! go test -run=FuzzWithBadExit -fuzz=FuzzWithBadExit -fuzztime=100x -fuzzminimizetime=1000x
stdout 'testdata[/\\]fuzz[/\\]FuzzWithBadExit[/\\]'
-stdout 'unexpectedly'
+stdout '^\s+fuzzing process hung or terminated unexpectedly: exit status'
go run check_testdata.go FuzzWithBadExit
+! go test -run=FuzzDeadlock -fuzz=FuzzDeadlock -fuzztime=100x -fuzzminimizetime=0x
+stdout 'testdata[/\\]fuzz[/\\]FuzzDeadlock[/\\]'
+stdout '^\s+fuzzing process hung or terminated unexpectedly: exit status'
+go run check_testdata.go FuzzDeadlock
+
# Running the fuzzer should find a crashing input quickly for fuzzing two types.
! go test -run=FuzzWithTwoTypes -fuzz=FuzzWithTwoTypes -fuzztime=100x -fuzzminimizetime=1000x
stdout 'testdata[/\\]fuzz[/\\]FuzzWithTwoTypes[/\\]'
})
}
+func FuzzDeadlock(f *testing.F) {
+ f.Add(int(0))
+ f.Fuzz(func(t *testing.T, n int) {
+ if n != 0 {
+ select {}
+ }
+ })
+}
+
func FuzzWithTwoTypes(f *testing.F) {
f.Fuzz(func(t *testing.T, a, b []byte) {
if len(a) > 0 && len(b) > 0 {
"fmt"
"reflect"
"testing"
+ "time"
"unicode"
"unicode/utf8"
)
t.Run(tc.name, func(t *testing.T) {
t.Parallel()
ws := &workerServer{
- fuzzFn: tc.fn,
+ fuzzFn: func(e CorpusEntry) (time.Duration, error) {
+ return time.Second, tc.fn(e)
+ },
}
count := int64(0)
vals := tc.input
// input and a flaky failure occurs, that minimization was not indicated
// to be successful, and the error isn't returned (since it's flaky).
func TestMinimizeFlaky(t *testing.T) {
- ws := &workerServer{fuzzFn: func(e CorpusEntry) error {
- return errors.New("ohno")
+ ws := &workerServer{fuzzFn: func(e CorpusEntry) (time.Duration, error) {
+ return time.Second, errors.New("ohno")
}}
keepCoverage := make([]byte, len(coverageSnapshot))
count := int64(0)
}
// Worker exited non-zero or was terminated by a non-interrupt
// signal (for example, SIGSEGV) while fuzzing.
- return fmt.Errorf("fuzzing process terminated unexpectedly: %w", err)
+ return fmt.Errorf("fuzzing process hung or terminated unexpectedly: %w", err)
// TODO(jayconrod,katiehockman): if -keepfuzzing, restart worker.
case input := <-w.coordinator.inputC:
// Unexpected termination. Set error message and fall through.
// We'll restart the worker on the next iteration.
// Don't attempt to minimize this since it crashed the worker.
- resp.Err = fmt.Sprintf("fuzzing process terminated unexpectedly: %v", w.waitErr)
+ resp.Err = fmt.Sprintf("fuzzing process hung or terminated unexpectedly: %v", w.waitErr)
canMinimize = false
}
result := fuzzResult{
limit: input.limit,
}, nil
}
- return fuzzResult{}, fmt.Errorf("fuzzing process terminated unexpectedly while minimizing: %w", w.waitErr)
+ return fuzzResult{}, fmt.Errorf("fuzzing process hung or terminated unexpectedly while minimizing: %w", w.waitErr)
}
if input.crasherMsg != "" && resp.Err == "" {
}
srv := &workerServer{
workerComm: comm,
- fuzzFn: fn,
- m: newMutator(),
+ fuzzFn: func(e CorpusEntry) (time.Duration, error) {
+ timer := time.AfterFunc(10*time.Second, func() {
+ panic("deadlocked!") // this error message won't be printed
+ })
+ defer timer.Stop()
+ start := time.Now()
+ err := fn(e)
+ return time.Since(start), err
+ },
+ m: newMutator(),
}
return srv.serve(ctx)
}
// coverage is found.
coverageMask []byte
- // fuzzFn runs the worker's fuzz function on the given input and returns
- // an error if it finds a crasher (the process may also exit or crash).
- fuzzFn func(CorpusEntry) error
+ // fuzzFn runs the worker's fuzz target on the given input and returns an
+ // error if it finds a crasher (the process may also exit or crash), and the
+ // time it took to run the input. It sets a deadline of 10 seconds, at which
+ // point it will panic with the assumption that the process is hanging or
+ // deadlocked.
+ fuzzFn func(CorpusEntry) (time.Duration, error)
}
// serve reads serialized RPC messages on fuzzIn. When serve receives a message,
}
fuzzOnce := func(entry CorpusEntry) (dur time.Duration, cov []byte, errMsg string) {
mem.header().count++
- start := time.Now()
- err := ws.fuzzFn(entry)
- dur = time.Since(start)
+ var err error
+ dur, err = ws.fuzzFn(entry)
if err != nil {
errMsg = err.Error()
if errMsg == "" {
// If not, then whatever caused us to think the value was interesting may
// have been a flake, and we can't minimize it.
*count++
- retErr = ws.fuzzFn(CorpusEntry{Values: vals})
+ _, retErr = ws.fuzzFn(CorpusEntry{Values: vals})
if keepCoverage != nil {
if !hasCoverageBit(keepCoverage, coverageSnapshot) || retErr != nil {
return false, nil
panic("impossible")
}
*count++
- err := ws.fuzzFn(CorpusEntry{Values: vals})
+ _, err := ws.fuzzFn(CorpusEntry{Values: vals})
if err != nil {
retErr = err
if keepCoverage != nil {