diff options
| author | Kostya Serebryany <kcc@google.com> | 2016-05-25 00:15:36 +0000 |
|---|---|---|
| committer | Kostya Serebryany <kcc@google.com> | 2016-05-25 00:15:36 +0000 |
| commit | ff2e6badbd89cbc065c84f40504ee51138d43198 (patch) | |
| tree | 8a25615df5cb7544859e812c5c727b031b56a05e /llvm | |
| parent | b910e566049ffd9b1f285b29cd4dfe124aad3a12 (diff) | |
| download | bcm5719-llvm-ff2e6badbd89cbc065c84f40504ee51138d43198.tar.gz bcm5719-llvm-ff2e6badbd89cbc065c84f40504ee51138d43198.zip | |
[libFuzzer] print stats if we crash on empty input
llvm-svn: 270639
Diffstat (limited to 'llvm')
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerLoop.cpp | 7 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/test/CMakeLists.txt | 1 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/test/NullDerefOnEmptyTest.cpp | 19 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/test/fuzzer.test | 3 |
4 files changed, 27 insertions, 3 deletions
diff --git a/llvm/lib/Fuzzer/FuzzerLoop.cpp b/llvm/lib/Fuzzer/FuzzerLoop.cpp index ed8a1fb44de..ccd1c4e11c4 100644 --- a/llvm/lib/Fuzzer/FuzzerLoop.cpp +++ b/llvm/lib/Fuzzer/FuzzerLoop.cpp @@ -177,9 +177,10 @@ void Fuzzer::DumpCurrentUnit(const char *Prefix) { NO_SANITIZE_MEMORY void Fuzzer::DeathCallback() { - if (!CurrentUnitSize) return; - Printf("DEATH:\n"); - DumpCurrentUnit("crash-"); + if (CurrentUnitSize) { + Printf("DEATH:\n"); + DumpCurrentUnit("crash-"); + } PrintFinalStats(); } diff --git a/llvm/lib/Fuzzer/test/CMakeLists.txt b/llvm/lib/Fuzzer/test/CMakeLists.txt index 52ed2f5bbb3..a33f84b6e4a 100644 --- a/llvm/lib/Fuzzer/test/CMakeLists.txt +++ b/llvm/lib/Fuzzer/test/CMakeLists.txt @@ -25,6 +25,7 @@ set(Tests LeakTest LeakTimeoutTest NullDerefTest + NullDerefOnEmptyTest NthRunCrashTest OutOfMemoryTest RepeatedMemcmp diff --git a/llvm/lib/Fuzzer/test/NullDerefOnEmptyTest.cpp b/llvm/lib/Fuzzer/test/NullDerefOnEmptyTest.cpp new file mode 100644 index 00000000000..153710920a5 --- /dev/null +++ b/llvm/lib/Fuzzer/test/NullDerefOnEmptyTest.cpp @@ -0,0 +1,19 @@ +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. + +// Simple test for a fuzzer. The fuzzer must find the empty string. +#include <cstdint> +#include <cstdlib> +#include <cstddef> +#include <iostream> + +static volatile int *Null = 0; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + if (Size == 0) { + std::cout << "Found the target, dereferencing NULL\n"; + *Null = 1; + } + return 0; +} + diff --git a/llvm/lib/Fuzzer/test/fuzzer.test b/llvm/lib/Fuzzer/test/fuzzer.test index bbdcc735115..8c5d148c725 100644 --- a/llvm/lib/Fuzzer/test/fuzzer.test +++ b/llvm/lib/Fuzzer/test/fuzzer.test @@ -20,6 +20,9 @@ LIBFUZZER_OWN_SEGV_HANDLER: == ERROR: libFuzzer: deadly signal LIBFUZZER_OWN_SEGV_HANDLER: SUMMARY: libFuzzer: deadly signal LIBFUZZER_OWN_SEGV_HANDLER: Test unit written to ./crash- +RUN: not LLVMFuzzer-NullDerefOnEmptyTest -print_final_stats=1 2>&1 | FileCheck %s --check-prefix=NULL_DEREF_ON_EMPTY +NULL_DEREF_ON_EMPTY: stat::number_of_executed_units: + #not LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s RUN: not LLVMFuzzer-CounterTest -use_counters=1 -max_len=6 -seed=1 -timeout=15 2>&1 | FileCheck %s |
