diff options
| author | Kostya Serebryany <kcc@google.com> | 2016-09-10 00:15:41 +0000 |
|---|---|---|
| committer | Kostya Serebryany <kcc@google.com> | 2016-09-10 00:15:41 +0000 |
| commit | b991cc1f0e6b7a5d2c4ab76f8140b32108550f5c (patch) | |
| tree | fde2000e40f9fe653ee719650f5caa9c1e25382d /llvm | |
| parent | fcdb1af655a80b4f1b4f17929235613216ebaaf5 (diff) | |
| download | bcm5719-llvm-b991cc1f0e6b7a5d2c4ab76f8140b32108550f5c.tar.gz bcm5719-llvm-b991cc1f0e6b7a5d2c4ab76f8140b32108550f5c.zip | |
[libFuzzer] print a visible message if merge fails due to a crash
llvm-svn: 281122
Diffstat (limited to 'llvm')
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerInternal.h | 2 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerLoop.cpp | 16 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/test/merge.test | 6 |
3 files changed, 24 insertions, 0 deletions
diff --git a/llvm/lib/Fuzzer/FuzzerInternal.h b/llvm/lib/Fuzzer/FuzzerInternal.h index 06e20057245..6188cb57356 100644 --- a/llvm/lib/Fuzzer/FuzzerInternal.h +++ b/llvm/lib/Fuzzer/FuzzerInternal.h @@ -521,6 +521,8 @@ private: // Need to know our own thread. static thread_local bool IsMyThread; + + bool InMergeMode = false; }; // Global interface to functions that may or may not be available. diff --git a/llvm/lib/Fuzzer/FuzzerLoop.cpp b/llvm/lib/Fuzzer/FuzzerLoop.cpp index 017ea03eaf7..c71d3022784 100644 --- a/llvm/lib/Fuzzer/FuzzerLoop.cpp +++ b/llvm/lib/Fuzzer/FuzzerLoop.cpp @@ -188,7 +188,22 @@ void Fuzzer::StaticDeathCallback() { F->DeathCallback(); } +static void WarnOnUnsuccessfullMerge(bool DoWarn) { + Printf( + "***\n" + "***\n" + "***\n" + "*** NOTE: merge did not succeed due to a failure on one of the inputs.\n" + "*** You will need to filter out crashes from the corpus, e.g. like this:\n" + "*** for f in WITH_CRASHES/*; do ./fuzzer $f && cp $f NO_CRASHES; done\n" + "*** Future versions may have crash-resistant merge, stay tuned.\n" + "***\n" + "***\n" + "***\n"); +} + void Fuzzer::DumpCurrentUnit(const char *Prefix) { + WarnOnUnsuccessfullMerge(InMergeMode); if (!CurrentUnitData) return; // Happens when running individual inputs. MD.PrintMutationSequence(); Printf("; base unit: %s\n", Sha1ToString(BaseSha1).c_str()); @@ -612,6 +627,7 @@ void Fuzzer::Merge(const std::vector<std::string> &Corpora) { Printf("Merge requires two or more corpus dirs\n"); return; } + InMergeMode = true; std::vector<std::string> ExtraCorpora(Corpora.begin() + 1, Corpora.end()); assert(Options.MaxLen > 0); diff --git a/llvm/lib/Fuzzer/test/merge.test b/llvm/lib/Fuzzer/test/merge.test index 6f19e21d132..b3dcc799457 100644 --- a/llvm/lib/Fuzzer/test/merge.test +++ b/llvm/lib/Fuzzer/test/merge.test @@ -28,3 +28,9 @@ CHECK2: === Merge: written 3 units RUN: LLVMFuzzer-FullCoverageSetTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=CHECK3 CHECK3: === Minimizing the initial corpus of 6 units CHECK3: === Merge: written 0 units + + +# Check that when merge fails we print an error message. +RUN: echo 'Hi!' > %tmp/T1/HiI +RUN: not LLVMFuzzer-NullDerefTest -merge=1 %tmp/T1 %tmp/T2 2>&1 | FileCheck %s --check-prefix=MERGE_FAIL +MERGE_FAIL: NOTE: merge did not succeed due to a failure on one of the inputs. |
