From 22d6013f1339d2b49b8a1dd1a3e035163489aaa9 Mon Sep 17 00:00:00 2001 From: Kostya Serebryany Date: Fri, 9 Oct 2015 03:57:59 +0000 Subject: [PATCH] [libFuzzer] add -artifact_prefix flag git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@249807 91177308-0d34-0410-b5e6-96231b3b80d8 --- docs/LibFuzzer.rst | 2 +- lib/Fuzzer/FuzzerDriver.cpp | 2 ++ lib/Fuzzer/FuzzerFlags.def | 3 +++ lib/Fuzzer/FuzzerInternal.h | 1 + lib/Fuzzer/FuzzerLoop.cpp | 5 +++-- lib/Fuzzer/test/fuzzer.test | 8 +++++--- 6 files changed, 15 insertions(+), 6 deletions(-) diff --git a/docs/LibFuzzer.rst b/docs/LibFuzzer.rst index 0c90a1d5429..6f86db4c0a8 100644 --- a/docs/LibFuzzer.rst +++ b/docs/LibFuzzer.rst @@ -71,7 +71,7 @@ The most important flags are:: use_traces 0 Experimental: use instruction traces only_ascii 0 If 1, generate only ASCII (isprint+isspace) inputs. test_single_input "" Use specified file content as test input. Test will be run only once. Useful for debugging a particular case. - + artifact_prefix "" Write fuzzing artifacts (crash, timeout, or slow inputs) as $(artifact_prefix)file For the full list of flags run the fuzzer binary with ``-help=1``. diff --git a/lib/Fuzzer/FuzzerDriver.cpp b/lib/Fuzzer/FuzzerDriver.cpp index fe14cbff014..b5cf231e0f2 100644 --- a/lib/Fuzzer/FuzzerDriver.cpp +++ b/lib/Fuzzer/FuzzerDriver.cpp @@ -270,6 +270,8 @@ int FuzzerDriver(const std::vector &Args, Options.SyncCommand = Flags.sync_command; Options.SyncTimeout = Flags.sync_timeout; Options.ReportSlowUnits = Flags.report_slow_units; + if (Flags.artifact_prefix) + Options.ArtifactPrefix = Flags.artifact_prefix; if (Flags.dict) if (!ParseDictionaryFile(FileToString(Flags.dict), &Options.Dictionary)) return 1; diff --git a/lib/Fuzzer/FuzzerFlags.def b/lib/Fuzzer/FuzzerFlags.def index daf0882ce6f..b50d6d4ad03 100644 --- a/lib/Fuzzer/FuzzerFlags.def +++ b/lib/Fuzzer/FuzzerFlags.def @@ -65,3 +65,6 @@ FUZZER_FLAG_INT(tbm_depth, 5, "Apply at most this number of consecutive" FUZZER_FLAG_INT(tbm_width, 5, "Apply at most this number of independent" "trace-based-mutations (tbm)") FUZZER_FLAG_STRING(test_single_input, "Use specified file as test input.") +FUZZER_FLAG_STRING(artifact_prefix, "Write fuzzing artifacts (crash, " + "timeout, or slow inputs) as " + "$(artifact_prefix)file") diff --git a/lib/Fuzzer/FuzzerInternal.h b/lib/Fuzzer/FuzzerInternal.h index 3049167c62b..500989072c3 100644 --- a/lib/Fuzzer/FuzzerInternal.h +++ b/lib/Fuzzer/FuzzerInternal.h @@ -90,6 +90,7 @@ class Fuzzer { int TBMWidth = 10; std::string OutputCorpus; std::string SyncCommand; + std::string ArtifactPrefix = "./"; std::vector Tokens; std::vector Dictionary; }; diff --git a/lib/Fuzzer/FuzzerLoop.cpp b/lib/Fuzzer/FuzzerLoop.cpp index bfeed1ab21e..76f65deb249 100644 --- a/lib/Fuzzer/FuzzerLoop.cpp +++ b/lib/Fuzzer/FuzzerLoop.cpp @@ -236,9 +236,10 @@ void Fuzzer::WriteToOutputCorpus(const Unit &U) { } void Fuzzer::WriteUnitToFileWithPrefix(const Unit &U, const char *Prefix) { - std::string Path = Prefix + Hash(U); + std::string Path = Options.ArtifactPrefix + Prefix + Hash(U); WriteToFile(U, Path); - Printf("Test unit written to %s\n", Path.c_str()); + Printf("artifact_prefix='%s'; Test unit written to %s\n", + Options.ArtifactPrefix.c_str(), Path.c_str()); if (U.size() <= kMaxUnitSizeToPrint) { Printf("Base64: "); PrintFileAsBase64(Path); diff --git a/lib/Fuzzer/test/fuzzer.test b/lib/Fuzzer/test/fuzzer.test index 9bd3c71d3df..f3794dc3d38 100644 --- a/lib/Fuzzer/test/fuzzer.test +++ b/lib/Fuzzer/test/fuzzer.test @@ -5,17 +5,19 @@ RUN: LLVMFuzzer-SimpleTest -test_single_input=%S/hi.txt 2>&1 | FileCheck %s RUN: not LLVMFuzzer-InfiniteTest -timeout=2 2>&1 | FileCheck %s --check-prefix=InfiniteTest InfiniteTest: ALARM: working on the last Unit for -InfiniteTest: Test unit written to timeout- +InfiniteTest: Test unit written to ./timeout- RUN: LLVMFuzzer-SimpleCmpTest -max_total_time=1 2>&1 | FileCheck %s --check-prefix=MaxTotalTime MaxTotalTime: Done {{.*}} runs in {{.}} second(s) RUN: not LLVMFuzzer-TimeoutTest -timeout=5 2>&1 | FileCheck %s --check-prefix=TimeoutTest TimeoutTest: ALARM: working on the last Unit for -TimeoutTest: Test unit written to timeout- +TimeoutTest: Test unit written to ./timeout- RUN: not LLVMFuzzer-NullDerefTest 2>&1 | FileCheck %s --check-prefix=NullDerefTest -NullDerefTest: Test unit written to crash- +NullDerefTest: Test unit written to ./crash- +RUN: not LLVMFuzzer-NullDerefTest -artifact_prefix=ZZZ 2>&1 | FileCheck %s --check-prefix=NullDerefTestPrefix +NullDerefTestPrefix: Test unit written to ZZZcrash- #not LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s -- 2.34.1