[PATCH] D67642: Make FuzzerLoop error printing more uniform.
Aaron Green via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Mon Sep 16 16:55:42 PDT 2019
aarongreen created this revision.
aarongreen added reviewers: phosek, mcgrathr.
Herald added projects: LLVM, Sanitizers.
Herald added subscribers: llvm-commits, Sanitizers.
This change ensures libfuzzer always prints errors the same way, i.e. "==<pid>== ERROR: libfuzzer: ...". For simple errors, it provides PrintError(const char *). For formatted errors, the approach is to use PrintErrorPrefix, followed by Printf. Having a formatted version of PrintError, i.e. PrintErrorf, was considered but avoided since there isn't a varargs version of Printf available in FuzzerIO.h (VPrintf is not equivalent to vprintf).
This change also makes sure libfuzzer reports when the sanitizer invokes its death callback, which allows easier log collection on platforms that process exceptions out of process (e.g. Fuchsia)
Finally, it corrects the error message for overwriting const input data.
Repository:
rCRT Compiler Runtime
https://reviews.llvm.org/D67642
Files:
compiler-rt/lib/fuzzer/FuzzerLoop.cpp
Index: compiler-rt/lib/fuzzer/FuzzerLoop.cpp
===================================================================
--- compiler-rt/lib/fuzzer/FuzzerLoop.cpp
+++ compiler-rt/lib/fuzzer/FuzzerLoop.cpp
@@ -120,12 +120,21 @@
}
}
+static void PrintErrorPrefix() {
+ Printf("==%lu== ERROR: libFuzzer: ", GetPid());
+}
+
+static void PrintError(const char *Message) {
+ PrintErrorPrefix();
+ Printf("%s\n", Message);
+}
+
// Crash on a single malloc that exceeds the rss limit.
void Fuzzer::HandleMalloc(size_t Size) {
if (!Options.MallocLimitMb || (Size >> 20) < (size_t)Options.MallocLimitMb)
return;
- Printf("==%d== ERROR: libFuzzer: out-of-memory (malloc(%zd))\n", GetPid(),
- Size);
+ PrintErrorPrefix();
+ Printf("out-of-memory (malloc(%zd))\n", Size);
Printf(" To change the out-of-memory limit use -rss_limit_mb=<N>\n\n");
PrintStackTrace();
DumpCurrentUnit("oom-");
@@ -189,6 +198,7 @@
NO_SANITIZE_MEMORY
void Fuzzer::DeathCallback() {
+ PrintError("sanitizer terminated fuzz target");
DumpCurrentUnit("crash-");
PrintFinalStats();
}
@@ -220,7 +230,7 @@
}
void Fuzzer::StaticFileSizeExceedCallback() {
- Printf("==%lu== ERROR: libFuzzer: file size exceeded\n", GetPid());
+ PrintError("file size exceeded");
exit(1);
}
@@ -228,7 +238,7 @@
if (EF->__sanitizer_acquire_crash_state &&
!EF->__sanitizer_acquire_crash_state())
return;
- Printf("==%lu== ERROR: libFuzzer: deadly signal\n", GetPid());
+ PrintError("deadly signal");
PrintStackTrace();
Printf("NOTE: libFuzzer has rudimentary signal handlers.\n"
" Combine libFuzzer with AddressSanitizer or similar for better "
@@ -245,7 +255,7 @@
if (EF->__sanitizer_acquire_crash_state &&
!EF->__sanitizer_acquire_crash_state())
return;
- Printf("==%lu== ERROR: libFuzzer: fuzz target exited\n", GetPid());
+ PrintError("fuzz target exited");
PrintStackTrace();
Printf("SUMMARY: libFuzzer: fuzz target exited\n");
DumpCurrentUnit("crash-");
@@ -295,8 +305,8 @@
Printf(" and the timeout value is %d (use -timeout=N to change)\n",
Options.UnitTimeoutSec);
DumpCurrentUnit("timeout-");
- Printf("==%lu== ERROR: libFuzzer: timeout after %d seconds\n", GetPid(),
- Seconds);
+ PrintErrorPrefix();
+ Printf("timeout after %d seconds\n", Seconds);
PrintStackTrace();
Printf("SUMMARY: libFuzzer: timeout\n");
PrintFinalStats();
@@ -308,9 +318,8 @@
if (EF->__sanitizer_acquire_crash_state &&
!EF->__sanitizer_acquire_crash_state())
return;
- Printf(
- "==%lu== ERROR: libFuzzer: out-of-memory (used: %zdMb; limit: %zdMb)\n",
- GetPid(), GetPeakRSSMb(), Options.RssLimitMb);
+ PrintErrorPrefix();
+ Printf("out-of-memory (used: %zdMb; limit: %zdMb)\n", GetPeakRSSMb(), Options.RssLimitMb);
Printf(" To change the out-of-memory limit use -rss_limit_mb=<N>\n\n");
PrintMemoryProfile();
DumpCurrentUnit("oom-");
@@ -513,10 +522,9 @@
}
void Fuzzer::CrashOnOverwrittenData() {
- Printf("==%d== ERROR: libFuzzer: fuzz target overwrites it's const input\n",
- GetPid());
+ PrintError("fuzz target overwrites its const input");
DumpCurrentUnit("crash-");
- Printf("SUMMARY: libFuzzer: out-of-memory\n");
+ Printf("SUMMARY: libFuzzer: input overwritten\n");
_Exit(Options.ErrorExitCode); // Stop right now.
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D67642.220406.patch
Type: text/x-patch
Size: 3391 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20190916/deb99d5b/attachment.bin>
More information about the llvm-commits
mailing list