[libFuzzer] add -artifact_prefix flag

author Kostya Serebryany <kcc@google.com>

Fri, 9 Oct 2015 03:57:59 +0000 (03:57 +0000)

committer Kostya Serebryany <kcc@google.com>

Fri, 9 Oct 2015 03:57:59 +0000 (03:57 +0000)
author Kostya Serebryany <kcc@google.com>
Fri, 9 Oct 2015 03:57:59 +0000 (03:57 +0000)
committer Kostya Serebryany <kcc@google.com>
Fri, 9 Oct 2015 03:57:59 +0000 (03:57 +0000)
diff --git a/docs/LibFuzzer.rst b/docs/LibFuzzer.rst

index 0c90a1d..6f86db4 100644 (file)
--- a/docs/LibFuzzer.rst
+++ b/docs/LibFuzzer.rst
@@ -71,7 +71,7 @@ The most important flags are::
    use_traces                            0       Experimental: use instruction traces
    only_ascii                            0       If 1, generate only ASCII (isprint+isspace) inputs.
    test_single_input                     ""      Use specified file content as test input. Test will be run only once. Useful for debugging a particular case.
-
+  artifact_prefix                       ""      Write fuzzing artifacts (crash, timeout, or slow inputs) as $(artifact_prefix)file
  
  For the full list of flags run the fuzzer binary with ``-help=1``.
  
diff --git a/lib/Fuzzer/FuzzerDriver.cpp b/lib/Fuzzer/FuzzerDriver.cpp

index fe14cbf..b5cf231 100644 (file)
--- a/lib/Fuzzer/FuzzerDriver.cpp
+++ b/lib/Fuzzer/FuzzerDriver.cpp
@@ -270,6 +270,8 @@ int FuzzerDriver(const std::vector<std::string> &Args,
      Options.SyncCommand = Flags.sync_command;
    Options.SyncTimeout = Flags.sync_timeout;
    Options.ReportSlowUnits = Flags.report_slow_units;
+  if (Flags.artifact_prefix)
+    Options.ArtifactPrefix = Flags.artifact_prefix;
    if (Flags.dict)
      if (!ParseDictionaryFile(FileToString(Flags.dict), &Options.Dictionary))
        return 1;
diff --git a/lib/Fuzzer/FuzzerFlags.def b/lib/Fuzzer/FuzzerFlags.def

index daf0882..b50d6d4 100644 (file)
--- a/lib/Fuzzer/FuzzerFlags.def
+++ b/lib/Fuzzer/FuzzerFlags.def
@@ -65,3 +65,6 @@ FUZZER_FLAG_INT(tbm_depth, 5, "Apply at most this number of consecutive"
  FUZZER_FLAG_INT(tbm_width, 5, "Apply at most this number of independent"
                                 "trace-based-mutations (tbm)")
  FUZZER_FLAG_STRING(test_single_input, "Use specified file as test input.")
+FUZZER_FLAG_STRING(artifact_prefix, "Write fuzzing artifacts (crash, "
+                                    "timeout, or slow inputs) as "
+                                    "$(artifact_prefix)file")
diff --git a/lib/Fuzzer/FuzzerInternal.h b/lib/Fuzzer/FuzzerInternal.h

index 3049167..5009890 100644 (file)
--- a/lib/Fuzzer/FuzzerInternal.h
+++ b/lib/Fuzzer/FuzzerInternal.h
@@ -90,6 +90,7 @@ class Fuzzer {
      int TBMWidth = 10;
      std::string OutputCorpus;
      std::string SyncCommand;
+    std::string ArtifactPrefix = "./";
      std::vector<std::string> Tokens;
      std::vector<Unit> Dictionary;
    };
diff --git a/lib/Fuzzer/FuzzerLoop.cpp b/lib/Fuzzer/FuzzerLoop.cpp

index bfeed1a..76f65de 100644 (file)
--- a/lib/Fuzzer/FuzzerLoop.cpp
+++ b/lib/Fuzzer/FuzzerLoop.cpp
@@ -236,9 +236,10 @@ void Fuzzer::WriteToOutputCorpus(const Unit &U) {
  }
  
  void Fuzzer::WriteUnitToFileWithPrefix(const Unit &U, const char *Prefix) {
-  std::string Path = Prefix + Hash(U);
+  std::string Path = Options.ArtifactPrefix + Prefix + Hash(U);
    WriteToFile(U, Path);
-  Printf("Test unit written to %s\n", Path.c_str());
+  Printf("artifact_prefix='%s'; Test unit written to %s\n",
+         Options.ArtifactPrefix.c_str(), Path.c_str());
    if (U.size() <= kMaxUnitSizeToPrint) {
      Printf("Base64: ");
      PrintFileAsBase64(Path);
diff --git a/lib/Fuzzer/test/fuzzer.test b/lib/Fuzzer/test/fuzzer.test

index 9bd3c71..f3794dc 100644 (file)
--- a/lib/Fuzzer/test/fuzzer.test
+++ b/lib/Fuzzer/test/fuzzer.test
@@ -5,17 +5,19 @@ RUN: LLVMFuzzer-SimpleTest -test_single_input=%S/hi.txt 2>&1 | FileCheck %s
  
  RUN: not LLVMFuzzer-InfiniteTest -timeout=2 2>&1 | FileCheck %s --check-prefix=InfiniteTest
  InfiniteTest: ALARM: working on the last Unit for
-InfiniteTest: Test unit written to timeout-
+InfiniteTest: Test unit written to ./timeout-
  
  RUN: LLVMFuzzer-SimpleCmpTest -max_total_time=1 2>&1 | FileCheck %s --check-prefix=MaxTotalTime
  MaxTotalTime: Done {{.*}} runs in {{.}} second(s)
  
  RUN: not LLVMFuzzer-TimeoutTest -timeout=5 2>&1 | FileCheck %s --check-prefix=TimeoutTest
  TimeoutTest: ALARM: working on the last Unit for
-TimeoutTest: Test unit written to timeout-
+TimeoutTest: Test unit written to ./timeout-
  
  RUN: not LLVMFuzzer-NullDerefTest 2>&1 | FileCheck %s --check-prefix=NullDerefTest
-NullDerefTest: Test unit written to crash-
+NullDerefTest: Test unit written to ./crash-
+RUN: not LLVMFuzzer-NullDerefTest  -artifact_prefix=ZZZ 2>&1 | FileCheck %s --check-prefix=NullDerefTestPrefix
+NullDerefTestPrefix: Test unit written to ZZZcrash-
  
  #not LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s
author	Kostya Serebryany <kcc@google.com>
	Fri, 9 Oct 2015 03:57:59 +0000 (03:57 +0000)
committer	Kostya Serebryany <kcc@google.com>
	Fri, 9 Oct 2015 03:57:59 +0000 (03:57 +0000)
docs/LibFuzzer.rst		patch \| blob \| history
lib/Fuzzer/FuzzerDriver.cpp		patch \| blob \| history
lib/Fuzzer/FuzzerFlags.def		patch \| blob \| history
lib/Fuzzer/FuzzerInternal.h		patch \| blob \| history
lib/Fuzzer/FuzzerLoop.cpp		patch \| blob \| history
lib/Fuzzer/test/fuzzer.test		patch \| blob \| history