[libFuzzer] add -abort_on_timeout option

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@258631 91177308-0d34-0410-b5e6-96231b3b80d8
yuyichao · Jan 23, 2016 · d75ddaf · d75ddaf
1 parent 88a1903
commit d75ddaf
Show file tree

Hide file tree

Showing 6 changed files with 7 additions and 0 deletions.
diff --git a/docs/LibFuzzer.rst b/docs/LibFuzzer.rst
@@ -61,6 +61,7 @@ The most important flags are::
   cross_over                         	1	If 1, cross over inputs.
   mutate_depth                       	5	Apply this number of consecutive mutations to each input.
   timeout                            	1200	Timeout in seconds (if positive). If one unit runs more than this number of seconds the process will abort.
+  abort_on_timeout                      0       If positive, call abort on timeout.
   max_total_time                        0       If positive, indicates the maximal total time in seconds to run the fuzzer.
   help                               	0	Print help.
   merge                                 0       If 1, the 2-nd, 3-rd, etc corpora will be merged into the 1-st corpus. Only interesting units will be taken.

diff --git a/lib/Fuzzer/FuzzerDriver.cpp b/lib/Fuzzer/FuzzerDriver.cpp
@@ -268,6 +268,7 @@ int FuzzerDriver(const std::vector<std::string> &Args,
   Options.Verbosity = Flags.verbosity;
   Options.MaxLen = Flags.max_len;
   Options.UnitTimeoutSec = Flags.timeout;
+  Options.AbortOnTimeout = Flags.abort_on_timeout;
   Options.MaxTotalTimeSec = Flags.max_total_time;
   Options.DoCrossOver = Flags.cross_over;
   Options.MutateDepth = Flags.mutate_depth;

diff --git a/lib/Fuzzer/FuzzerFlags.def b/lib/Fuzzer/FuzzerFlags.def
@@ -29,6 +29,7 @@ FUZZER_FLAG_INT(
     timeout, 1200,
     "Timeout in seconds (if positive). "
     "If one unit runs more than this number of seconds the process will abort.")
+FUZZER_FLAG_INT(abort_on_timeout, 0, "If positive, call abort on timeout.")
 FUZZER_FLAG_INT(max_total_time, 0, "If positive, indicates the maximal total "
                                    "time in seconds to run the fuzzer.")
 FUZZER_FLAG_INT(help, 0, "Print help.")

diff --git a/lib/Fuzzer/FuzzerInternal.h b/lib/Fuzzer/FuzzerInternal.h
@@ -174,6 +174,7 @@ class Fuzzer {
     int Verbosity = 1;
     int MaxLen = 0;
     int UnitTimeoutSec = 300;
+    bool AbortOnTimeout = false;
     int MaxTotalTimeSec = 0;
     bool DoCrossOver = true;
     int MutateDepth = 5;

diff --git a/lib/Fuzzer/FuzzerLoop.cpp b/lib/Fuzzer/FuzzerLoop.cpp
@@ -112,6 +112,8 @@ void Fuzzer::AlarmCallback() {
     if (__sanitizer_print_stack_trace)
       __sanitizer_print_stack_trace();
     Printf("SUMMARY: libFuzzer: timeout\n");
+    if (Options.AbortOnTimeout)
+      abort();
     exit(1);
   }
 }

diff --git a/lib/Fuzzer/test/fuzzer-timeout.test b/lib/Fuzzer/test/fuzzer-timeout.test
@@ -11,3 +11,4 @@ RUN: not LLVMFuzzer-TimeoutTest -timeout=1 -test_single_input=%S/hi.txt 2>&1 | F
 SingleInputTimeoutTest: ALARM: working on the last Unit for
 SingleInputTimeoutTest-NOT: Test unit written to ./timeout-
 
+RUN: not --crash LLVMFuzzer-TimeoutTest -timeout=1 -abort_on_timeout=1
Original file line number	Diff line number	Diff line change
Expand Up		@@ -11,3 +11,4 @@ RUN: not LLVMFuzzer-TimeoutTest -timeout=1 -test_single_input=%S/hi.txt 2>&1 \| F
		SingleInputTimeoutTest: ALARM: working on the last Unit for
		SingleInputTimeoutTest-NOT: Test unit written to ./timeout-

		RUN: not --crash LLVMFuzzer-TimeoutTest -timeout=1 -abort_on_timeout=1