This is an archive of the discontinued LLVM Phabricator instance.

[libFuzzer] Diff 16 - Fix bug in detecting timeouts when input string is empty.
ClosedPublic

Authored by mpividori on Dec 5 2016, 4:25 PM.

Details

Summary

I added a new flag RunningCB to know if the Fuzzer's main thread is running the CB function, instead of using (! CurrentUnitSize). (! CurrentUnitSize) doesn't work properly. For example, in FuzzerLoop.cpp, inside ShuffleAndMinimize() function, we execute the callback with an empty string (size=0). Previous implementation failed to detect timeouts in that execution.
Also, I add a regression test for that case.

Diff Detail

Repository
rL LLVM

Event Timeline

mpividori updated this revision to Diff 80343.Dec 5 2016, 4:25 PM
mpividori retitled this revision from to [libFuzzer] Diff 16 - Fix bug in detecting timeouts when input string is empty..
mpividori updated this object.
mpividori added reviewers: kcc, zturner.
mpividori set the repository for this revision to rL LLVM.
mpividori added a subscriber: llvm-commits.
kcc accepted this revision.Dec 5 2016, 6:24 PM
kcc edited edge metadata.

LGTM with a nit

lib/Fuzzer/test/TimeoutEmptyTest.cpp
10

This is fragile and may be optimized away.
Instead do this:

static volatile int zero = 0;
if (!size)
  while(!zero) 
     ;
This revision is now accepted and ready to land.Dec 5 2016, 6:24 PM
mpividori updated this revision to Diff 80372.Dec 5 2016, 7:04 PM
mpividori edited edge metadata.

@kcc, Done. Thanks.

This revision was automatically updated to reflect the committed changes.