Google Git
Sign in
llvm / compiler-rt / 31b0a28a5949cbbe87ddf2d6f71c5761bee557f4^! / .
commit31b0a28a5949cbbe87ddf2d6f71c5761bee557f4[log] [tgz]
authorKostya Serebryany <kcc@google.com>Fri Apr 12 20:20:57 2019 +0000
committerKostya Serebryany <kcc@google.com>Fri Apr 12 20:20:57 2019 +0000
treee8d8c87ee8c256855dd4235be44bc1ba12f7bad7
parent517a8bcc155fbe10cf16d10fd0203bbc4c9baf53 [diff]
[libFuzzer] support -runs=N in the fork mode. Make sure we see one-line reports from ubsan in the fork mode. Test both

git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@358306 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/fuzzer/FuzzerFork.cpp b/lib/fuzzer/FuzzerFork.cpp
index 52a233f..20c9950 100644
--- a/lib/fuzzer/FuzzerFork.cpp
+++ b/lib/fuzzer/FuzzerFork.cpp

@@ -103,6 +103,7 @@
   FuzzJob *CreateNewJob(size_t JobId) {
     Command Cmd(Args);
     Cmd.removeFlag("fork");
+    Cmd.removeFlag("runs");
     for (auto &C : CorpusDirs) // Remove all corpora from the args.
       Cmd.removeArgument(C);
     Cmd.addFlag("reload", "0");  // working in an isolated dir, no reload.
@@ -278,7 +279,8 @@
         std::ifstream In(Job->LogPath);
         std::string Line;
         while (std::getline(In, Line, '\n'))
-          if (Line.find("ERROR:") != Line.npos)
+          if (Line.find("ERROR:") != Line.npos ||
+              Line.find("runtime error:") != Line.npos)
             Printf("%s\n", Line.c_str());
       } else {
         // And exit if we don't ignore this crash.
@@ -298,6 +300,12 @@
              Env.secondsSinceProcessStartUp());
       Stop = true;
     }
+    if (Options.MaxNumberOfRuns >= 0 && !Stop &&
+        Env.NumRuns >= Options.MaxNumberOfRuns) {
+      Printf("INFO: fuzzed for %zd iterations, wrapping up soon\n",
+             Env.NumRuns);
+      Stop = true;
+    }
 
     if (!Stop)
       FuzzQ.Push(Env.CreateNewJob(JobId++));

diff --git a/test/fuzzer/IntegerOverflowTest.cpp b/test/fuzzer/IntegerOverflowTest.cpp
new file mode 100644
index 0000000..4f5a259
--- /dev/null
+++ b/test/fuzzer/IntegerOverflowTest.cpp

@@ -0,0 +1,17 @@
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+
+// Simple test for a fuzzer. The fuzzer must find the string "Hi" and cause an
+// integer overflow.
+#include <cstddef>
+#include <cstdint>
+
+static int Val = 1 << 30;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (Size >= 2 && Data[0] == 'H' && Data[1] == 'i')
+    Val += Val;
+  return 0;
+}
+

diff --git a/test/fuzzer/fork-ubsan.test b/test/fuzzer/fork-ubsan.test
new file mode 100644
index 0000000..7d7ee16
--- /dev/null
+++ b/test/fuzzer/fork-ubsan.test

@@ -0,0 +1,6 @@
+# UNSUPPORTED: darwin, freebsd
+# Tests how the fork mode works together with ubsan.
+RUN: %cpp_compiler %S/IntegerOverflowTest.cpp -o %t-IntegerOverflowTest -fsanitize=signed-integer-overflow -fno-sanitize-recover=signed-integer-overflow
+RUN: not %run %t-IntegerOverflowTest -fork=1 -ignore_crashes=1  -runs=10000 2>&1 | FileCheck %s --check-prefix=UBSAN_FORK
+UBSAN_FORK: runtime error: signed integer overflow: 1073741824 + 1073741824 cannot be represented in type 'int'
+UBSAN_FORK: INFO: fuzzed for {{.*}} iterations, wrapping up soon