This is an archive of the discontinued LLVM Phabricator instance.

Differential D60334

Summary: Add close_fd_mask functionality to AFL driver.
ClosedPublic

Authored by metzman on Apr 5 2019, 12:31 PM.

Details

Reviewers
kcc
vitalybuka
morehouse
Commits
rG139e216e6610: Summary: Add close_fd_mask functionality to AFL driver.
rL358703: Summary:
rCRT358703: Summary:
Summary

Add support for env var AFL_DRIVER_CLOSE_FD_MASK which behaves
the same as libFuzzer's -close_fd_mask=1.

Also add tests.

Diff Detail

Event Timeline

metzman created this revision.Apr 5 2019, 12:31 PM
Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptApr 5 2019, 12:31 PM
Herald added subscribers: llvm-commits, Restricted Project. · View Herald Transcript
Harbormaster completed remote builds in B30117: Diff 193940.Apr 5 2019, 12:34 PM
Herald added a subscriber: ormris. · View Herald TranscriptApr 5 2019, 12:34 PM
kcc added a reviewer: morehouse.Apr 5 2019, 12:36 PM
metzman updated this revision to Diff 193942.Apr 5 2019, 12:37 PM
  • organize and improve comments

Updating D60334: Summary:

Add close_fd_mask functionality to AFL driver.

Harbormaster completed remote builds in B30119: Diff 193942.Apr 5 2019, 12:38 PM
metzman added a comment.Apr 5 2019, 12:39 PM

Please take a look.
This should help with some really badly behaved fuzzers in OSS-Fuzz that log so much that the disk fills up (because ClusterFuzz uses AFL_DRIVER_DUPLICATE_STDERR_FILENAME).

ormris removed a subscriber: ormris.Apr 5 2019, 12:43 PM
morehouse added inline comments.Apr 5 2019, 4:46 PM
compiler-rt/lib/fuzzer/afl/afl_driver.cpp
113

Do we need to set visibility here?

118

static

151

static - here and other private functions.

175

Nit: Can we remove some of these blank lines?

180

If you want to submit a follow-up patch, SGTM. But lets leave this TODO out since it's only style-related.

198

Nit: can we remove these blank lines?

compiler-rt/test/fuzzer/AFLDriverCloseFdMaskTest.cpp
5 ↗(On Diff #193942)

Let's move this comment closer to the functions it refers to.

16 ↗(On Diff #193942)

Do we really need this? How about just making it return 0 always?

23 ↗(On Diff #193942)

Do we need this printf?

29 ↗(On Diff #193942)

fflush(stdout)

36 ↗(On Diff #193942)

Maybe just return Data[Size]? Simpler and should still crash.

compiler-rt/test/fuzzer/afl-driver-close-fd-mask.test
5

Can we remove this line?

9

Please remove

20

Nit: Some inconsistent formatting. Can we keep the CHECKs right after the associated RUNs? Rather than sometimes after and sometimes before.

37

Can we combine this into check2?

43

I think this test will fail if the file doesn't exist. Better make it rm -f

metzman updated this revision to Diff 194163.Apr 8 2019, 10:13 AM
metzman marked 18 inline comments as done.
  • first round of fixes
  • some combining
  • improve tests
  • undo accidenal change
  • more reuse
  • fmt
  • fmt

Updating D60334: Summary:

Add close_fd_mask functionality to AFL driver.

Harbormaster completed remote builds in B30189: Diff 194163.Apr 8 2019, 10:13 AM
metzman updated this revision to Diff 194167.Apr 8 2019, 10:34 AM
metzman marked an inline comment as done.
  • improve tests

Updating D60334: Summary:

Add close_fd_mask functionality to AFL driver.

Harbormaster completed remote builds in B30190: Diff 194167.Apr 8 2019, 10:35 AM
morehouse accepted this revision.Apr 8 2019, 10:46 AM
morehouse added inline comments.
compiler-rt/test/fuzzer/afl-driver-close-fd-mask.test
5

I don't understand this comment.

This revision is now accepted and ready to land.Apr 8 2019, 10:46 AM
metzman updated this revision to Diff 194171.Apr 8 2019, 10:49 AM
  • improve comment

Updating D60334: Summary:

Add close_fd_mask functionality to AFL driver.

metzman marked 2 inline comments as done.Apr 8 2019, 10:49 AM
metzman added inline comments.
compiler-rt/test/fuzzer/afl-driver-close-fd-mask.test
5

Sorry, left a bunch of debugging code in here.

5

Ah well it was a pretty bad comment. Improved it.

37

I split up almost every message so that I did as much sharing and as little repetition as possible.
WDYT?

43

Good point. Fixed.

Harbormaster completed remote builds in B30191: Diff 194171.Apr 8 2019, 10:49 AM
morehouse accepted this revision.Apr 8 2019, 10:59 AM

LGTM

Closed by commit rCRT358703: Summary: (authored by metzman). · Explain WhyApr 18 2019, 11:48 AM
This revision was automatically updated to reflect the committed changes.
metzman marked an inline comment as done.

Revision Contents

PathSize
compiler-rt/
lib/
fuzzer/
afl/
90 lines
test/
fuzzer/
19 lines
31 lines
18 lines

Diff 194171

compiler-rt/lib/fuzzer/afl/afl_driver.cpp

Show All 25 Lines
# Build afl-llvm-rt.o.c from the AFL distribution. # Build afl-llvm-rt.o.c from the AFL distribution.
clang -c -w $AFL_HOME/llvm_mode/afl-llvm-rt.o.c clang -c -w $AFL_HOME/llvm_mode/afl-llvm-rt.o.c
# Build this file, link it with afl-llvm-rt.o.o and the target code. # Build this file, link it with afl-llvm-rt.o.o and the target code.
clang++ afl_driver.cpp test_fuzzer.o afl-llvm-rt.o.o clang++ afl_driver.cpp test_fuzzer.o afl-llvm-rt.o.o
# Run AFL: # Run AFL:
rm -rf IN OUT; mkdir IN OUT; echo z > IN/z; rm -rf IN OUT; mkdir IN OUT; echo z > IN/z;
$AFL_HOME/afl-fuzz -i IN -o OUT ./a.out $AFL_HOME/afl-fuzz -i IN -o OUT ./a.out
################################################################################ ################################################################################
AFL_DRIVER_STDERR_DUPLICATE_FILENAME: Setting this environment variable AFL_DRIVER_STDERR_DUPLICATE_FILENAME: Setting this *appends* stderr to the file
*appends* stderr to the file specified. If the file does not exist, it is specified. If the file does not exist, it is created. This is useful for getting
created. This is useful for getting stack traces (when using ASAN for example) stack traces (when using ASAN for example) or original error messages on hard
or original error messages on hard to reproduce bugs. to reproduce bugs. Note that any content written to stderr will be written to
this file instead of stderr's usual location.
AFL_DRIVER_CLOSE_FD_MASK: Similar to libFuzzer's -close_fd_mask behavior option.
If 1, close stdout at startup. If 2 close stderr; if 3 close both.
*/ */
#include <assert.h> #include <assert.h>
#include <errno.h> #include <errno.h>
#include <stdint.h> #include <stdint.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
▲ Show 20 LinesShow All 46 Lines▼ Show 20 Lines
// Notify AFL about persistent mode. // Notify AFL about persistent mode.
static volatile char AFL_PERSISTENT[] = "##SIG_AFL_PERSISTENT##"; static volatile char AFL_PERSISTENT[] = "##SIG_AFL_PERSISTENT##";
extern "C" int __afl_persistent_loop(unsigned int); extern "C" int __afl_persistent_loop(unsigned int);
static volatile char suppress_warning2 = AFL_PERSISTENT[0]; static volatile char suppress_warning2 = AFL_PERSISTENT[0];
// Notify AFL about deferred forkserver. // Notify AFL about deferred forkserver.
static volatile char AFL_DEFER_FORKSVR[] = "##SIG_AFL_DEFER_FORKSRV##"; static volatile char AFL_DEFER_FORKSVR[] = "##SIG_AFL_DEFER_FORKSRV##";
extern "C" void __afl_manual_init(); extern "C" void __afl_manual_init();
static volatile char suppress_warning1 = AFL_DEFER_FORKSVR[0]; static volatile char suppress_warning1 = AFL_DEFER_FORKSVR[0];
// Input buffer. // Input buffer.
static const size_t kMaxAflInputSize = 1 << 20; static const size_t kMaxAflInputSize = 1 << 20;
static uint8_t AflInputBuf[kMaxAflInputSize]; static uint8_t AflInputBuf[kMaxAflInputSize];
// Use this optionally defined function to output sanitizer messages even if
// user asks to close stderr.
__attribute__((weak)) extern "C" void __sanitizer_set_report_fd(void *);
morehouseUnsubmitted
Done
ReplyInline Actions

Do we need to set visibility here?

morehouse: Do we need to set visibility here?
// Keep track of where stderr content is being written to, so that
// dup_and_close_stderr can use the correct one.
static FILE *output_file = stderr;
morehouseUnsubmitted
Done
ReplyInline Actions

static

morehouse: static
// Experimental feature to use afl_driver without AFL's deferred mode. // Experimental feature to use afl_driver without AFL's deferred mode.
// Needs to run before __afl_auto_init. // Needs to run before __afl_auto_init.
__attribute__((constructor(0))) void __decide_deferred_forkserver(void) { __attribute__((constructor(0))) static void __decide_deferred_forkserver(void) {
if (getenv("AFL_DRIVER_DONT_DEFER")) { if (getenv("AFL_DRIVER_DONT_DEFER")) {
if (unsetenv("__AFL_DEFER_FORKSRV")) { if (unsetenv("__AFL_DEFER_FORKSRV")) {
perror("Failed to unset __AFL_DEFER_FORKSRV"); perror("Failed to unset __AFL_DEFER_FORKSRV");
abort(); abort();
} }
} }
} }
// If the user asks us to duplicate stderr, then do it. // If the user asks us to duplicate stderr, then do it.
static void maybe_duplicate_stderr() { static void maybe_duplicate_stderr() {
char* stderr_duplicate_filename = char *stderr_duplicate_filename =
getenv("AFL_DRIVER_STDERR_DUPLICATE_FILENAME"); getenv("AFL_DRIVER_STDERR_DUPLICATE_FILENAME");
if (!stderr_duplicate_filename) if (!stderr_duplicate_filename)
return; return;
FILE* stderr_duplicate_stream = FILE *stderr_duplicate_stream =
freopen(stderr_duplicate_filename, "a+", stderr); freopen(stderr_duplicate_filename, "a+", stderr);
if (!stderr_duplicate_stream) { if (!stderr_duplicate_stream) {
fprintf( fprintf(
stderr, stderr,
"Failed to duplicate stderr to AFL_DRIVER_STDERR_DUPLICATE_FILENAME"); "Failed to duplicate stderr to AFL_DRIVER_STDERR_DUPLICATE_FILENAME");
abort(); abort();
} }
output_file = stderr_duplicate_stream;
}
// Most of these I/O functions were inspired by/copied from libFuzzer's code.
static void discard_output(int fd) {
morehouseUnsubmitted
Done
ReplyInline Actions

static - here and other private functions.

morehouse: static - here and other private functions.
FILE *temp = fopen("/dev/null", "w");
if (!temp)
abort();
dup2(fileno(temp), fd);
fclose(temp);
}
static void close_stdout() { discard_output(STDOUT_FILENO); }
// Prevent the targeted code from writing to "stderr" but allow sanitizers and
// this driver to do so.
static void dup_and_close_stderr() {
int output_fileno = fileno(output_file);
int output_fd = dup(output_fileno);
if (output_fd <= 0)
abort();
FILE *new_output_file = fdopen(output_fd, "w");
if (!new_output_file)
abort();
if (!__sanitizer_set_report_fd)
return;
__sanitizer_set_report_fd(reinterpret_cast<void *>(output_fd));
discard_output(output_fileno);
}
morehouseUnsubmitted
Done
ReplyInline Actions

Nit: Can we remove some of these blank lines?

morehouse: Nit: Can we remove some of these blank lines?
static void Printf(const char *Fmt, ...) {
va_list ap;
va_start(ap, Fmt);
vfprintf(output_file, Fmt, ap);
morehouseUnsubmitted
Done
ReplyInline Actions

If you want to submit a follow-up patch, SGTM. But lets leave this TODO out since it's only style-related.

morehouse: If you want to submit a follow-up patch, SGTM. But lets leave this TODO out since it's only…
va_end(ap);
fflush(output_file);
}
// Close stdout and/or stderr if user asks for it.
static void maybe_close_fd_mask() {
char *fd_mask_str = getenv("AFL_DRIVER_CLOSE_FD_MASK");
if (!fd_mask_str)
return;
int fd_mask = atoi(fd_mask_str);
if (fd_mask & 2)
dup_and_close_stderr();
if (fd_mask & 1)
close_stdout();
} }
// Define LLVMFuzzerMutate to avoid link failures for targets that use it // Define LLVMFuzzerMutate to avoid link failures for targets that use it
// with libFuzzer's LLVMFuzzerCustomMutator. // with libFuzzer's LLVMFuzzerCustomMutator.
morehouseUnsubmitted
Done
ReplyInline Actions

Nit: can we remove these blank lines?

morehouse: Nit: can we remove these blank lines?
extern "C" size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize) { extern "C" size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize) {
assert(false && "LLVMFuzzerMutate should not be called from afl_driver"); assert(false && "LLVMFuzzerMutate should not be called from afl_driver");
return 0; return 0;
} }
// Execute any files provided as parameters. // Execute any files provided as parameters.
int ExecuteFilesOnyByOne(int argc, char **argv) { static int ExecuteFilesOnyByOne(int argc, char **argv) {
for (int i = 1; i < argc; i++) { for (int i = 1; i < argc; i++) {
std::ifstream in(argv[i], std::ios::binary); std::ifstream in(argv[i], std::ios::binary);
in.seekg(0, in.end); in.seekg(0, in.end);
size_t length = in.tellg(); size_t length = in.tellg();
in.seekg (0, in.beg); in.seekg (0, in.beg);
std::cout << "Reading " << length << " bytes from " << argv[i] << std::endl; std::cout << "Reading " << length << " bytes from " << argv[i] << std::endl;
// Allocate exactly length bytes so that we reliably catch buffer overflows. // Allocate exactly length bytes so that we reliably catch buffer overflows.
std::vector<char> bytes(length); std::vector<char> bytes(length);
in.read(bytes.data(), bytes.size()); in.read(bytes.data(), bytes.size());
assert(in); assert(in);
LLVMFuzzerTestOneInput(reinterpret_cast<const uint8_t *>(bytes.data()), LLVMFuzzerTestOneInput(reinterpret_cast<const uint8_t *>(bytes.data()),
bytes.size()); bytes.size());
std::cout << "Execution successful" << std::endl; std::cout << "Execution successful" << std::endl;
} }
return 0; return 0;
} }
int main(int argc, char **argv) { int main(int argc, char **argv) {
fprintf(stderr, Printf(
"======================= INFO =========================\n" "======================= INFO =========================\n"
"This binary is built for AFL-fuzz.\n" "This binary is built for AFL-fuzz.\n"
"To run the target function on individual input(s) execute this:\n" "To run the target function on individual input(s) execute this:\n"
" %s < INPUT_FILE\n" " %s < INPUT_FILE\n"
"or\n" "or\n"
" %s INPUT_FILE1 [INPUT_FILE2 ... ]\n" " %s INPUT_FILE1 [INPUT_FILE2 ... ]\n"
"To fuzz with afl-fuzz execute this:\n" "To fuzz with afl-fuzz execute this:\n"
" afl-fuzz [afl-flags] %s [-N]\n" " afl-fuzz [afl-flags] %s [-N]\n"
"afl-fuzz will run N iterations before " "afl-fuzz will run N iterations before "
"re-spawning the process (default: 1000)\n" "re-spawning the process (default: 1000)\n"
"======================================================\n", "======================================================\n",
argv[0], argv[0], argv[0]); argv[0], argv[0], argv[0]);
maybe_duplicate_stderr();
maybe_close_fd_mask();
if (LLVMFuzzerInitialize) if (LLVMFuzzerInitialize)
LLVMFuzzerInitialize(&argc, &argv); LLVMFuzzerInitialize(&argc, &argv);
// Do any other expensive one-time initialization here. // Do any other expensive one-time initialization here.
maybe_duplicate_stderr();
if (!getenv("AFL_DRIVER_DONT_DEFER")) if (!getenv("AFL_DRIVER_DONT_DEFER"))
__afl_manual_init(); __afl_manual_init();
int N = 1000; int N = 1000;
if (argc == 2 && argv[1][0] == '-') if (argc == 2 && argv[1][0] == '-')
N = atoi(argv[1] + 1); N = atoi(argv[1] + 1);
else if(argc == 2 && (N = atoi(argv[1])) > 0) else if(argc == 2 && (N = atoi(argv[1])) > 0)
fprintf(stderr, "WARNING: using the deprecated call style `%s %d`\n", Printf("WARNING: using the deprecated call style `%s %d`\n", argv[0], N);
argv[0], N);
else if (argc > 1) else if (argc > 1)
return ExecuteFilesOnyByOne(argc, argv); return ExecuteFilesOnyByOne(argc, argv);
assert(N > 0); assert(N > 0);
// Call LLVMFuzzerTestOneInput here so that coverage caused by initialization // Call LLVMFuzzerTestOneInput here so that coverage caused by initialization
// on the first execution of LLVMFuzzerTestOneInput is ignored. // on the first execution of LLVMFuzzerTestOneInput is ignored.
uint8_t dummy_input[1] = {0}; uint8_t dummy_input[1] = {0};
LLVMFuzzerTestOneInput(dummy_input, 1); LLVMFuzzerTestOneInput(dummy_input, 1);
int num_runs = 0; int num_runs = 0;
while (__afl_persistent_loop(N)) { while (__afl_persistent_loop(N)) {
ssize_t n_read = read(0, AflInputBuf, kMaxAflInputSize); ssize_t n_read = read(0, AflInputBuf, kMaxAflInputSize);
if (n_read > 0) { if (n_read > 0) {
// Copy AflInputBuf into a separate buffer to let asan find buffer // Copy AflInputBuf into a separate buffer to let asan find buffer
// overflows. Don't use unique_ptr/etc to avoid extra dependencies. // overflows. Don't use unique_ptr/etc to avoid extra dependencies.
uint8_t *copy = new uint8_t[n_read]; uint8_t *copy = new uint8_t[n_read];
memcpy(copy, AflInputBuf, n_read); memcpy(copy, AflInputBuf, n_read);
num_runs++; num_runs++;
LLVMFuzzerTestOneInput(copy, n_read); LLVMFuzzerTestOneInput(copy, n_read);
delete[] copy; delete[] copy;
} }
} }
fprintf(stderr, "%s: successfully executed %d input(s)\n", argv[0], num_runs); Printf("%s: successfully executed %d input(s)\n", argv[0], num_runs);
} }

compiler-rt/test/fuzzer/AFLDriverTest.cpp

// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// Contains dummy functions used to avoid dependency on AFL.
#include <stdint.h> #include <stdint.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
// Dummy functions used to avoid dependency on AFL.
extern "C" void __afl_manual_init() {} extern "C" void __afl_manual_init() {}
extern "C" int __afl_persistent_loop(unsigned int N) { extern "C" int __afl_persistent_loop(unsigned int N) {
static int Count = N; static int Count = N;
fprintf(stderr, "__afl_persistent_loop calle, Count = %d\n", Count); fprintf(stderr, "__afl_persistent_loop called, Count = %d\n", Count);
if (Count--) return 1; return Count--;
return 0;
} }
// This declaration exists to prevent the Darwin linker // This declaration exists to prevent the Darwin linker
// from complaining about this being a missing weak symbol. // from complaining about this being a missing weak symbol.
extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) { extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
fprintf(stderr, "LLVMFuzzerInitialize called\n");
return 0; return 0;
} }
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
fprintf(stderr, "LLVMFuzzerTestOneInput called; Size = %zd\n", Size); puts("STDOUT MESSAGE");
fflush(stdout);
fprintf(stderr, "STDERR MESSAGE\n"
"LLVMFuzzerTestOneInput called; Size = %zd\n",
Size);
if (Size < 4)
return 0; return 0;
return Data[Size];
} }

compiler-rt/test/fuzzer/afl-driver-close-fd-mask.test

  • This file was added.
REQUIRES: linux
RUN: %no_fuzzer_cpp_compiler %S/AFLDriverTest.cpp %libfuzzer_src/afl/afl_driver.cpp -o %t-AFLDriverTest
; Test that not specifying AFL_DRIVER_CLOSE_FD_MASK works as intended.
RUN: echo -n "abc" > %t.file3
morehouseUnsubmitted
Done
ReplyInline Actions

Can we remove this line?

morehouse: Can we remove this line?
metzmanAuthorUnsubmitted
Done
ReplyInline Actions

Sorry, left a bunch of debugging code in here.

metzman: Sorry, left a bunch of debugging code in here.
morehouseUnsubmitted
Done
ReplyInline Actions

I don't understand this comment.

morehouse: I don't understand this comment.
metzmanAuthorUnsubmitted
Done
ReplyInline Actions

Ah well it was a pretty bad comment. Improved it.

metzman: Ah well it was a pretty bad comment. Improved it.
RUN: unset AFL_DRIVER_CLOSE_FD_MASK
RUN: %run %t-AFLDriverTest < %t.file3 2>&1 | FileCheck %s --check-prefixes=STDERR,STDOUT
STDOUT: STDOUT MESSAGE
STDERR: STDERR MESSAGE
morehouseUnsubmitted
Done
ReplyInline Actions

Please remove

morehouse: Please remove
; Test that stdout is closed properly.
RUN: AFL_DRIVER_CLOSE_FD_MASK=1 %run %t-AFLDriverTest < %t.file3 2>&1 | FileCheck %s --check-prefixes=NOT_STDOUT,STDERR
NOT_STDOUT-NOT: STDOUT MESSAGE
; Test that stderr is closed properly.
RUN: AFL_DRIVER_CLOSE_FD_MASK=2 %run %t-AFLDriverTest < %t.file3 2>&1 | FileCheck %s --check-prefixes=NOT_STDERR,STDOUT
NOT_STDERR-NOT: STDERR MESSAGE
; Test that both are closed properly.
RUN: AFL_DRIVER_CLOSE_FD_MASK=3 %run %t-AFLDriverTest < %t.file3 2>&1 | FileCheck %s --check-prefixes=NOT_STDERR,NOT_STDOUT
morehouseUnsubmitted
Done
ReplyInline Actions

Nit: Some inconsistent formatting. Can we keep the CHECKs right after the associated RUNs? Rather than sometimes after and sometimes before.

morehouse: Nit: Some inconsistent formatting. Can we keep the CHECKs right after the associated RUNs?
; Test that a stack is printed when we close stderr
RUN: echo -n "abcd" > %t.file4
RUN: AFL_DRIVER_CLOSE_FD_MASK=2 not %run %t-AFLDriverTest < %t.file4 2>&1 | FileCheck %s --check-prefixes=ASAN_CRASH,STDOUT,NOT_STDERR
ASAN_CRASH: ERROR: AddressSanitizer
; Test that a stack is written to the stderr duplicate file when we close stderr
; and specify a duplicate.
RUN: rm -f %t.stderr
RUN: AFL_DRIVER_STDERR_DUPLICATE_FILENAME=%t.stderr AFL_DRIVER_CLOSE_FD_MASK=2 not %run %t-AFLDriverTest < %t.file4
RUN: cat %t.stderr | FileCheck %s --check-prefixes=ASAN_CRASH,NOT_STDERR
morehouseUnsubmitted
Done
ReplyInline Actions

Can we combine this into check2?

morehouse: Can we combine this into check2?
metzmanAuthorUnsubmitted
Done
ReplyInline Actions

I split up almost every message so that I did as much sharing and as little repetition as possible.
WDYT?

metzman: I split up almost every message so that I did as much sharing and as little repetition as…
morehouseUnsubmitted
Done
ReplyInline Actions

I think this test will fail if the file doesn't exist. Better make it rm -f

morehouse: I think this test will fail if the file doesn't exist. Better make it `rm -f`
metzmanAuthorUnsubmitted
Done
ReplyInline Actions

Good point. Fixed.

metzman: Good point. Fixed.

compiler-rt/test/fuzzer/afl-driver.test

REQUIRES: linux REQUIRES: linux
RUN: %no_fuzzer_cpp_compiler %S/AFLDriverTest.cpp %libfuzzer_src/afl/afl_driver.cpp -o %t-AFLDriverTest RUN: %no_fuzzer_cpp_compiler %S/AFLDriverTest.cpp %libfuzzer_src/afl/afl_driver.cpp -o %t-AFLDriverTest
RUN: echo -n "abc" > %t.file3 RUN: echo -n "abc" > %t.file3
RUN: echo -n "abcd" > %t.file4
RUN: %run %t-AFLDriverTest < %t.file3 2>&1 | FileCheck %s --check-prefix=CHECK1 RUN: %run %t-AFLDriverTest < %t.file3 2>&1 | FileCheck %s --check-prefix=CHECK1
CHECK1: __afl_persistent_loop calle, Count = 1000 CHECK1: __afl_persistent_loop called, Count = 1000
CHECK1: LLVMFuzzerTestOneInput called; Size = 3 CHECK1: LLVMFuzzerTestOneInput called; Size = 3
RUN: %run %t-AFLDriverTest < %t.file3 -42 2>&1 | FileCheck %s --check-prefix=CHECK2 RUN: %run %t-AFLDriverTest < %t.file3 -42 2>&1 | FileCheck %s --check-prefix=CHECK2
CHECK2: __afl_persistent_loop calle, Count = 42 CHECK2: __afl_persistent_loop called, Count = 42
CHECK2: LLVMFuzzerTestOneInput called; Size = 3 CHECK2: LLVMFuzzerTestOneInput called; Size = 3
RUN: %run %t-AFLDriverTest < %t.file3 666 2>&1 | FileCheck %s --check-prefix=CHECK3 RUN: %run %t-AFLDriverTest < %t.file3 666 2>&1 | FileCheck %s --check-prefix=CHECK3
CHECK3: WARNING: using the deprecated call style CHECK3: WARNING: using the deprecated call style
CHECK3: __afl_persistent_loop calle, Count = 666 CHECK3: __afl_persistent_loop called, Count = 666
CHECK3: LLVMFuzzerTestOneInput called; Size = 3 CHECK3: LLVMFuzzerTestOneInput called; Size = 3
RUN: %run %t-AFLDriverTest %t.file3 2>&1 | FileCheck %s --check-prefix=CHECK4 RUN: %run %t-AFLDriverTest %t.file3 2>&1 | FileCheck %s --check-prefix=CHECK4
CHECK4: LLVMFuzzerTestOneInput called; Size = 3 CHECK4: LLVMFuzzerTestOneInput called; Size = 3
RUN: %run %t-AFLDriverTest %t.file3 %t.file4 2>&1 | FileCheck %s --check-prefix=CHECK5 RUN: echo -n "ab" > %t.file2
CHECK5: LLVMFuzzerTestOneInput called; Size = 3 RUN: %run %t-AFLDriverTest %t.file2 %t.file3 2>&1 | FileCheck %s --check-prefix=CHECK5
CHECK5: LLVMFuzzerTestOneInput called; Size = 4 CHECK5: LLVMFuzzerTestOneInput called; Size = 2
CHECK5: LLVMFuzzerTestOneInput called; Size = 3
No newline at end of file