[libFuzzer] add a flag -exact_artifact_path

author Kostya Serebryany <kcc@google.com>

Wed, 25 Nov 2015 21:40:46 +0000 (21:40 +0000)

committer Kostya Serebryany <kcc@google.com>

Wed, 25 Nov 2015 21:40:46 +0000 (21:40 +0000)
author Kostya Serebryany <kcc@google.com>
Wed, 25 Nov 2015 21:40:46 +0000 (21:40 +0000)
committer Kostya Serebryany <kcc@google.com>
Wed, 25 Nov 2015 21:40:46 +0000 (21:40 +0000)
diff --git a/docs/LibFuzzer.rst b/docs/LibFuzzer.rst

index cbb97e78107bbb7faf07f1c4240eed641858c05d..74845c546369e307213e018ed70ce166ccfeef5d 100644 (file)
--- a/docs/LibFuzzer.rst
+++ b/docs/LibFuzzer.rst
@@ -73,6 +73,7 @@ The most important flags are::
    only_ascii                            0       If 1, generate only ASCII (isprint+isspace) inputs.
    test_single_input                     ""      Use specified file content as test input. Test will be run only once. Useful for debugging a particular case.
    artifact_prefix                       ""      Write fuzzing artifacts (crash, timeout, or slow inputs) as $(artifact_prefix)file
+  exact_artifact_path                   ""      Write the single artifact on failure (crash, timeout) as $(exact_artifact_path). This overrides -artifact_prefix and will not use checksum in the file name. Do not use the same path for several parallel processes.
  
  For the full list of flags run the fuzzer binary with ``-help=1``.
  
diff --git a/lib/Fuzzer/FuzzerDriver.cpp b/lib/Fuzzer/FuzzerDriver.cpp

index 0897f9cbde72a425b558a155cef91143a96d0527..fa473811068f3269d6cd6c5d1936ab875620a8d6 100644 (file)
--- a/lib/Fuzzer/FuzzerDriver.cpp
+++ b/lib/Fuzzer/FuzzerDriver.cpp
@@ -256,6 +256,8 @@ int FuzzerDriver(const std::vector<std::string> &Args,
    Options.ReportSlowUnits = Flags.report_slow_units;
    if (Flags.artifact_prefix)
      Options.ArtifactPrefix = Flags.artifact_prefix;
+  if (Flags.exact_artifact_path)
+    Options.ExactArtifactPath = Flags.exact_artifact_path;
    std::vector<Unit> Dictionary;
    if (Flags.dict)
      if (!ParseDictionaryFile(FileToString(Flags.dict), &Dictionary))
diff --git a/lib/Fuzzer/FuzzerFlags.def b/lib/Fuzzer/FuzzerFlags.def

index 222fa6d12a6871ec5da96868d84a6b9af7d6a112..7aea5bf641c3de5be11003efa13c382f35e8a195 100644 (file)
--- a/lib/Fuzzer/FuzzerFlags.def
+++ b/lib/Fuzzer/FuzzerFlags.def
@@ -67,6 +67,11 @@ FUZZER_FLAG_STRING(test_single_input, "Use specified file as test input.")
  FUZZER_FLAG_STRING(artifact_prefix, "Write fuzzing artifacts (crash, "
                                      "timeout, or slow inputs) as "
                                      "$(artifact_prefix)file")
+FUZZER_FLAG_STRING(exact_artifact_path,
+                   "Write the single artifact on failure (crash, timeout) "
+                   "as $(exact_artifact_path). This overrides -artifact_prefix "
+                   "and will not use checksum in the file name. Do not "
+                   "use the same path for several parallel processes.")
  FUZZER_FLAG_INT(drill, 0, "Experimental: fuzz using a single unit as the seed "
                            "corpus, then merge with the initial corpus")
  FUZZER_FLAG_INT(output_csv, 0, "Enable pulse output in CSV format.")
diff --git a/lib/Fuzzer/FuzzerInternal.h b/lib/Fuzzer/FuzzerInternal.h

index 9d1849f210fc150bdf2900707922ce6d0ce736c8..2c382b2ef31429a065b232c75a369f2a5965f7dd 100644 (file)
--- a/lib/Fuzzer/FuzzerInternal.h
+++ b/lib/Fuzzer/FuzzerInternal.h
@@ -94,6 +94,7 @@ class Fuzzer {
      std::string OutputCorpus;
      std::string SyncCommand;
      std::string ArtifactPrefix = "./";
+    std::string ExactArtifactPath;
      bool SaveArtifacts = true;
      bool PrintNEW = true;  // Print a status line when new units are found;
      bool OutputCSV = false;
diff --git a/lib/Fuzzer/FuzzerLoop.cpp b/lib/Fuzzer/FuzzerLoop.cpp

index 48c1b35dccbaa95c086c3e7f068e309182c46205..7aea169b7ae992905a1828614ad5894dde421431 100644 (file)
--- a/lib/Fuzzer/FuzzerLoop.cpp
+++ b/lib/Fuzzer/FuzzerLoop.cpp
@@ -293,6 +293,8 @@ void Fuzzer::WriteUnitToFileWithPrefix(const Unit &U, const char *Prefix) {
    if (!Options.SaveArtifacts)
      return;
    std::string Path = Options.ArtifactPrefix + Prefix + Hash(U);
+  if (!Options.ExactArtifactPath.empty())
+    Path = Options.ExactArtifactPath;  // Overrides ArtifactPrefix.
    WriteToFile(U, Path);
    Printf("artifact_prefix='%s'; Test unit written to %s\n",
           Options.ArtifactPrefix.c_str(), Path.c_str());
diff --git a/lib/Fuzzer/test/fuzzer.test b/lib/Fuzzer/test/fuzzer.test

index fe949bf31ac9c1f22c1edf216a5c6e2cd70e3c79..3b7045d8de8d624093cd97e5f1e8aaa6112d174f 100644 (file)
--- a/lib/Fuzzer/test/fuzzer.test
+++ b/lib/Fuzzer/test/fuzzer.test
@@ -28,6 +28,8 @@ RUN: not LLVMFuzzer-NullDerefTest 2>&1 | FileCheck %s --check-prefix=NullDerefTe
  NullDerefTest: Test unit written to ./crash-
  RUN: not LLVMFuzzer-NullDerefTest  -artifact_prefix=ZZZ 2>&1 | FileCheck %s --check-prefix=NullDerefTestPrefix
  NullDerefTestPrefix: Test unit written to ZZZcrash-
+RUN: not LLVMFuzzer-NullDerefTest  -artifact_prefix=ZZZ -exact_artifact_path=FOOBAR 2>&1 | FileCheck %s --check-prefix=NullDerefTestExactPath
+NullDerefTestExactPath: Test unit written to FOOBAR
  
  #not LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s
author	Kostya Serebryany <kcc@google.com>
	Wed, 25 Nov 2015 21:40:46 +0000 (21:40 +0000)
committer	Kostya Serebryany <kcc@google.com>
	Wed, 25 Nov 2015 21:40:46 +0000 (21:40 +0000)
docs/LibFuzzer.rst		patch \| blob \| history
lib/Fuzzer/FuzzerDriver.cpp		patch \| blob \| history
lib/Fuzzer/FuzzerFlags.def		patch \| blob \| history
lib/Fuzzer/FuzzerInternal.h		patch \| blob \| history
lib/Fuzzer/FuzzerLoop.cpp		patch \| blob \| history
lib/Fuzzer/test/fuzzer.test		patch \| blob \| history