[libFuzzer] support -runs=N in the fork mode. Make sure we see one-line reports from ubsan in the fork mode. Test both
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@358306 91177308-0d34-0410-b5e6-96231b3b80d8
diff --git a/lib/fuzzer/FuzzerFork.cpp b/lib/fuzzer/FuzzerFork.cpp
index 52a233f..20c9950 100644
--- a/lib/fuzzer/FuzzerFork.cpp
+++ b/lib/fuzzer/FuzzerFork.cpp
@@ -103,6 +103,7 @@
FuzzJob *CreateNewJob(size_t JobId) {
Command Cmd(Args);
Cmd.removeFlag("fork");
+ Cmd.removeFlag("runs");
for (auto &C : CorpusDirs) // Remove all corpora from the args.
Cmd.removeArgument(C);
Cmd.addFlag("reload", "0"); // working in an isolated dir, no reload.
@@ -278,7 +279,8 @@
std::ifstream In(Job->LogPath);
std::string Line;
while (std::getline(In, Line, '\n'))
- if (Line.find("ERROR:") != Line.npos)
+ if (Line.find("ERROR:") != Line.npos ||
+ Line.find("runtime error:") != Line.npos)
Printf("%s\n", Line.c_str());
} else {
// And exit if we don't ignore this crash.
@@ -298,6 +300,12 @@
Env.secondsSinceProcessStartUp());
Stop = true;
}
+ if (Options.MaxNumberOfRuns >= 0 && !Stop &&
+ Env.NumRuns >= Options.MaxNumberOfRuns) {
+ Printf("INFO: fuzzed for %zd iterations, wrapping up soon\n",
+ Env.NumRuns);
+ Stop = true;
+ }
if (!Stop)
FuzzQ.Push(Env.CreateNewJob(JobId++));
diff --git a/test/fuzzer/IntegerOverflowTest.cpp b/test/fuzzer/IntegerOverflowTest.cpp
new file mode 100644
index 0000000..4f5a259
--- /dev/null
+++ b/test/fuzzer/IntegerOverflowTest.cpp
@@ -0,0 +1,17 @@
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+
+// Simple test for a fuzzer. The fuzzer must find the string "Hi" and cause an
+// integer overflow.
+#include <cstddef>
+#include <cstdint>
+
+static int Val = 1 << 30;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+ if (Size >= 2 && Data[0] == 'H' && Data[1] == 'i')
+ Val += Val;
+ return 0;
+}
+
diff --git a/test/fuzzer/fork-ubsan.test b/test/fuzzer/fork-ubsan.test
new file mode 100644
index 0000000..7d7ee16
--- /dev/null
+++ b/test/fuzzer/fork-ubsan.test
@@ -0,0 +1,6 @@
+# UNSUPPORTED: darwin, freebsd
+# Tests how the fork mode works together with ubsan.
+RUN: %cpp_compiler %S/IntegerOverflowTest.cpp -o %t-IntegerOverflowTest -fsanitize=signed-integer-overflow -fno-sanitize-recover=signed-integer-overflow
+RUN: not %run %t-IntegerOverflowTest -fork=1 -ignore_crashes=1 -runs=10000 2>&1 | FileCheck %s --check-prefix=UBSAN_FORK
+UBSAN_FORK: runtime error: signed integer overflow: 1073741824 + 1073741824 cannot be represented in type 'int'
+UBSAN_FORK: INFO: fuzzed for {{.*}} iterations, wrapping up soon