[libFuzzer] support -runs=N in the fork mode. Make sure we see one-line reports from ubsan in the fork mode. Test both

kcc · kcc · commit 65132e211814 · 2019-04-12T20:20:57.000Z
llvm-svn: 358306
diff --git a/compiler-rt/lib/fuzzer/FuzzerFork.cpp b/compiler-rt/lib/fuzzer/FuzzerFork.cpp
@@ -103,6 +103,7 @@ struct GlobalEnv {
   FuzzJob *CreateNewJob(size_t JobId) {
     Command Cmd(Args);
     Cmd.removeFlag("fork");
+    Cmd.removeFlag("runs");
     for (auto &C : CorpusDirs) // Remove all corpora from the args.
       Cmd.removeArgument(C);
     Cmd.addFlag("reload", "0");  // working in an isolated dir, no reload.
@@ -278,7 +279,8 @@ void FuzzWithFork(Random &Rand, const FuzzingOptions &Options,
         std::ifstream In(Job->LogPath);
         std::string Line;
         while (std::getline(In, Line, '\n'))
-          if (Line.find("ERROR:") != Line.npos)
+          if (Line.find("ERROR:") != Line.npos ||
+              Line.find("runtime error:") != Line.npos)
             Printf("%s\n", Line.c_str());
       } else {
         // And exit if we don't ignore this crash.
@@ -298,6 +300,12 @@ void FuzzWithFork(Random &Rand, const FuzzingOptions &Options,
              Env.secondsSinceProcessStartUp());
       Stop = true;
     }
+    if (Options.MaxNumberOfRuns >= 0 && !Stop &&
+        Env.NumRuns >= Options.MaxNumberOfRuns) {
+      Printf("INFO: fuzzed for %zd iterations, wrapping up soon\n",
+             Env.NumRuns);
+      Stop = true;
+    }
 
     if (!Stop)
       FuzzQ.Push(Env.CreateNewJob(JobId++));
diff --git a/compiler-rt/test/fuzzer/IntegerOverflowTest.cpp b/compiler-rt/test/fuzzer/IntegerOverflowTest.cpp
@@ -0,0 +1,17 @@
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+
+// Simple test for a fuzzer. The fuzzer must find the string "Hi" and cause an
+// integer overflow.
+#include <cstddef>
+#include <cstdint>
+
+static int Val = 1 << 30;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (Size >= 2 && Data[0] == 'H' && Data[1] == 'i')
+    Val += Val;
+  return 0;
+}
+
diff --git a/compiler-rt/test/fuzzer/fork-ubsan.test b/compiler-rt/test/fuzzer/fork-ubsan.test
@@ -0,0 +1,6 @@
+# UNSUPPORTED: darwin, freebsd
+# Tests how the fork mode works together with ubsan.
+RUN: %cpp_compiler %S/IntegerOverflowTest.cpp -o %t-IntegerOverflowTest -fsanitize=signed-integer-overflow -fno-sanitize-recover=signed-integer-overflow
+RUN: not %run %t-IntegerOverflowTest -fork=1 -ignore_crashes=1  -runs=10000 2>&1 | FileCheck %s --check-prefix=UBSAN_FORK
+UBSAN_FORK: runtime error: signed integer overflow: 1073741824 + 1073741824 cannot be represented in type 'int'
+UBSAN_FORK: INFO: fuzzed for {{.*}} iterations, wrapping up soon
