[compiler-rt] r358306 - [libFuzzer] support -runs=N in the fork mode. Make sure we see one-line reports from ubsan in the fork mode. Test both
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Fri Apr 12 13:20:58 PDT 2019
Author: kcc
Date: Fri Apr 12 13:20:57 2019
New Revision: 358306
URL: http://llvm.org/viewvc/llvm-project?rev=358306&view=rev
Log:
[libFuzzer] support -runs=N in the fork mode. Make sure we see one-line reports from ubsan in the fork mode. Test both
Added:
compiler-rt/trunk/test/fuzzer/IntegerOverflowTest.cpp
compiler-rt/trunk/test/fuzzer/fork-ubsan.test
Modified:
compiler-rt/trunk/lib/fuzzer/FuzzerFork.cpp
Modified: compiler-rt/trunk/lib/fuzzer/FuzzerFork.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerFork.cpp?rev=358306&r1=358305&r2=358306&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerFork.cpp (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerFork.cpp Fri Apr 12 13:20:57 2019
@@ -103,6 +103,7 @@ struct GlobalEnv {
FuzzJob *CreateNewJob(size_t JobId) {
Command Cmd(Args);
Cmd.removeFlag("fork");
+ Cmd.removeFlag("runs");
for (auto &C : CorpusDirs) // Remove all corpora from the args.
Cmd.removeArgument(C);
Cmd.addFlag("reload", "0"); // working in an isolated dir, no reload.
@@ -278,7 +279,8 @@ void FuzzWithFork(Random &Rand, const Fu
std::ifstream In(Job->LogPath);
std::string Line;
while (std::getline(In, Line, '\n'))
- if (Line.find("ERROR:") != Line.npos)
+ if (Line.find("ERROR:") != Line.npos ||
+ Line.find("runtime error:") != Line.npos)
Printf("%s\n", Line.c_str());
} else {
// And exit if we don't ignore this crash.
@@ -298,6 +300,12 @@ void FuzzWithFork(Random &Rand, const Fu
Env.secondsSinceProcessStartUp());
Stop = true;
}
+ if (Options.MaxNumberOfRuns >= 0 && !Stop &&
+ Env.NumRuns >= Options.MaxNumberOfRuns) {
+ Printf("INFO: fuzzed for %zd iterations, wrapping up soon\n",
+ Env.NumRuns);
+ Stop = true;
+ }
if (!Stop)
FuzzQ.Push(Env.CreateNewJob(JobId++));
Added: compiler-rt/trunk/test/fuzzer/IntegerOverflowTest.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/fuzzer/IntegerOverflowTest.cpp?rev=358306&view=auto
==============================================================================
--- compiler-rt/trunk/test/fuzzer/IntegerOverflowTest.cpp (added)
+++ compiler-rt/trunk/test/fuzzer/IntegerOverflowTest.cpp Fri Apr 12 13:20:57 2019
@@ -0,0 +1,17 @@
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+
+// Simple test for a fuzzer. The fuzzer must find the string "Hi" and cause an
+// integer overflow.
+#include <cstddef>
+#include <cstdint>
+
+static int Val = 1 << 30;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+ if (Size >= 2 && Data[0] == 'H' && Data[1] == 'i')
+ Val += Val;
+ return 0;
+}
+
Added: compiler-rt/trunk/test/fuzzer/fork-ubsan.test
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/fuzzer/fork-ubsan.test?rev=358306&view=auto
==============================================================================
--- compiler-rt/trunk/test/fuzzer/fork-ubsan.test (added)
+++ compiler-rt/trunk/test/fuzzer/fork-ubsan.test Fri Apr 12 13:20:57 2019
@@ -0,0 +1,6 @@
+# UNSUPPORTED: darwin, freebsd
+# Tests how the fork mode works together with ubsan.
+RUN: %cpp_compiler %S/IntegerOverflowTest.cpp -o %t-IntegerOverflowTest -fsanitize=signed-integer-overflow -fno-sanitize-recover=signed-integer-overflow
+RUN: not %run %t-IntegerOverflowTest -fork=1 -ignore_crashes=1 -runs=10000 2>&1 | FileCheck %s --check-prefix=UBSAN_FORK
+UBSAN_FORK: runtime error: signed integer overflow: 1073741824 + 1073741824 cannot be represented in type 'int'
+UBSAN_FORK: INFO: fuzzed for {{.*}} iterations, wrapping up soon
More information about the llvm-commits
mailing list