diff options
Diffstat (limited to 'llvm/lib/Fuzzer')
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerInternal.h | 1 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerLoop.cpp | 4 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/test/CMakeLists.txt | 1 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/test/TimeoutEmptyTest.cpp | 14 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/test/fuzzer-timeout.test | 5 |
5 files changed, 24 insertions, 1 deletions
diff --git a/llvm/lib/Fuzzer/FuzzerInternal.h b/llvm/lib/Fuzzer/FuzzerInternal.h index f1e7415bb63..c041706092d 100644 --- a/llvm/lib/Fuzzer/FuzzerInternal.h +++ b/llvm/lib/Fuzzer/FuzzerInternal.h @@ -147,6 +147,7 @@ private: uint8_t *CurrentUnitData = nullptr; std::atomic<size_t> CurrentUnitSize; uint8_t BaseSha1[kSHA1NumBytes]; // Checksum of the base unit. + bool RunningCB = false; size_t TotalNumberOfRuns = 0; size_t NumberOfNewUnitsAdded = 0; diff --git a/llvm/lib/Fuzzer/FuzzerLoop.cpp b/llvm/lib/Fuzzer/FuzzerLoop.cpp index 93db6179e3d..f161cc7cda6 100644 --- a/llvm/lib/Fuzzer/FuzzerLoop.cpp +++ b/llvm/lib/Fuzzer/FuzzerLoop.cpp @@ -286,7 +286,7 @@ NO_SANITIZE_MEMORY void Fuzzer::AlarmCallback() { assert(Options.UnitTimeoutSec > 0); if (!InFuzzingThread()) return; - if (!CurrentUnitSize) + if (!RunningCB) return; // We have not started running units yet. size_t Seconds = duration_cast<seconds>(system_clock::now() - UnitStartTime).count(); @@ -532,7 +532,9 @@ void Fuzzer::ExecuteCallback(const uint8_t *Data, size_t Size) { UnitStartTime = system_clock::now(); ResetCounters(); // Reset coverage right before the callback. TPC.ResetMaps(); + RunningCB = true; int Res = CB(DataCopy, Size); + RunningCB = false; UnitStopTime = system_clock::now(); (void)Res; assert(Res == 0); diff --git a/llvm/lib/Fuzzer/test/CMakeLists.txt b/llvm/lib/Fuzzer/test/CMakeLists.txt index 27774b5f39f..65199e9fade 100644 --- a/llvm/lib/Fuzzer/test/CMakeLists.txt +++ b/llvm/lib/Fuzzer/test/CMakeLists.txt @@ -109,6 +109,7 @@ set(Tests ThreadedLeakTest ThreadedTest TimeoutTest + TimeoutEmptyTest TraceMallocTest ) diff --git a/llvm/lib/Fuzzer/test/TimeoutEmptyTest.cpp b/llvm/lib/Fuzzer/test/TimeoutEmptyTest.cpp new file mode 100644 index 00000000000..8066f480b65 --- /dev/null +++ b/llvm/lib/Fuzzer/test/TimeoutEmptyTest.cpp @@ -0,0 +1,14 @@ +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. + +// Simple test for a fuzzer. The fuzzer must find the empty string. +#include <cstdint> +#include <cstddef> + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + static volatile int Zero = 0; + if (!Size) + while(!Zero) + ; + return 0; +} diff --git a/llvm/lib/Fuzzer/test/fuzzer-timeout.test b/llvm/lib/Fuzzer/test/fuzzer-timeout.test index 8e8b713fcd7..beb08671183 100644 --- a/llvm/lib/Fuzzer/test/fuzzer-timeout.test +++ b/llvm/lib/Fuzzer/test/fuzzer-timeout.test @@ -12,3 +12,8 @@ SingleInputTimeoutTest: ALARM: working on the last Unit for {{[1-3]}} seconds SingleInputTimeoutTest-NOT: Test unit written to ./timeout- RUN: LLVMFuzzer-TimeoutTest -timeout=1 -timeout_exitcode=0 + +RUN: not LLVMFuzzer-TimeoutEmptyTest -timeout=1 2>&1 | FileCheck %s --check-prefix=TimeoutEmptyTest +TimeoutEmptyTest: ALARM: working on the last Unit for +TimeoutEmptyTest: == ERROR: libFuzzer: timeout after +TimeoutEmptyTest: SUMMARY: libFuzzer: timeout |
