[lib/Fuzzer] change the meaning of -timeout flag: now timeout is applied to every unit of work separately

llvm-svn: 237735

lib/Fuzzer/FuzzerDriver.cpp

@@ -215,6 +215,7 @@ int FuzzerDriver(int argc, char **argv, UserCallback Callback) {
   Fuzzer::FuzzingOptions Options;
   Options.Verbosity = Flags.verbosity;
   Options.MaxLen = Flags.max_len;
+  Options.UnitTimeoutSec = Flags.timeout;
   Options.DoCrossOver = Flags.cross_over;
   Options.MutateDepth = Flags.mutate_depth;
   Options.ExitOnFirst = Flags.exit_on_first;
@@ -245,7 +246,7 @@ int FuzzerDriver(int argc, char **argv, UserCallback Callback) {
 
   // Timer
   if (Flags.timeout > 0)
-    SetTimer(Flags.timeout);
+    SetTimer(Flags.timeout / 2 + 1);
 
   if (Flags.verbosity >= 2) {
     std::cerr << "Tokens: {";

lib/Fuzzer/FuzzerFlags.def

@@ -27,7 +27,10 @@ FUZZER_FLAG_INT(
     " If 0, never do that. If -1, do it sometimes.")
 FUZZER_FLAG_INT(exit_on_first, 0,
             "If 1, exit after the first new interesting input is found.")
-FUZZER_FLAG_INT(timeout, -1, "Timeout in seconds (if positive).")
+FUZZER_FLAG_INT(
+    timeout, -1,
+    "Timeout in seconds (if positive). "
+    "If one unit runs more than this number of seconds the process will abort.")
 FUZZER_FLAG_INT(help, 0, "Print help.")
 FUZZER_FLAG_INT(
     save_minimized_corpus, 0,

lib/Fuzzer/FuzzerInternal.h

@@ -56,6 +56,7 @@ class Fuzzer {
   struct FuzzingOptions {
     int Verbosity = 1;
     int MaxLen = 0;
+    int UnitTimeoutSec = 300;
     bool DoCrossOver = true;
     int  MutateDepth = 5;
     bool ExitOnFirst = false;

lib/Fuzzer/FuzzerLoop.cpp

@@ -60,16 +60,20 @@ void Fuzzer::StaticAlarmCallback() {
 }
 
 void Fuzzer::AlarmCallback() {
+  assert(Options.UnitTimeoutSec > 0);
   size_t Seconds =
       duration_cast<seconds>(system_clock::now() - UnitStartTime).count();
-  std::cerr << "ALARM: working on the last Unit for " << Seconds << " seconds"
+  if (Seconds == 0) return;
-            << std::endl;
+  if (Options.Verbosity >= 2)
-  if (Seconds >= 3) {
+    std::cerr << "AlarmCallback " << Seconds << "\n";
+  if (Seconds >= (size_t)Options.UnitTimeoutSec) {
+    std::cerr << "ALARM: working on the last Unit for " << Seconds << " seconds"
+              << std::endl;
     Print(CurrentUnit, "\n");
     PrintUnitInASCIIOrTokens(CurrentUnit, "\n");
     WriteToCrash(CurrentUnit, "timeout-");
+    exit(1);
   }
-  exit(1);
 }
 
 void Fuzzer::PrintStats(const char *Where, size_t Cov, const char *End) {
@@ -96,6 +100,8 @@ void Fuzzer::RereadOutputCorpus() {
     return;
   }
   if (!Options.Reload) return;
+  if (Options.Verbosity >= 2)
+    std::cerr << "Reload: read " << AdditionalCorpus.size() << " new units.\n";
   for (auto &X : AdditionalCorpus) {
     if (X.size() > (size_t)Options.MaxLen)
       X.resize(Options.MaxLen);

lib/Fuzzer/test/InfiniteTest.cpp

@@ -6,6 +6,8 @@
 
 static volatile int Sink;
 
+static volatile int One = 1;
+
 extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
   if (Size > 0 && Data[0] == 'H') {
     Sink = 1;
@@ -13,6 +15,8 @@ extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
       Sink = 2;
       if (Size > 2 && Data[2] == '!') {
         Sink = 2;
+        while (One)
+          ;
       }
     }
   }

lib/Fuzzer/test/fuzzer.test

@@ -4,7 +4,7 @@ RUN: ./LLVMFuzzer-SimpleTest 2>&1 | FileCheck %s
 
 RUN: not ./LLVMFuzzer-InfiniteTest -timeout=2 2>&1 | FileCheck %s --check-prefix=InfiniteTest
 InfiniteTest: ALARM: working on the last Unit for
-InfiniteTest-NOT: CRASHED; file written to timeout
+InfiniteTest: CRASHED; file written to timeout
 
 RUN: not ./LLVMFuzzer-TimeoutTest -timeout=5 2>&1 | FileCheck %s --check-prefix=TimeoutTest
 TimeoutTest: ALARM: working on the last Unit for