From 2d1f4f5e9e9f7d7e2ba096323f03dacbdf67ebba Mon Sep 17 00:00:00 2001 From: Kostya Serebryany Date: Thu, 3 Nov 2016 19:31:18 +0000 Subject: [PATCH] [libFuzzer] fix -error_exitcode=N, now with a test git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285958 91177308-0d34-0410-b5e6-96231b3b80d8 --- docs/LibFuzzer.rst | 5 +++-- lib/Fuzzer/FuzzerDriver.cpp | 1 + lib/Fuzzer/FuzzerFlags.def | 8 ++++---- lib/Fuzzer/test/fuzzer-leak.test | 1 + 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/docs/LibFuzzer.rst b/docs/LibFuzzer.rst index a1017eb78e5..cf49c8def01 100644 --- a/docs/LibFuzzer.rst +++ b/docs/LibFuzzer.rst @@ -240,8 +240,9 @@ The most important command line options are: The limit is checked in a separate thread every second. If running w/o ASAN/MSAN, you may use 'ulimit -v' instead. ``-timeout_exitcode`` - Exit code (default 77) to emit when terminating due to timeout, when - ``-abort_on_timeout`` is not set. + Exit code (default 77) used if libFuzzer reports a timeout. +``-error_exitcode`` + Exit code (default 77) used if libFuzzer itself (not a sanitizer) reports a bug (leak, OOM, etc). ``-max_total_time`` If positive, indicates the maximum total time in seconds to run the fuzzer. If 0 (the default), run indefinitely. diff --git a/lib/Fuzzer/FuzzerDriver.cpp b/lib/Fuzzer/FuzzerDriver.cpp index c506361b48f..9eff50f0f1e 100644 --- a/lib/Fuzzer/FuzzerDriver.cpp +++ b/lib/Fuzzer/FuzzerDriver.cpp @@ -390,6 +390,7 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) { Options.Verbosity = Flags.verbosity; Options.MaxLen = Flags.max_len; Options.UnitTimeoutSec = Flags.timeout; + Options.ErrorExitCode = Flags.error_exitcode; Options.TimeoutExitCode = Flags.timeout_exitcode; Options.MaxTotalTimeSec = Flags.max_total_time; Options.DoCrossOver = Flags.cross_over; diff --git a/lib/Fuzzer/FuzzerFlags.def b/lib/Fuzzer/FuzzerFlags.def index bb107a38862..681b73b76ca 100644 --- a/lib/Fuzzer/FuzzerFlags.def +++ b/lib/Fuzzer/FuzzerFlags.def @@ -27,10 +27,10 @@ FUZZER_FLAG_INT( timeout, 1200, "Timeout in seconds (if positive). " "If one unit runs more than this number of seconds the process will abort.") -FUZZER_FLAG_INT(timeout_exitcode, 77, - "Unless abort_on_timeout is set, use this exitcode on timeout.") -FUZZER_FLAG_INT(error_exit_code, 77, "When libFuzzer's signal handlers are in " - "use exit with this exitcode after catching a deadly signal.") +FUZZER_FLAG_INT(error_exitcode, 77, "When libFuzzer itself reports a bug " + "this exit code will be used.") +FUZZER_FLAG_INT(timeout_exitcode, 77, "When libFuzzer reports a timeout " + "this exit code will be used.") FUZZER_FLAG_INT(max_total_time, 0, "If positive, indicates the maximal total " "time in seconds to run the fuzzer.") FUZZER_FLAG_INT(help, 0, "Print help.") diff --git a/lib/Fuzzer/test/fuzzer-leak.test b/lib/Fuzzer/test/fuzzer-leak.test index da932308e55..9cf5c743fff 100644 --- a/lib/Fuzzer/test/fuzzer-leak.test +++ b/lib/Fuzzer/test/fuzzer-leak.test @@ -32,3 +32,4 @@ LEAK_TIMEOUT-NOT: LeakSanitizer RUN: LLVMFuzzer-AccumulateAllocationsTest -detect_leaks=1 -runs=100000 2>&1 | FileCheck %s --check-prefix=ACCUMULATE_ALLOCS ACCUMULATE_ALLOCS: INFO: libFuzzer disabled leak detection after every mutation +RUN: LLVMFuzzer-LeakTest -error_exitcode=0 -- 2.40.0