Index: llvm/trunk/lib/Fuzzer/FuzzerInternal.h =================================================================== --- llvm/trunk/lib/Fuzzer/FuzzerInternal.h +++ llvm/trunk/lib/Fuzzer/FuzzerInternal.h @@ -147,6 +147,7 @@ uint8_t *CurrentUnitData = nullptr; std::atomic CurrentUnitSize; uint8_t BaseSha1[kSHA1NumBytes]; // Checksum of the base unit. + bool RunningCB = false; size_t TotalNumberOfRuns = 0; size_t NumberOfNewUnitsAdded = 0; Index: llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp +++ llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp @@ -286,7 +286,7 @@ void Fuzzer::AlarmCallback() { assert(Options.UnitTimeoutSec > 0); if (!InFuzzingThread()) return; - if (!CurrentUnitSize) + if (!RunningCB) return; // We have not started running units yet. size_t Seconds = duration_cast(system_clock::now() - UnitStartTime).count(); @@ -532,7 +532,9 @@ UnitStartTime = system_clock::now(); ResetCounters(); // Reset coverage right before the callback. TPC.ResetMaps(); + RunningCB = true; int Res = CB(DataCopy, Size); + RunningCB = false; UnitStopTime = system_clock::now(); (void)Res; assert(Res == 0); Index: llvm/trunk/lib/Fuzzer/test/CMakeLists.txt =================================================================== --- llvm/trunk/lib/Fuzzer/test/CMakeLists.txt +++ llvm/trunk/lib/Fuzzer/test/CMakeLists.txt @@ -109,6 +109,7 @@ ThreadedLeakTest ThreadedTest TimeoutTest + TimeoutEmptyTest TraceMallocTest ) Index: llvm/trunk/lib/Fuzzer/test/TimeoutEmptyTest.cpp =================================================================== --- llvm/trunk/lib/Fuzzer/test/TimeoutEmptyTest.cpp +++ llvm/trunk/lib/Fuzzer/test/TimeoutEmptyTest.cpp @@ -0,0 +1,14 @@ +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. + +// Simple test for a fuzzer. The fuzzer must find the empty string. +#include +#include + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + static volatile int Zero = 0; + if (!Size) + while(!Zero) + ; + return 0; +} Index: llvm/trunk/lib/Fuzzer/test/fuzzer-timeout.test =================================================================== --- llvm/trunk/lib/Fuzzer/test/fuzzer-timeout.test +++ llvm/trunk/lib/Fuzzer/test/fuzzer-timeout.test @@ -12,3 +12,8 @@ SingleInputTimeoutTest-NOT: Test unit written to ./timeout- RUN: LLVMFuzzer-TimeoutTest -timeout=1 -timeout_exitcode=0 + +RUN: not LLVMFuzzer-TimeoutEmptyTest -timeout=1 2>&1 | FileCheck %s --check-prefix=TimeoutEmptyTest +TimeoutEmptyTest: ALARM: working on the last Unit for +TimeoutEmptyTest: == ERROR: libFuzzer: timeout after +TimeoutEmptyTest: SUMMARY: libFuzzer: timeout