Enable libFuzzer's afl_driver to append stderr to a file.

Summary:
[libFuzzer] Enable afl_driver to append stderr to a user specified file.

Append stderr of afl_driver to the file specified by the environmental variable
AFL_DRIVER_STDERR_DUPLICATE_FILENAME if it is set. This lets users see outputs
on crashes without rerunning crashing test cases (which won't work for crashes
that are difficult to reproduce). Before this patch, stderr would only be sent to afl-fuzz
and users would have no way of seeing it.

Reviewers: llvm-commits, aizatsky, kcc, vitalybuka

Subscribers: vitalybuka

Differential Revision: http://reviews.llvm.org/D21194

llvm-svn: 272858

4 files changed, 56 insertions, 0 deletions

diff --git a/llvm/lib/Fuzzer/afl/afl_driver.cpp b/llvm/lib/Fuzzer/afl/afl_driver.cpp
index 63aebab469c..228317ca9e3 100644
--- a/llvm/lib/Fuzzer/afl/afl_driver.cpp
+++ b/llvm/lib/Fuzzer/afl/afl_driver.cpp
@@ -60,6 +60,25 @@ static volatile char suppress_warning1 = AFL_DEFER_FORKSVR[0];
 static const size_t kMaxAflInputSize = 1 << 20;
 static uint8_t AflInputBuf[kMaxAflInputSize];
 
+// If the user asks us to duplicate stderr, then do it.
+static void maybe_duplicate_stderr() {
+  char* stderr_duplicate_filename =
+      getenv("AFL_DRIVER_STDERR_DUPLICATE_FILENAME");
+
+  if (!stderr_duplicate_filename)
+    return;
+
+  FILE* stderr_duplicate_stream =
+      freopen(stderr_duplicate_filename, "a+", stderr);
+
+  if (!stderr_duplicate_stream) {
+    fprintf(stderr,
+            "Failed to duplicate stderr to AFL_DRIVER_STDERR_DUPLICATE_FILENAME"
+            );
+    abort();
+  }
+}
+
 int main(int argc, char **argv) {
   fprintf(stderr, "Running in AFl-fuzz mode\nUsage:\n"
                   "afl-fuzz [afl-flags] %s [N] "
@@ -70,6 +89,8 @@ int main(int argc, char **argv) {
     LLVMFuzzerInitialize(&argc, &argv);
   // Do any other expensive one-time initialization here.
 
+  maybe_duplicate_stderr();
+
   __afl_manual_init();
 
   int N = 1000;
diff --git a/llvm/lib/Fuzzer/test/AFLDriverTest.cpp b/llvm/lib/Fuzzer/test/AFLDriverTest.cpp
new file mode 100644
index 00000000000..9ae18cb6cb9
--- /dev/null
+++ b/llvm/lib/Fuzzer/test/AFLDriverTest.cpp
@@ -0,0 +1,12 @@
+#include <stdint.h>
+#include <stdlib.h>
+
+extern "C" void __afl_manual_init() {}
+
+extern "C" int __afl_persistent_loop(unsigned int) {
+  return 0;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  return 0;
+}
diff --git a/llvm/lib/Fuzzer/test/CMakeLists.txt b/llvm/lib/Fuzzer/test/CMakeLists.txt
index 9f95657b978..c5520b33909 100644
--- a/llvm/lib/Fuzzer/test/CMakeLists.txt
+++ b/llvm/lib/Fuzzer/test/CMakeLists.txt
@@ -110,6 +110,19 @@ foreach(Test ${Tests})
 endforeach()
 
 ###############################################################################
+# AFL Driver test
+###############################################################################
+
+add_executable(AFLDriverTest
+  AFLDriverTest.cpp ../afl/afl_driver.cpp)
+
+set_target_properties(AFLDriverTest
+    PROPERTIES RUNTIME_OUTPUT_DIRECTORY
+    "${CMAKE_BINARY_DIR}/lib/Fuzzer/test"
+    )
+set(TestBinaries ${TestBinaries} AFLDriverTest)
+
+###############################################################################
 # Unit tests
 ###############################################################################
 
diff --git a/llvm/lib/Fuzzer/test/afl-driver.test b/llvm/lib/Fuzzer/test/afl-driver.test
new file mode 100644
index 00000000000..6cff8e34ec3
--- /dev/null
+++ b/llvm/lib/Fuzzer/test/afl-driver.test
@@ -0,0 +1,10 @@
+; Test that not specifying a file isn't broken.
+RUN: unset AFL_DRIVER_STDERR_DUPLICATE_FILENAME
+RUN: AFLDriverTest
+
+; Test that specifying an invalid file causes a crash.
+RUN: AFL_DRIVER_STDERR_DUPLICATE_FILENAME="%T" not --crash AFLDriverTest
+
+; Test that a file is created when specified as the duplicate stderr.
+RUN: AFL_DRIVER_STDERR_DUPLICATE_FILENAME=%t AFLDriverTest
+RUN: stat %t