[compiler-rt] r354186 - [libFuzzer] fork mode: try harder to cleanup after itself

Kostya Serebryany via llvm-commits llvm-commits at lists.llvm.org
Fri Feb 15 16:14:17 PST 2019 

Author: kcc
Date: Fri Feb 15 16:14:16 2019
New Revision: 354186

URL: http://llvm.org/viewvc/llvm-project?rev=354186&view=rev
Log:
[libFuzzer] fork mode: try harder to cleanup after itself

Added:
    compiler-rt/trunk/test/fuzzer/fork-sigusr.test
Modified:
    compiler-rt/trunk/lib/fuzzer/FuzzerFork.cpp
    compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp

Modified: compiler-rt/trunk/lib/fuzzer/FuzzerFork.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerFork.cpp?rev=354186&r1=354185&r2=354186&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerFork.cpp (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerFork.cpp Fri Feb 15 16:14:16 2019
@@ -19,6 +19,7 @@
 #include <atomic>
 #include <chrono>
 #include <fstream>
+#include <memory>
 #include <mutex>
 #include <queue>
 #include <sstream>
@@ -67,6 +68,12 @@ struct FuzzJob {
 
   // Fuzzing Outputs.
   int ExitCode;
+
+  ~FuzzJob() {
+    RemoveFile(CFPath);
+    RemoveFile(LogPath);
+    RmDirRecursive(CorpusDir);
+  }
 };
 
 struct GlobalEnv {
@@ -141,14 +148,12 @@ struct GlobalEnv {
     Set<uint32_t> NewFeatures, NewCov;
     CrashResistantMerge(Args, {}, TempFiles, &FilesToAdd, Features,
                         &NewFeatures, Cov, &NewCov, Job->CFPath, false);
-    RemoveFile(Job->CFPath);
     for (auto &Path : FilesToAdd) {
       auto U = FileToVector(Path);
       auto NewPath = DirPlusFile(MainCorpusDir, Hash(U));
       WriteToFile(U, NewPath);
       Files.push_back(NewPath);
     }
-    RmDirRecursive(Job->CorpusDir);
     Features.insert(NewFeatures.begin(), NewFeatures.end());
     Cov.insert(NewCov.begin(), NewCov.end());
     for (auto Idx : NewCov)
@@ -246,7 +251,7 @@ void FuzzWithFork(Random &Rand, const Fu
   }
 
   while (true) {
-    auto Job = MergeQ.Pop();
+    std::unique_ptr<FuzzJob> Job(MergeQ.Pop());
     if (!Job) {
       if (Stop)
         break;
@@ -254,16 +259,19 @@ void FuzzWithFork(Random &Rand, const Fu
       continue;
     }
     ExitCode = Job->ExitCode;
-    if (ExitCode != Options.InterruptExitCode)
-      Env.RunOneMergeJob(Job);
+    if (ExitCode == Options.InterruptExitCode) {
+      Printf("==%lu== libFuzzer: a child was interrupted; exiting\n", GetPid());
+      Stop = true;
+      break;
+    }
+
+    Env.RunOneMergeJob(Job.get());
 
     // Continue if our crash is one of the ignorred ones.
     if (Options.IgnoreTimeouts && ExitCode == Options.TimeoutExitCode)
       Env.NumTimeouts++;
     else if (Options.IgnoreOOMs && ExitCode == Options.OOMExitCode)
       Env.NumOOMs++;
-    else if (ExitCode == Options.InterruptExitCode)
-      Stop = true;
     else if (ExitCode != 0) {
       Env.NumCrashes++;
       if (Options.IgnoreCrashes) {
@@ -279,8 +287,6 @@ void FuzzWithFork(Random &Rand, const Fu
         Stop = true;
       }
     }
-    RemoveFile(Job->LogPath);
-    delete Job;
 
     // Stop if we are over the time budget.
     // This is not precise, since other threads are still running
@@ -298,11 +304,13 @@ void FuzzWithFork(Random &Rand, const Fu
   }
   Stop = true;
 
+  // The workers have already finished doing useful work, or
+  // we were interrupted. Either way, cleanup up now.
+  RmDirRecursive(Env.TempDir);
+
   for (auto &T : Threads)
     T.join();
 
-  RmDirRecursive(Env.TempDir);
-
   // Use the exit code from the last child process.
   Printf("INFO: exiting: %d time: %zds\n", ExitCode,
          Env.secondsSinceProcessStartUp());

Modified: compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp?rev=354186&r1=354185&r2=354186&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp Fri Feb 15 16:14:16 2019
@@ -258,6 +258,7 @@ void Fuzzer::ExitCallback() {
 void Fuzzer::MaybeExitGracefully() {
   if (!F->GracefulExitRequested) return;
   Printf("==%lu== INFO: libFuzzer: exiting as requested\n", GetPid());
+  RmDirRecursive(TempPath(".dir"));
   F->PrintFinalStats();
   _Exit(0);
 }
@@ -265,6 +266,7 @@ void Fuzzer::MaybeExitGracefully() {
 void Fuzzer::InterruptCallback() {
   Printf("==%lu== libFuzzer: run interrupted; exiting\n", GetPid());
   PrintFinalStats();
+  RmDirRecursive(TempPath(".dir"));
   // Stop right now, don't perform any at-exit actions.
   _Exit(Options.InterruptExitCode);
 }

Added: compiler-rt/trunk/test/fuzzer/fork-sigusr.test
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/fuzzer/fork-sigusr.test?rev=354186&view=auto
==============================================================================
--- compiler-rt/trunk/test/fuzzer/fork-sigusr.test (added)
+++ compiler-rt/trunk/test/fuzzer/fork-sigusr.test Fri Feb 15 16:14:16 2019
@@ -0,0 +1,15 @@
+# Check that libFuzzer honors SIGUSR1/SIGUSR2
+# FIXME: Disabled on Windows for now because of reliance on posix only features
+# (eg: export, "&", pkill).
+UNSUPPORTED: darwin, windows
+RUN: rm -rf %t
+RUN: mkdir -p %t
+RUN: %cpp_compiler %S/ShallowOOMDeepCrash.cpp -o %t/ForkSIGUSR
+
+RUN: %run %t/ForkSIGUSR -fork=3 -rss_limit_mb=128 -ignore_crashes=1 2>  %t/log & export PID=$!
+RUN: sleep 3
+RUN: pkill -SIGUSR2 -f %t/ForkSIGUSR
+RUN: sleep 3
+RUN: cat %t/log | FileCheck %s
+
+CHECK: libFuzzer: {{.*}}exiting

More information about the llvm-commits mailing list