[libFuzzer] add -artifact_prefix flag

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@249807 91177308-0d34-0410-b5e6-96231b3b80d8

Author: kcc

docs/LibFuzzer.rst

@@ -71,7 +71,7 @@ The most important flags are::
   use_traces                            0       Experimental: use instruction traces
   only_ascii                            0       If 1, generate only ASCII (isprint+isspace) inputs.
   test_single_input                     ""      Use specified file content as test input. Test will be run only once. Useful for debugging a particular case.
-
+  artifact_prefix                       ""      Write fuzzing artifacts (crash, timeout, or slow inputs) as $(artifact_prefix)file
 
 For the full list of flags run the fuzzer binary with ``-help=1``.
 

lib/Fuzzer/FuzzerDriver.cpp

@@ -270,6 +270,8 @@ int FuzzerDriver(const std::vector<std::string> &Args,
     Options.SyncCommand = Flags.sync_command;
   Options.SyncTimeout = Flags.sync_timeout;
   Options.ReportSlowUnits = Flags.report_slow_units;
+  if (Flags.artifact_prefix)
+    Options.ArtifactPrefix = Flags.artifact_prefix;
   if (Flags.dict)
     if (!ParseDictionaryFile(FileToString(Flags.dict), &Options.Dictionary))
       return 1;

lib/Fuzzer/FuzzerFlags.def

@@ -65,3 +65,6 @@ FUZZER_FLAG_INT(tbm_depth, 5, "Apply at most this number of consecutive"
 FUZZER_FLAG_INT(tbm_width, 5, "Apply at most this number of independent"
                                "trace-based-mutations (tbm)")
 FUZZER_FLAG_STRING(test_single_input, "Use specified file as test input.")
+FUZZER_FLAG_STRING(artifact_prefix, "Write fuzzing artifacts (crash, "
+                                    "timeout, or slow inputs) as "
+                                    "$(artifact_prefix)file")

lib/Fuzzer/FuzzerInternal.h

@@ -90,6 +90,7 @@ class Fuzzer {
     int TBMWidth = 10;
     std::string OutputCorpus;
     std::string SyncCommand;
+    std::string ArtifactPrefix = "./";
     std::vector<std::string> Tokens;
     std::vector<Unit> Dictionary;
   };

lib/Fuzzer/FuzzerLoop.cpp

@@ -236,9 +236,10 @@ void Fuzzer::WriteToOutputCorpus(const Unit &U) {
 }
 
 void Fuzzer::WriteUnitToFileWithPrefix(const Unit &U, const char *Prefix) {
-  std::string Path = Prefix + Hash(U);
+  std::string Path = Options.ArtifactPrefix + Prefix + Hash(U);
   WriteToFile(U, Path);
-  Printf("Test unit written to %s\n", Path.c_str());
+  Printf("artifact_prefix='%s'; Test unit written to %s\n",
+         Options.ArtifactPrefix.c_str(), Path.c_str());
   if (U.size() <= kMaxUnitSizeToPrint) {
     Printf("Base64: ");
     PrintFileAsBase64(Path);

lib/Fuzzer/test/fuzzer.test

@@ -5,17 +5,19 @@ RUN: LLVMFuzzer-SimpleTest -test_single_input=%S/hi.txt 2>&1 | FileCheck %s
 
 RUN: not LLVMFuzzer-InfiniteTest -timeout=2 2>&1 | FileCheck %s --check-prefix=InfiniteTest
 InfiniteTest: ALARM: working on the last Unit for
-InfiniteTest: Test unit written to timeout-
+InfiniteTest: Test unit written to ./timeout-
 
 RUN: LLVMFuzzer-SimpleCmpTest -max_total_time=1 2>&1 | FileCheck %s --check-prefix=MaxTotalTime
 MaxTotalTime: Done {{.*}} runs in {{.}} second(s)
 
 RUN: not LLVMFuzzer-TimeoutTest -timeout=5 2>&1 | FileCheck %s --check-prefix=TimeoutTest
 TimeoutTest: ALARM: working on the last Unit for
-TimeoutTest: Test unit written to timeout-
+TimeoutTest: Test unit written to ./timeout-
 
 RUN: not LLVMFuzzer-NullDerefTest 2>&1 | FileCheck %s --check-prefix=NullDerefTest
-NullDerefTest: Test unit written to crash-
+NullDerefTest: Test unit written to ./crash-
+RUN: not LLVMFuzzer-NullDerefTest  -artifact_prefix=ZZZ 2>&1 | FileCheck %s --check-prefix=NullDerefTestPrefix
+NullDerefTestPrefix: Test unit written to ZZZcrash-
 
 #not LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s