From df99a270b36fe9f0b8bd43ba05e305fa738d2de6 Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <roland@golang.org>
Date: Wed, 16 Jun 2021 11:10:17 -0700
Subject: [PATCH] [dev.fuzz] testing: capture coverage even if tRunner failed

Call SnapshotCoverage when the fuzzFn panics, or t.Fatal(f) is called.
We currently don't use this coverage for anything, but it is necessary
to allow the coordinator to continue when loading a corpus that contains
an input that causes crashes. We will also probably want this behavior
once we allow the fuzzer to continue after finding a crasher, since the
input used to find one crasher may be a useful input for further
mutation.

Fixes #46633

Change-Id: I40ed5440c88fa354d90a4ff4ae2bf8a19bf3254f
Reviewed-on: https://go-review.googlesource.com/c/go/+/328650
Trust: Roland Shoemaker <roland@golang.org>
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Reviewed-by: Jay Conrod <jayconrod@google.com>
---
 src/testing/fuzz.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/testing/fuzz.go b/src/testing/fuzz.go
index b4c1ffcdd5..fc1212b142 100644
--- a/src/testing/fuzz.go
+++ b/src/testing/fuzz.go
@@ -354,9 +354,13 @@ func (f *F) Fuzz(ff interface{}) {
 			for _, v := range e.Values {
 				args = append(args, reflect.ValueOf(v))
 			}
+			// Before reseting the current coverage, defer the snapshot so that we
+			// make sure it is called right before the tRunner function exits,
+			// regardless of whether it was executed cleanly, panicked, or if the
+			// fuzzFn called t.Fatal.
+			defer f.fuzzContext.snapshotCoverage()
 			f.fuzzContext.resetCoverage()
 			fn.Call(args)
-			f.fuzzContext.snapshotCoverage()
 		})
 		<-t.signal
 		f.inFuzzFn = false
-- 
2.50.0