From 58b3c64b6b47d1aa644375b1d5efe354befa7a4e Mon Sep 17 00:00:00 2001 From: Kostya Serebryany Date: Fri, 29 Jan 2016 23:30:07 +0000 Subject: [PATCH] [libFuzzer] add -timeout_exitcode option git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@259265 91177308-0d34-0410-b5e6-96231b3b80d8 --- docs/LibFuzzer.rst | 1 + lib/Fuzzer/FuzzerDriver.cpp | 1 + lib/Fuzzer/FuzzerFlags.def | 2 ++ lib/Fuzzer/FuzzerInternal.h | 1 + lib/Fuzzer/FuzzerLoop.cpp | 2 +- lib/Fuzzer/test/fuzzer-timeout.test | 1 + 6 files changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/LibFuzzer.rst b/docs/LibFuzzer.rst index 7a8d090241c..b4c89197d82 100644 --- a/docs/LibFuzzer.rst +++ b/docs/LibFuzzer.rst @@ -62,6 +62,7 @@ The most important flags are:: mutate_depth 5 Apply this number of consecutive mutations to each input. timeout 1200 Timeout in seconds (if positive). If one unit runs more than this number of seconds the process will abort. abort_on_timeout 0 If positive, call abort on timeout. + timeout_exitcode 77 Unless abort_on_timeout is set, use this exitcode on timeout. max_total_time 0 If positive, indicates the maximal total time in seconds to run the fuzzer. help 0 Print help. merge 0 If 1, the 2-nd, 3-rd, etc corpora will be merged into the 1-st corpus. Only interesting units will be taken. diff --git a/lib/Fuzzer/FuzzerDriver.cpp b/lib/Fuzzer/FuzzerDriver.cpp index d117681ba93..e73feaf5cd8 100644 --- a/lib/Fuzzer/FuzzerDriver.cpp +++ b/lib/Fuzzer/FuzzerDriver.cpp @@ -269,6 +269,7 @@ int FuzzerDriver(const std::vector &Args, Options.MaxLen = Flags.max_len; Options.UnitTimeoutSec = Flags.timeout; Options.AbortOnTimeout = Flags.abort_on_timeout; + Options.TimeoutExitCode = Flags.timeout_exitcode; Options.MaxTotalTimeSec = Flags.max_total_time; Options.DoCrossOver = Flags.cross_over; Options.MutateDepth = Flags.mutate_depth; diff --git a/lib/Fuzzer/FuzzerFlags.def b/lib/Fuzzer/FuzzerFlags.def index 7f8d705a0d9..a451436896a 100644 --- a/lib/Fuzzer/FuzzerFlags.def +++ b/lib/Fuzzer/FuzzerFlags.def @@ -30,6 +30,8 @@ FUZZER_FLAG_INT( "Timeout in seconds (if positive). " "If one unit runs more than this number of seconds the process will abort.") FUZZER_FLAG_INT(abort_on_timeout, 0, "If positive, call abort on timeout.") +FUZZER_FLAG_INT(timeout_exitcode, 77, + "Unless abort_on_timeout is set, use this exitcode on timeout.") FUZZER_FLAG_INT(max_total_time, 0, "If positive, indicates the maximal total " "time in seconds to run the fuzzer.") FUZZER_FLAG_INT(help, 0, "Print help.") diff --git a/lib/Fuzzer/FuzzerInternal.h b/lib/Fuzzer/FuzzerInternal.h index b2a62dd7932..d506f8fabab 100644 --- a/lib/Fuzzer/FuzzerInternal.h +++ b/lib/Fuzzer/FuzzerInternal.h @@ -175,6 +175,7 @@ public: int MaxLen = 0; int UnitTimeoutSec = 300; bool AbortOnTimeout = false; + int TimeoutExitCode = 77; int MaxTotalTimeSec = 0; bool DoCrossOver = true; int MutateDepth = 5; diff --git a/lib/Fuzzer/FuzzerLoop.cpp b/lib/Fuzzer/FuzzerLoop.cpp index b39860ceec6..56c9c05fceb 100644 --- a/lib/Fuzzer/FuzzerLoop.cpp +++ b/lib/Fuzzer/FuzzerLoop.cpp @@ -114,7 +114,7 @@ void Fuzzer::AlarmCallback() { Printf("SUMMARY: libFuzzer: timeout\n"); if (Options.AbortOnTimeout) abort(); - exit(1); + exit(Options.TimeoutExitCode); } } diff --git a/lib/Fuzzer/test/fuzzer-timeout.test b/lib/Fuzzer/test/fuzzer-timeout.test index 8db5f89489d..2de460d9a03 100644 --- a/lib/Fuzzer/test/fuzzer-timeout.test +++ b/lib/Fuzzer/test/fuzzer-timeout.test @@ -12,3 +12,4 @@ SingleInputTimeoutTest: ALARM: working on the last Unit for SingleInputTimeoutTest-NOT: Test unit written to ./timeout- RUN: ASAN_OPTIONS=handle_abort=0 not --crash LLVMFuzzer-TimeoutTest -timeout=1 -abort_on_timeout=1 +RUN: LLVMFuzzer-TimeoutTest -timeout=1 -timeout_exitcode=0 -- 2.11.0