runs=100000 -seed=1 2>&1 | FileCheck %s
+RUN: LLVMFuzzer-SimpleTest-Inline8bitCounters -runs=1000000 -seed=1 2>&1 | FileCheck %s
More information about the llvm-commits
mailing list