Skip to content

Commit 65132e2

Browse files
committed
[libFuzzer] support -runs=N in the fork mode. Make sure we see one-line reports from ubsan in the fork mode. Test both
llvm-svn: 358306
1 parent 3dc7c7c commit 65132e2

File tree

3 files changed

+32
-1
lines changed

3 files changed

+32
-1
lines changed

compiler-rt/lib/fuzzer/FuzzerFork.cpp

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -103,6 +103,7 @@ struct GlobalEnv {
103103
FuzzJob *CreateNewJob(size_t JobId) {
104104
Command Cmd(Args);
105105
Cmd.removeFlag("fork");
106+
Cmd.removeFlag("runs");
106107
for (auto &C : CorpusDirs) // Remove all corpora from the args.
107108
Cmd.removeArgument(C);
108109
Cmd.addFlag("reload", "0"); // working in an isolated dir, no reload.
@@ -278,7 +279,8 @@ void FuzzWithFork(Random &Rand, const FuzzingOptions &Options,
278279
std::ifstream In(Job->LogPath);
279280
std::string Line;
280281
while (std::getline(In, Line, '\n'))
281-
if (Line.find("ERROR:") != Line.npos)
282+
if (Line.find("ERROR:") != Line.npos ||
283+
Line.find("runtime error:") != Line.npos)
282284
Printf("%s\n", Line.c_str());
283285
} else {
284286
// And exit if we don't ignore this crash.
@@ -298,6 +300,12 @@ void FuzzWithFork(Random &Rand, const FuzzingOptions &Options,
298300
Env.secondsSinceProcessStartUp());
299301
Stop = true;
300302
}
303+
if (Options.MaxNumberOfRuns >= 0 && !Stop &&
304+
Env.NumRuns >= Options.MaxNumberOfRuns) {
305+
Printf("INFO: fuzzed for %zd iterations, wrapping up soon\n",
306+
Env.NumRuns);
307+
Stop = true;
308+
}
301309

302310
if (!Stop)
303311
FuzzQ.Push(Env.CreateNewJob(JobId++));
Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
2+
// See https://llvm.org/LICENSE.txt for license information.
3+
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
4+
5+
// Simple test for a fuzzer. The fuzzer must find the string "Hi" and cause an
6+
// integer overflow.
7+
#include <cstddef>
8+
#include <cstdint>
9+
10+
static int Val = 1 << 30;
11+
12+
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
13+
if (Size >= 2 && Data[0] == 'H' && Data[1] == 'i')
14+
Val += Val;
15+
return 0;
16+
}
17+
Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
# UNSUPPORTED: darwin, freebsd
2+
# Tests how the fork mode works together with ubsan.
3+
RUN: %cpp_compiler %S/IntegerOverflowTest.cpp -o %t-IntegerOverflowTest -fsanitize=signed-integer-overflow -fno-sanitize-recover=signed-integer-overflow
4+
RUN: not %run %t-IntegerOverflowTest -fork=1 -ignore_crashes=1 -runs=10000 2>&1 | FileCheck %s --check-prefix=UBSAN_FORK
5+
UBSAN_FORK: runtime error: signed integer overflow: 1073741824 + 1073741824 cannot be represented in type 'int'
6+
UBSAN_FORK: INFO: fuzzed for {{.*}} iterations, wrapping up soon

0 commit comments

Comments
 (0)