[libFuzzer] move the implementation of the fork mode into a separate file

llvm-svn: 353891
author: Kostya Serebryany <kcc@google.com> 2019-02-12 22:48:55 +0000
committer: Kostya Serebryany <kcc@google.com> 2019-02-12 22:48:55 +0000
commit: 5c08e811dec021ac054499907ae2a727c0d8f9ec (patch)
tree: bb97315d29ca4cb5e0dc1d58d5730f0aa9373cea /compiler-rt/lib/fuzzer/FuzzerDriver.cpp
parent: 27aa8b62d3937d9537c6cd296ae703c173682cf1 (diff)
download: bcm5719-llvm-5c08e811dec021ac054499907ae2a727c0d8f9ec.tar.gz
bcm5719-llvm-5c08e811dec021ac054499907ae2a727c0d8f9ec.zip
1 files changed, 3 insertions, 92 deletions
diff --git a/compiler-rt/lib/fuzzer/FuzzerDriver.cpp b/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
index dc67512b686..00dae3fdac7 100644
--- a/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
+++ b/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
@@ -10,13 +10,14 @@
 
 #include "FuzzerCommand.h"
 #include "FuzzerCorpus.h"
+#include "FuzzerFork.h"
 #include "FuzzerIO.h"
 #include "FuzzerInterface.h"
 #include "FuzzerInternal.h"
+#include "FuzzerMerge.h"
 #include "FuzzerMutate.h"
 #include "FuzzerRandom.h"
 #include "FuzzerTracePC.h"
-#include "FuzzerMerge.h"
 #include <algorithm>
 #include <atomic>
 #include <chrono>
@@ -306,11 +307,6 @@ static std::string GetDedupTokenFromFile(const std::string &Path) {
   return S.substr(Beg, End - Beg);
 }
 
-static std::string TempPath(const char *Extension) {
-  return DirPlusFile(TmpDir(),
-                     "libFuzzerTemp." + std::to_string(GetPid()) + Extension);
-}
-
 int CleanseCrashInput(const Vector<std::string> &Args,
                        const FuzzingOptions &Options) {
   if (Inputs->size() != 1 || !Flags.exact_artifact_path) {
@@ -471,91 +467,6 @@ int MinimizeCrashInputInternalStep(Fuzzer *F, InputCorpus *Corpus) {
   return 0;
 }
 
-// This is just a skeleton of an experimental -fork=1 feature.
-void FuzzWithFork(Fuzzer *F, const FuzzingOptions &Options,
-                  const Vector<std::string> &Args,
-                  const Vector<std::string> &Corpora) {
-  Printf("INFO: -fork=1: doing fuzzing in a separate process in order to "
-         "be more resistant to crashes, timeouts, and OOMs\n");
-  auto Rand = F->GetMD().GetRand();
-
-  Vector<SizedFile> Corpus;
-  for (auto &Dir : Corpora)
-    GetSizedFilesFromDir(Dir, &Corpus);
-  std::sort(Corpus.begin(), Corpus.end());
-  auto CFPath = TempPath(".fork");
-  auto LogPath = TempPath(".log");
-
-  Vector<std::string> Files;
-  Set<uint32_t> Features;
-  if (!Corpus.empty()) {
-    CrashResistantMerge(Args, {}, Corpus, &Files, {}, &Features, CFPath, false);
-    RemoveFile(CFPath);
-  }
-  auto TempDir = TempPath("Dir");
-  MkDir(TempDir);
-  Printf("INFO: -fork=1: %zd seeds, starting to fuzz; scratch: %s\n",
-         Files.size(), TempDir.c_str());
-
-  Command BaseCmd(Args);
-  BaseCmd.removeFlag("fork");
-  for (auto &C : Corpora) // Remove all corpora from the args.
-    BaseCmd.removeArgument(C);
-  if (!BaseCmd.hasFlag("max_total_time"))
-    BaseCmd.addFlag("max_total_time", "60");
-  BaseCmd.addArgument(TempDir);
-  int ExitCode = 0;
-  for (size_t i = 0; i < 1000000; i++) {
-    // TODO: take new files from disk e.g. those generated by another process.
-    Command Cmd(BaseCmd);
-    if (Files.size() >= 2)
-      Cmd.addFlag("seed_inputs",
-                  Files[Rand.SkewTowardsLast(Files.size())] + "," +
-                      Files[Rand.SkewTowardsLast(Files.size())]);
-    Cmd.setOutputFile(LogPath);
-    Cmd.combineOutAndErr();
-    RmFilesInDir(TempDir);
-    ExitCode = ExecuteCommand(Cmd);
-    // Printf("done [%d] %s\n", ExitCode, Cmd.toString().c_str());
-    if (ExitCode == Options.InterruptExitCode)
-      break;
-    Vector<SizedFile> TempFiles;
-    Vector<std::string>FilesToAdd;
-    Set<uint32_t> NewFeatures;
-    GetSizedFilesFromDir(TempDir, &TempFiles);
-    CrashResistantMerge(Args, {}, TempFiles, &FilesToAdd, Features,
-                        &NewFeatures, CFPath, false);
-    RemoveFile(CFPath);
-    for (auto &Path : FilesToAdd) {
-      auto NewPath = F->WriteToOutputCorpus(FileToVector(Path, Options.MaxLen));
-      if (!NewPath.empty())
-        Files.push_back(NewPath);
-    }
-    Features.insert(NewFeatures.begin(), NewFeatures.end());
-    Printf("INFO: temp_files: %zd files_added: %zd newft: %zd ft: %zd\n",
-           TempFiles.size(), FilesToAdd.size(), NewFeatures.size(),
-           Features.size());
-    // Continue if our crash is one of the ignorred ones.
-    if (Options.IgnoreTimeouts && ExitCode == Options.TimeoutExitCode)
-      continue;
-    if (Options.IgnoreOOMs && ExitCode == Options.OOMExitCode)
-      continue;
-    // And exit if we don't ignore this crash.
-    if (ExitCode != 0) {
-      Printf("INFO: log from the inner process:\n%s",
-             FileToString(LogPath).c_str());
-      break;
-    }
-  }
-
-  RmFilesInDir(TempDir);
-  RmDir(TempDir);
-
-  // Use the exit code from the last child process.
-  Printf("Fork: exiting: %d\n", ExitCode);
-  exit(ExitCode);
-}
-
 void Merge(Fuzzer *F, FuzzingOptions &Options, const Vector<std::string> &Args,
            const Vector<std::string> &Corpora, const char *CFPathOrNull) {
   if (Corpora.size() < 2) {
@@ -814,7 +725,7 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {
   }
 
   if (Flags.fork)
-    FuzzWithFork(F, Options, Args, *Inputs);
+    FuzzWithFork(F->GetMD().GetRand(), Options, Args, *Inputs);
 
   if (Flags.merge)
     Merge(F, Options, Args, *Inputs, Flags.merge_control_file);
author	Kostya Serebryany <kcc@google.com>	2019-02-12 22:48:55 +0000
committer	Kostya Serebryany <kcc@google.com>	2019-02-12 22:48:55 +0000
commit	5c08e811dec021ac054499907ae2a727c0d8f9ec (patch)
tree	bb97315d29ca4cb5e0dc1d58d5730f0aa9373cea /compiler-rt/lib/fuzzer/FuzzerDriver.cpp
parent	27aa8b62d3937d9537c6cd296ae703c173682cf1 (diff)
download	bcm5719-llvm-5c08e811dec021ac054499907ae2a727c0d8f9ec.tar.gz bcm5719-llvm-5c08e811dec021ac054499907ae2a727c0d8f9ec.zip