[LibFuzzer] test_single_input option to run a single test case.

-test_single_input flag specifies a file name with test data.

Review URL: http://reviews.llvm.org/D13359

Patch by Mike Aizatsky!

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@249096 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/docs/LibFuzzer.rst b/docs/LibFuzzer.rst
index a5114bbf08336519c7a917c1ced696c8112eca34..a9948d893e14ed462f68b36074a410c92c50884e 100644 (file)
--- a/docs/LibFuzzer.rst
+++ b/docs/LibFuzzer.rst
@@ -68,6 +68,7 @@ The most important flags are::
   sync_timeout                         600     Minimum timeout between syncs.
   use_traces                            0       Experimental: use instruction traces
   only_ascii                            0       If 1, generate only ASCII (isprint+isspace) inputs.
+  test_single_input                     ""      Use specified file content as test input. Test will be run only once. Useful for debugging a particular case.
 
 
 For the full list of flags run the fuzzer binary with ``-help=1``.

diff --git a/lib/Fuzzer/FuzzerDriver.cpp b/lib/Fuzzer/FuzzerDriver.cpp
index e79c21e8bdb9698485f13b067ab01203308308c9..9c4406e219c79553d47dda1ea19a2664bab5b370 100644 (file)
--- a/lib/Fuzzer/FuzzerDriver.cpp
+++ b/lib/Fuzzer/FuzzerDriver.cpp
@@ -202,6 +202,12 @@ int ApplyTokens(const Fuzzer &F, const char *InputFilePath) {
   return 0;
 }
 
+int RunOneTest(Fuzzer *F, const char *InputFilePath) {
+  Unit U = FileToVector(InputFilePath);
+  F->ExecuteCallback(U);
+  return 0;
+}
+
 int FuzzerDriver(int argc, char **argv, UserCallback Callback) {
   FuzzerRandomLibc Rand(0);
   SimpleUserSuppliedFuzzer SUSF(&Rand, Callback);
@@ -275,6 +281,9 @@ int FuzzerDriver(const std::vector<std::string> &Args,
   if (Flags.apply_tokens)
     return ApplyTokens(F, Flags.apply_tokens);
 
+  if (Flags.test_single_input)
+    return RunOneTest(&F, Flags.test_single_input);
+
   unsigned Seed = Flags.seed;
   // Initialize Seed.
   if (Seed == 0)

diff --git a/lib/Fuzzer/FuzzerFlags.def b/lib/Fuzzer/FuzzerFlags.def
index 824c9f1b912bf433b8edd94037bb4c65e5cdf42a..3b2a0f5544c5ea823a5d490e3917d3122aaf6c29 100644 (file)
--- a/lib/Fuzzer/FuzzerFlags.def
+++ b/lib/Fuzzer/FuzzerFlags.def
@@ -66,3 +66,4 @@ FUZZER_FLAG_INT(tbm_depth, 5, "Apply at most this number of consecutive"
                                "trace-based-mutations (tbm).")
 FUZZER_FLAG_INT(tbm_width, 5, "Apply at most this number of independent"
                                "trace-based-mutations (tbm)")
+FUZZER_FLAG_STRING(test_single_input, "Use specified file as test input.")
\ No newline at end of file

diff --git a/lib/Fuzzer/FuzzerInternal.h b/lib/Fuzzer/FuzzerInternal.h
index 334800e8275fcddfe08ed6ef0d5c67b31fc267bf..862732eedf7e785ff06a1e818f5c99507a9d6601 100644 (file)
--- a/lib/Fuzzer/FuzzerInternal.h
+++ b/lib/Fuzzer/FuzzerInternal.h
@@ -115,10 +115,10 @@ class Fuzzer {
   static void StaticAlarmCallback();
 
   Unit SubstituteTokens(const Unit &U) const;
+  void ExecuteCallback(const Unit &U);
 
  private:
   void AlarmCallback();
-  void ExecuteCallback(const Unit &U);
   void MutateAndTestOne(Unit *U);
   void ReportNewCoverage(size_t NewCoverage, const Unit &U);
   size_t RunOne(const Unit &U);

diff --git a/lib/Fuzzer/test/fuzzer.test b/lib/Fuzzer/test/fuzzer.test
index 70dbce805542246d3b11775973aae96bf009627b..29bd8071000003f05a9782057a28fbfaafdc7431 100644 (file)
--- a/lib/Fuzzer/test/fuzzer.test
+++ b/lib/Fuzzer/test/fuzzer.test
@@ -1,6 +1,7 @@
 CHECK: BINGO
 
 RUN: LLVMFuzzer-SimpleTest 2>&1 | FileCheck %s
+RUN: LLVMFuzzer-SimpleTest -test_single_input=%S/hi.txt 2>&1 | FileCheck %s 
 
 RUN: not LLVMFuzzer-InfiniteTest -timeout=2 2>&1 | FileCheck %s --check-prefix=InfiniteTest
 InfiniteTest: ALARM: working on the last Unit for

diff --git a/lib/Fuzzer/test/hi.txt b/lib/Fuzzer/test/hi.txt
new file mode 100644 (file)
index 0000000..2f9031f
--- /dev/null
+++ b/lib/Fuzzer/test/hi.txt
@@ -0,0 +1 @@
+Hi!
\ No newline at end of file