[PATCH] D70738: [libFuzzer] Add custom output function
Manish Goregaokar via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Nov 26 11:54:28 PST 2019
Manishearth created this revision.
Manishearth added reviewers: morehouse, kcc.
Herald added subscribers: llvm-commits, Sanitizers, delcypher.
Herald added projects: LLVM, Sanitizers.
Sometimes the input goes through a bunch of processing before it is
passed to the actual code being fuzzed. For example, you may have a
process that converts the input into a pair of UTF-8 strings. When this
is the case, it's trickier to understand what the failing input was
if libFuzzer is only outputting the byte stream.
This commit adds `LLVMFuzzerCustomOutput`, which can be used to print
the failing input string with custom formatting.
Repository:
rCRT Compiler Runtime
https://reviews.llvm.org/D70738
Files:
lib/fuzzer/FuzzerExtFunctions.def
lib/fuzzer/FuzzerInterface.h
lib/fuzzer/FuzzerLoop.cpp
Index: lib/fuzzer/FuzzerLoop.cpp
===================================================================
--- lib/fuzzer/FuzzerLoop.cpp
+++ lib/fuzzer/FuzzerLoop.cpp
@@ -185,6 +185,9 @@
}
WriteUnitToFileWithPrefix({CurrentUnitData, CurrentUnitData + UnitSize},
Prefix);
+ if (EF->LLVMFuzzerCustomOutput) {
+ EF->LLVMFuzzerCustomOutput(CurrentUnitData, CurrentUnitSize);
+ }
}
NO_SANITIZE_MEMORY
Index: lib/fuzzer/FuzzerInterface.h
===================================================================
--- lib/fuzzer/FuzzerInterface.h
+++ lib/fuzzer/FuzzerInterface.h
@@ -63,6 +63,13 @@
const uint8_t *Data2, size_t Size2, uint8_t *Out,
size_t MaxOutSize, unsigned int Seed);
+
+// Optional user-provided custom output function.
+// Takes the found input data and prints it in whatever formatting
+// best suits the testcase.
+FUZZER_INTERFACE_VISIBILITY void
+LLVMFuzzerCustomOutput(const uint8_t *Data, size_t Size);
+
// Experimental, may go away in future.
// libFuzzer-provided function to be used inside LLVMFuzzerCustomMutator.
// Mutates raw data in [Data, Data+Size) inplace.
Index: lib/fuzzer/FuzzerExtFunctions.def
===================================================================
--- lib/fuzzer/FuzzerExtFunctions.def
+++ lib/fuzzer/FuzzerExtFunctions.def
@@ -18,6 +18,9 @@
EXT_FUNC(LLVMFuzzerCustomMutator, size_t,
(uint8_t *Data, size_t Size, size_t MaxSize, unsigned int Seed),
false);
+EXT_FUNC(LLVMFuzzerCustomOutput, void,
+ (const uint8_t * Data, size_t Size),
+ false);
EXT_FUNC(LLVMFuzzerCustomCrossOver, size_t,
(const uint8_t *Data1, size_t Size1,
const uint8_t *Data2, size_t Size2,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D70738.231117.patch
Type: text/x-patch
Size: 1763 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20191126/77b04ad8/attachment.bin>
More information about the llvm-commits
mailing list