[libFuzzer] change the default max_len from 64 to 4096. This will affect cases where...

author Kostya Serebryany <kcc@google.com>

Thu, 15 Jun 2017 22:43:40 +0000 (22:43 +0000)

committer Dmitriy Nikiforov <d.nikiforov@partner.samsung.com>

Mon, 17 Jul 2017 04:47:38 +0000 (13:47 +0900)
author Kostya Serebryany <kcc@google.com>
Thu, 15 Jun 2017 22:43:40 +0000 (22:43 +0000)
committer Dmitriy Nikiforov <d.nikiforov@partner.samsung.com>
Mon, 17 Jul 2017 04:47:38 +0000 (13:47 +0900)
diff --git a/lib/Fuzzer/FuzzerDriver.cpp b/lib/Fuzzer/FuzzerDriver.cpp

index 9aad377..0453a7f 100644 (file)
--- a/lib/Fuzzer/FuzzerDriver.cpp
+++ b/lib/Fuzzer/FuzzerDriver.cpp
@@ -553,12 +553,12 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {
      return RunInMultipleProcesses(Args, Flags.workers, Flags.jobs);
  
    const size_t kMaxSaneLen = 1 << 20;
-  const size_t kMinDefaultLen = 64;
+  const size_t kMinDefaultLen = 4096;
    FuzzingOptions Options;
    Options.Verbosity = Flags.verbosity;
    Options.MaxLen = Flags.max_len;
    Options.ExperimentalLenControl = Flags.experimental_len_control;
-  if (Flags.experimental_len_control && Flags.max_len == 64)
+  if (Flags.experimental_len_control && Flags.max_len == kMinDefaultLen)
      Options.MaxLen = 1 << 20;
    Options.UnitTimeoutSec = Flags.timeout;
    Options.ErrorExitCode = Flags.error_exitcode;
diff --git a/lib/Fuzzer/FuzzerLoop.cpp b/lib/Fuzzer/FuzzerLoop.cpp

index f608328..fbf1835 100644 (file)
--- a/lib/Fuzzer/FuzzerLoop.cpp
+++ b/lib/Fuzzer/FuzzerLoop.cpp
@@ -301,7 +301,9 @@ void Fuzzer::SetMaxInputLen(size_t MaxInputLen) {
    this->MaxInputLen = MaxInputLen;
    this->MaxMutationLen = MaxInputLen;
    AllocateCurrentUnitData();
-  Printf("INFO: -max_len is not provided, using %zd\n", MaxInputLen);
+  Printf("INFO: -max_len is not provided; "
+         "libFuzzer will not generate inputs larger than %zd bytes\n",
+         MaxInputLen);
  }
  
  void Fuzzer::SetMaxMutationLen(size_t MaxMutationLen) {
diff --git a/lib/Fuzzer/test/AbsNegAndConstant64Test.cpp b/lib/Fuzzer/test/AbsNegAndConstant64Test.cpp

index dfb6007..b5a61dd 100644 (file)
--- a/lib/Fuzzer/test/AbsNegAndConstant64Test.cpp
+++ b/lib/Fuzzer/test/AbsNegAndConstant64Test.cpp
@@ -9,7 +9,7 @@
  #include <cstring>
  
  extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
-  if (Size < 16) return 0;
+  if (Size < 16 || Size > 64) return 0;
    int64_t x;
    uint64_t y;
    memcpy(&x, Data, sizeof(x));
diff --git a/lib/Fuzzer/test/FourIndependentBranchesTest.cpp b/lib/Fuzzer/test/FourIndependentBranchesTest.cpp

index bbf5ea2..ba963d9 100644 (file)
--- a/lib/Fuzzer/test/FourIndependentBranchesTest.cpp
+++ b/lib/Fuzzer/test/FourIndependentBranchesTest.cpp
@@ -8,6 +8,7 @@
  #include <iostream>
  
  extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (Size > 64) return 0;
    int bits = 0;
    if (Size > 0 && Data[0] == 'F') bits |= 1;
    if (Size > 1 && Data[1] == 'U') bits |= 2;
diff --git a/lib/Fuzzer/test/ShrinkControlFlowTest.cpp b/lib/Fuzzer/test/ShrinkControlFlowTest.cpp

index d095429..37eeede 100644 (file)
--- a/lib/Fuzzer/test/ShrinkControlFlowTest.cpp
+++ b/lib/Fuzzer/test/ShrinkControlFlowTest.cpp
@@ -11,6 +11,7 @@
  static volatile int Sink;
  
  extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (Size > 64) return 0;
    int8_t Ids[256];
    memset(Ids, -1, sizeof(Ids));
    for (size_t i = 0; i < Size; i++)
diff --git a/lib/Fuzzer/test/SimpleHashTest.cpp b/lib/Fuzzer/test/SimpleHashTest.cpp

index 99e96cb..a3f4211 100644 (file)
--- a/lib/Fuzzer/test/SimpleHashTest.cpp
+++ b/lib/Fuzzer/test/SimpleHashTest.cpp
@@ -26,7 +26,7 @@ static uint32_t simple_hash(const uint8_t *Data, size_t Size) {
  }
  
  extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
-  if (Size < 14)
+  if (Size < 14 || Size > 64)
      return 0;
  
    uint32_t Hash = simple_hash(&Data[0], Size - 4);
diff --git a/lib/Fuzzer/test/SingleStrncmpTest.cpp b/lib/Fuzzer/test/SingleStrncmpTest.cpp

index b302670..b38c799 100644 (file)
--- a/lib/Fuzzer/test/SingleStrncmpTest.cpp
+++ b/lib/Fuzzer/test/SingleStrncmpTest.cpp
@@ -8,6 +8,7 @@
  #include <cstring>
  
  extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (Size > 64) return 0;
    char *S = (char*)Data;
    volatile auto Strncmp = &(strncmp);   // Make sure strncmp is not inlined.
    if (Size >= 6 && !Strncmp(S, "qwerty", 6)) {
diff --git a/lib/Fuzzer/test/fuzzer-dirs.test b/lib/Fuzzer/test/fuzzer-dirs.test

index 3de64f2..622ff5d 100644 (file)
--- a/lib/Fuzzer/test/fuzzer-dirs.test
+++ b/lib/Fuzzer/test/fuzzer-dirs.test
@@ -5,9 +5,13 @@ RUN: echo b > %t/SUB1/SUB2/b
  RUN: echo c > %t/SUB1/SUB2/SUB3/c
  RUN: LLVMFuzzer-SimpleTest %t/SUB1 -runs=0 2>&1 | FileCheck %s --check-prefix=SUBDIRS
  SUBDIRS: READ   units: 3
-RUN: echo -n zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz > %t/SUB1/long
+RUN: echo -n zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz > %t/SUB1/f64
+RUN: cat %t/SUB1/f64 %t/SUB1/f64 %t/SUB1/f64 %t/SUB1/f64 > %t/SUB1/f256
+RUN: cat %t/SUB1/f256 %t/SUB1/f256 %t/SUB1/f256 %t/SUB1/f256 > %t/SUB1/f1024
+RUN: cat %t/SUB1/f1024 %t/SUB1/f1024 %t/SUB1/f1024 %t/SUB1/f1024 > %t/SUB1/f4096
+RUN: cat %t/SUB1/f4096 %t/SUB1/f4096 > %t/SUB1/f8192
  RUN: LLVMFuzzer-SimpleTest %t/SUB1 -runs=0 2>&1 | FileCheck %s --check-prefix=LONG
-LONG: INFO: -max_len is not provided, using 93
+LONG: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 8192 bytes
  RUN: rm -rf %t/SUB1
  
  RUN: not LLVMFuzzer-SimpleTest NONEXISTENT_DIR 2>&1 | FileCheck %s --check-prefix=NONEXISTENT_DIR
diff --git a/lib/Fuzzer/test/inline-8bit-counters.test b/lib/Fuzzer/test/inline-8bit-counters.test

index 4b6ae83..8747af8 100644 (file)
--- a/lib/Fuzzer/test/inline-8bit-counters.test
+++ b/lib/Fuzzer/test/inline-8bit-counters.test
@@ -1,4 +1,4 @@
  REQUIRES: linux
  CHECK: INFO: Loaded 1 modules with {{.*}} inline 8-bit counters
  CHECK: BINGO
-RUN: LLVMFuzzer-SimpleTest-Inline8bitCounters -runs=100000 -seed=1 2>&1 | FileCheck %s
+RUN: LLVMFuzzer-SimpleTest-Inline8bitCounters -runs=1000000 -seed=1 2>&1 | FileCheck %s
author	Kostya Serebryany <kcc@google.com>
	Thu, 15 Jun 2017 22:43:40 +0000 (22:43 +0000)
committer	Dmitriy Nikiforov <d.nikiforov@partner.samsung.com>
	Mon, 17 Jul 2017 04:47:38 +0000 (13:47 +0900)
lib/Fuzzer/FuzzerDriver.cpp		patch \| blob \| history
lib/Fuzzer/FuzzerLoop.cpp		patch \| blob \| history
lib/Fuzzer/test/AbsNegAndConstant64Test.cpp		patch \| blob \| history
lib/Fuzzer/test/FourIndependentBranchesTest.cpp		patch \| blob \| history
lib/Fuzzer/test/ShrinkControlFlowTest.cpp		patch \| blob \| history
lib/Fuzzer/test/SimpleHashTest.cpp		patch \| blob \| history
lib/Fuzzer/test/SingleStrncmpTest.cpp		patch \| blob \| history
lib/Fuzzer/test/fuzzer-dirs.test		patch \| blob \| history
lib/Fuzzer/test/inline-8bit-counters.test		patch \| blob \| history