[libFuzzer] add a flag -exact_artifact_path

llvm-svn: 254100
This commit is contained in:
Kostya Serebryany 2015-11-25 21:40:46 +00:00
parent 70a134d29f
commit 2d0ef14f5d
6 changed files with 13 additions and 0 deletions

View File

@ -73,6 +73,7 @@ The most important flags are::
only_ascii 0 If 1, generate only ASCII (isprint+isspace) inputs. only_ascii 0 If 1, generate only ASCII (isprint+isspace) inputs.
test_single_input "" Use specified file content as test input. Test will be run only once. Useful for debugging a particular case. test_single_input "" Use specified file content as test input. Test will be run only once. Useful for debugging a particular case.
artifact_prefix "" Write fuzzing artifacts (crash, timeout, or slow inputs) as $(artifact_prefix)file artifact_prefix "" Write fuzzing artifacts (crash, timeout, or slow inputs) as $(artifact_prefix)file
exact_artifact_path "" Write the single artifact on failure (crash, timeout) as $(exact_artifact_path). This overrides -artifact_prefix and will not use checksum in the file name. Do not use the same path for several parallel processes.
For the full list of flags run the fuzzer binary with ``-help=1``. For the full list of flags run the fuzzer binary with ``-help=1``.

View File

@ -256,6 +256,8 @@ int FuzzerDriver(const std::vector<std::string> &Args,
Options.ReportSlowUnits = Flags.report_slow_units; Options.ReportSlowUnits = Flags.report_slow_units;
if (Flags.artifact_prefix) if (Flags.artifact_prefix)
Options.ArtifactPrefix = Flags.artifact_prefix; Options.ArtifactPrefix = Flags.artifact_prefix;
if (Flags.exact_artifact_path)
Options.ExactArtifactPath = Flags.exact_artifact_path;
std::vector<Unit> Dictionary; std::vector<Unit> Dictionary;
if (Flags.dict) if (Flags.dict)
if (!ParseDictionaryFile(FileToString(Flags.dict), &Dictionary)) if (!ParseDictionaryFile(FileToString(Flags.dict), &Dictionary))

View File

@ -67,6 +67,11 @@ FUZZER_FLAG_STRING(test_single_input, "Use specified file as test input.")
FUZZER_FLAG_STRING(artifact_prefix, "Write fuzzing artifacts (crash, " FUZZER_FLAG_STRING(artifact_prefix, "Write fuzzing artifacts (crash, "
"timeout, or slow inputs) as " "timeout, or slow inputs) as "
"$(artifact_prefix)file") "$(artifact_prefix)file")
FUZZER_FLAG_STRING(exact_artifact_path,
"Write the single artifact on failure (crash, timeout) "
"as $(exact_artifact_path). This overrides -artifact_prefix "
"and will not use checksum in the file name. Do not "
"use the same path for several parallel processes.")
FUZZER_FLAG_INT(drill, 0, "Experimental: fuzz using a single unit as the seed " FUZZER_FLAG_INT(drill, 0, "Experimental: fuzz using a single unit as the seed "
"corpus, then merge with the initial corpus") "corpus, then merge with the initial corpus")
FUZZER_FLAG_INT(output_csv, 0, "Enable pulse output in CSV format.") FUZZER_FLAG_INT(output_csv, 0, "Enable pulse output in CSV format.")

View File

@ -94,6 +94,7 @@ class Fuzzer {
std::string OutputCorpus; std::string OutputCorpus;
std::string SyncCommand; std::string SyncCommand;
std::string ArtifactPrefix = "./"; std::string ArtifactPrefix = "./";
std::string ExactArtifactPath;
bool SaveArtifacts = true; bool SaveArtifacts = true;
bool PrintNEW = true; // Print a status line when new units are found; bool PrintNEW = true; // Print a status line when new units are found;
bool OutputCSV = false; bool OutputCSV = false;

View File

@ -293,6 +293,8 @@ void Fuzzer::WriteUnitToFileWithPrefix(const Unit &U, const char *Prefix) {
if (!Options.SaveArtifacts) if (!Options.SaveArtifacts)
return; return;
std::string Path = Options.ArtifactPrefix + Prefix + Hash(U); std::string Path = Options.ArtifactPrefix + Prefix + Hash(U);
if (!Options.ExactArtifactPath.empty())
Path = Options.ExactArtifactPath; // Overrides ArtifactPrefix.
WriteToFile(U, Path); WriteToFile(U, Path);
Printf("artifact_prefix='%s'; Test unit written to %s\n", Printf("artifact_prefix='%s'; Test unit written to %s\n",
Options.ArtifactPrefix.c_str(), Path.c_str()); Options.ArtifactPrefix.c_str(), Path.c_str());

View File

@ -28,6 +28,8 @@ RUN: not LLVMFuzzer-NullDerefTest 2>&1 | FileCheck %s --check-prefix=NullDerefTe
NullDerefTest: Test unit written to ./crash- NullDerefTest: Test unit written to ./crash-
RUN: not LLVMFuzzer-NullDerefTest -artifact_prefix=ZZZ 2>&1 | FileCheck %s --check-prefix=NullDerefTestPrefix RUN: not LLVMFuzzer-NullDerefTest -artifact_prefix=ZZZ 2>&1 | FileCheck %s --check-prefix=NullDerefTestPrefix
NullDerefTestPrefix: Test unit written to ZZZcrash- NullDerefTestPrefix: Test unit written to ZZZcrash-
RUN: not LLVMFuzzer-NullDerefTest -artifact_prefix=ZZZ -exact_artifact_path=FOOBAR 2>&1 | FileCheck %s --check-prefix=NullDerefTestExactPath
NullDerefTestExactPath: Test unit written to FOOBAR
#not LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s #not LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s