diff options
| -rw-r--r-- | llvm/docs/LibFuzzer.rst | 1 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerDriver.cpp | 1 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerFlags.def | 1 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerInternal.h | 1 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerLoop.cpp | 2 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/test/fuzzer-timeout.test | 1 |
6 files changed, 7 insertions, 0 deletions
diff --git a/llvm/docs/LibFuzzer.rst b/llvm/docs/LibFuzzer.rst index 8f4163bd895..7a8d090241c 100644 --- a/llvm/docs/LibFuzzer.rst +++ b/llvm/docs/LibFuzzer.rst @@ -61,6 +61,7 @@ The most important flags are:: cross_over 1 If 1, cross over inputs. mutate_depth 5 Apply this number of consecutive mutations to each input. timeout 1200 Timeout in seconds (if positive). If one unit runs more than this number of seconds the process will abort. + abort_on_timeout 0 If positive, call abort on timeout. max_total_time 0 If positive, indicates the maximal total time in seconds to run the fuzzer. help 0 Print help. merge 0 If 1, the 2-nd, 3-rd, etc corpora will be merged into the 1-st corpus. Only interesting units will be taken. diff --git a/llvm/lib/Fuzzer/FuzzerDriver.cpp b/llvm/lib/Fuzzer/FuzzerDriver.cpp index 33bdcfb7320..d117681ba93 100644 --- a/llvm/lib/Fuzzer/FuzzerDriver.cpp +++ b/llvm/lib/Fuzzer/FuzzerDriver.cpp @@ -268,6 +268,7 @@ int FuzzerDriver(const std::vector<std::string> &Args, Options.Verbosity = Flags.verbosity; Options.MaxLen = Flags.max_len; Options.UnitTimeoutSec = Flags.timeout; + Options.AbortOnTimeout = Flags.abort_on_timeout; Options.MaxTotalTimeSec = Flags.max_total_time; Options.DoCrossOver = Flags.cross_over; Options.MutateDepth = Flags.mutate_depth; diff --git a/llvm/lib/Fuzzer/FuzzerFlags.def b/llvm/lib/Fuzzer/FuzzerFlags.def index a36b6ba50bc..7f8d705a0d9 100644 --- a/llvm/lib/Fuzzer/FuzzerFlags.def +++ b/llvm/lib/Fuzzer/FuzzerFlags.def @@ -29,6 +29,7 @@ FUZZER_FLAG_INT( timeout, 1200, "Timeout in seconds (if positive). " "If one unit runs more than this number of seconds the process will abort.") +FUZZER_FLAG_INT(abort_on_timeout, 0, "If positive, call abort on timeout.") FUZZER_FLAG_INT(max_total_time, 0, "If positive, indicates the maximal total " "time in seconds to run the fuzzer.") FUZZER_FLAG_INT(help, 0, "Print help.") diff --git a/llvm/lib/Fuzzer/FuzzerInternal.h b/llvm/lib/Fuzzer/FuzzerInternal.h index 53b6cef4d91..b2a62dd7932 100644 --- a/llvm/lib/Fuzzer/FuzzerInternal.h +++ b/llvm/lib/Fuzzer/FuzzerInternal.h @@ -174,6 +174,7 @@ public: int Verbosity = 1; int MaxLen = 0; int UnitTimeoutSec = 300; + bool AbortOnTimeout = false; int MaxTotalTimeSec = 0; bool DoCrossOver = true; int MutateDepth = 5; diff --git a/llvm/lib/Fuzzer/FuzzerLoop.cpp b/llvm/lib/Fuzzer/FuzzerLoop.cpp index a84c2348b53..b39860ceec6 100644 --- a/llvm/lib/Fuzzer/FuzzerLoop.cpp +++ b/llvm/lib/Fuzzer/FuzzerLoop.cpp @@ -112,6 +112,8 @@ void Fuzzer::AlarmCallback() { if (__sanitizer_print_stack_trace) __sanitizer_print_stack_trace(); Printf("SUMMARY: libFuzzer: timeout\n"); + if (Options.AbortOnTimeout) + abort(); exit(1); } } diff --git a/llvm/lib/Fuzzer/test/fuzzer-timeout.test b/llvm/lib/Fuzzer/test/fuzzer-timeout.test index c3a9e8a3a9e..51d48e98e5c 100644 --- a/llvm/lib/Fuzzer/test/fuzzer-timeout.test +++ b/llvm/lib/Fuzzer/test/fuzzer-timeout.test @@ -11,3 +11,4 @@ RUN: not LLVMFuzzer-TimeoutTest -timeout=1 -test_single_input=%S/hi.txt 2>&1 | F SingleInputTimeoutTest: ALARM: working on the last Unit for SingleInputTimeoutTest-NOT: Test unit written to ./timeout- +RUN: not --crash LLVMFuzzer-TimeoutTest -timeout=1 -abort_on_timeout=1 |
