From 2b7d2e91ccbc091c8e447919d7d81f1bced8aa7f Mon Sep 17 00:00:00 2001 From: Kostya Serebryany Date: Thu, 23 Jul 2015 18:37:22 +0000 Subject: [PATCH] [libFuzzer] dump long running units to disk llvm-svn: 243031 --- llvm/lib/Fuzzer/FuzzerInternal.h | 2 +- llvm/lib/Fuzzer/FuzzerLoop.cpp | 9 +++++---- llvm/lib/Fuzzer/test/fuzzer.test | 6 +++--- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/llvm/lib/Fuzzer/FuzzerInternal.h b/llvm/lib/Fuzzer/FuzzerInternal.h index c387fe7..af3d011 100644 --- a/llvm/lib/Fuzzer/FuzzerInternal.h +++ b/llvm/lib/Fuzzer/FuzzerInternal.h @@ -108,7 +108,7 @@ class Fuzzer { size_t RunOneMaximizeFullCoverageSet(const Unit &U); size_t RunOneMaximizeCoveragePairs(const Unit &U); void WriteToOutputCorpus(const Unit &U); - void WriteToCrash(const Unit &U, const char *Prefix); + void WriteUnitToFileWithPrefix(const Unit &U, const char *Prefix); void PrintStats(const char *Where, size_t Cov, const char *End = "\n"); void PrintUnitInASCIIOrTokens(const Unit &U, const char *PrintAfter = ""); diff --git a/llvm/lib/Fuzzer/FuzzerLoop.cpp b/llvm/lib/Fuzzer/FuzzerLoop.cpp index 9ef4758..d653391 100644 --- a/llvm/lib/Fuzzer/FuzzerLoop.cpp +++ b/llvm/lib/Fuzzer/FuzzerLoop.cpp @@ -49,7 +49,7 @@ void Fuzzer::DeathCallback() { Printf("DEATH:\n"); Print(CurrentUnit, "\n"); PrintUnitInASCIIOrTokens(CurrentUnit, "\n"); - WriteToCrash(CurrentUnit, "crash-"); + WriteUnitToFileWithPrefix(CurrentUnit, "crash-"); } void Fuzzer::StaticAlarmCallback() { @@ -70,7 +70,7 @@ void Fuzzer::AlarmCallback() { Options.UnitTimeoutSec); Print(CurrentUnit, "\n"); PrintUnitInASCIIOrTokens(CurrentUnit, "\n"); - WriteToCrash(CurrentUnit, "timeout-"); + WriteUnitToFileWithPrefix(CurrentUnit, "timeout-"); exit(1); } } @@ -161,6 +161,7 @@ size_t Fuzzer::RunOne(const Unit &U) { TimeOfLongestUnitInSeconds = TimeOfUnit; Printf("Longest unit: %zd s:\n", TimeOfLongestUnitInSeconds); Print(U, "\n"); + WriteUnitToFileWithPrefix(U, "long-running-unit-"); } return Res; } @@ -248,10 +249,10 @@ void Fuzzer::WriteToOutputCorpus(const Unit &U) { Printf("Written to %s\n", Path.c_str()); } -void Fuzzer::WriteToCrash(const Unit &U, const char *Prefix) { +void Fuzzer::WriteUnitToFileWithPrefix(const Unit &U, const char *Prefix) { std::string Path = Prefix + Hash(U); WriteToFile(U, Path); - Printf("CRASHED; file written to %s\nBase64: ", Path.c_str()); + Printf("Test unit written to %s\nBase64: ", Path.c_str()); PrintFileAsBase64(Path); } diff --git a/llvm/lib/Fuzzer/test/fuzzer.test b/llvm/lib/Fuzzer/test/fuzzer.test index b233acb..55f0819 100644 --- a/llvm/lib/Fuzzer/test/fuzzer.test +++ b/llvm/lib/Fuzzer/test/fuzzer.test @@ -4,14 +4,14 @@ RUN: LLVMFuzzer-SimpleTest 2>&1 | FileCheck %s RUN: not LLVMFuzzer-InfiniteTest -timeout=2 2>&1 | FileCheck %s --check-prefix=InfiniteTest InfiniteTest: ALARM: working on the last Unit for -InfiniteTest: CRASHED; file written to timeout +InfiniteTest: Test unit written to timeout- RUN: not LLVMFuzzer-TimeoutTest -timeout=5 2>&1 | FileCheck %s --check-prefix=TimeoutTest TimeoutTest: ALARM: working on the last Unit for -TimeoutTest: CRASHED; file written to timeout +TimeoutTest: Test unit written to timeout- RUN: not LLVMFuzzer-NullDerefTest 2>&1 | FileCheck %s --check-prefix=NullDerefTest -NullDerefTest: CRASHED; file written to crash- +NullDerefTest: Test unit written to crash- RUN: not LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s -- 2.7.4