From f0969cefc0c878a42ea745e85cdf9226c06e4d30 Mon Sep 17 00:00:00 2001 From: Filip Niksic Date: Mon, 11 Nov 2024 12:00:59 -0800 Subject: [PATCH] Ensure that the Centipede runner writes the failure atomically and only once. The atomicity is needed because the function `WriteFailureDescription()` may be called from multiple threads: from the main thread, e.g. for a GoogleTest assertion failure, and from the watchdog thread, e.g. for an OOM. The function should write the failure only once because for failures like stack overflow, it gets called twice: the first time for the stack overflow itself, and the second time from the SIGABRT handler handling the abort that follows the detected stack overflow. PiperOrigin-RevId: 695434225 --- centipede/runner.cc | 34 +++++++++++-------- e2e_tests/corpus_database_test.cc | 12 ++++++- .../fuzz_tests_for_corpus_database_testing.cc | 18 ++++++++++ 3 files changed, 48 insertions(+), 16 deletions(-) diff --git a/centipede/runner.cc b/centipede/runner.cc index 83b87333..8b8065d9 100644 --- a/centipede/runner.cc +++ b/centipede/runner.cc @@ -104,21 +104,25 @@ __thread ThreadLocalRunnerState tls; static void WriteFailureDescription(const char *description) { // TODO(b/264715830): Remove I/O error logging once the bug is fixed? if (state.failure_description_path == nullptr) return; - FILE *f = fopen(state.failure_description_path, "w"); - if (f == nullptr) { - perror("FAILURE: fopen()"); - return; - } - const auto len = strlen(description); - if (fwrite(description, 1, len, f) != len) { - perror("FAILURE: fwrite()"); - } - if (fflush(f) != 0) { - perror("FAILURE: fflush()"); - } - if (fclose(f) != 0) { - perror("FAILURE: fclose()"); - } + // Make sure that the write is atomic and only happens once. + [[maybe_unused]] static int write_once = [=] { + FILE *f = fopen(state.failure_description_path, "w"); + if (f == nullptr) { + perror("FAILURE: fopen()"); + return 0; + } + const auto len = strlen(description); + if (fwrite(description, 1, len, f) != len) { + perror("FAILURE: fwrite()"); + } + if (fflush(f) != 0) { + perror("FAILURE: fflush()"); + } + if (fclose(f) != 0) { + perror("FAILURE: fclose()"); + } + return 0; + }(); } void ThreadLocalRunnerState::TraceMemCmp(uintptr_t caller_pc, const uint8_t *s1, diff --git a/e2e_tests/corpus_database_test.cc b/e2e_tests/corpus_database_test.cc index ed01e875..0e78ae60 100644 --- a/e2e_tests/corpus_database_test.cc +++ b/e2e_tests/corpus_database_test.cc @@ -27,6 +27,7 @@ namespace fuzztest::internal { namespace { +using ::testing::ContainsRegex; using ::testing::HasSubstr; class UpdateCorpusDatabaseTest : public testing::Test { @@ -88,7 +89,8 @@ absl::NoDestructor UpdateCorpusDatabaseTest::centipede_std_err_{}; TEST_F(UpdateCorpusDatabaseTest, RunsFuzzTests) { EXPECT_THAT(GetCentipedeStdErr(), - HasSubstr("Fuzzing FuzzTest.FailsInTwoWays")); + AllOf(HasSubstr("Fuzzing FuzzTest.FailsInTwoWays"), + HasSubstr("Fuzzing FuzzTest.FailsWithStackOverflow"))); } TEST_F(UpdateCorpusDatabaseTest, UsesMultipleShardsForFuzzingAndDistillation) { @@ -99,5 +101,13 @@ TEST_F(UpdateCorpusDatabaseTest, UsesMultipleShardsForFuzzingAndDistillation) { HasSubstr("DISTILL[S.1]: Distilling to output shard 1"))); } +TEST_F(UpdateCorpusDatabaseTest, FindsAllCrashes) { + EXPECT_THAT( + GetCentipedeStdErr(), + AllOf(ContainsRegex(R"re(Failure\s*: GoogleTest assertion failure)re"), + ContainsRegex(R"re(Failure\s*: heap-buffer-overflow)re"), + ContainsRegex(R"re(Failure\s*: stack-limit-exceeded)re"))); +} + } // namespace } // namespace fuzztest::internal diff --git a/e2e_tests/testdata/fuzz_tests_for_corpus_database_testing.cc b/e2e_tests/testdata/fuzz_tests_for_corpus_database_testing.cc index a2e1359e..8d97055a 100644 --- a/e2e_tests/testdata/fuzz_tests_for_corpus_database_testing.cc +++ b/e2e_tests/testdata/fuzz_tests_for_corpus_database_testing.cc @@ -12,6 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. +#include + #include "gtest/gtest.h" #include "./fuzztest/fuzztest.h" @@ -29,4 +31,20 @@ void FailsInTwoWays(const std::vector& v) { } FUZZ_TEST(FuzzTest, FailsInTwoWays); +int ReachStackOverflow(int n) { + // Use volatile to prevent the compiler from inlining the recursion. + volatile auto f = ReachStackOverflow; + return n > 0 ? 1 + f(n - 1) : 0; +} + +// Stack frame consists of at least one word. +constexpr size_t kStackFrameSizeLowerBound = sizeof(void*); +// Default stack limit is 128 KiB. +constexpr int kDepthToReachStackOverflow = + 128 * 1024 / kStackFrameSizeLowerBound; + +void FailsWithStackOverflow(int n) { ReachStackOverflow(n); } +FUZZ_TEST(FuzzTest, FailsWithStackOverflow) + .WithDomains(fuzztest::Just(kDepthToReachStackOverflow)); + } // namespace