[libFuzzer] disable leak detection if we have tried it for 1000 times w/o finding a leak

llvm-svn: 267770

lib/Fuzzer/FuzzerInternal.h

@@ -401,6 +401,7 @@ private:
   size_t NumberOfNewUnitsAdded = 0;
 
   bool HasMoreMallocsThanFrees = false;
+  size_t NumberOfLeakDetectionAttempts = 0;
 
   std::vector<Unit> Corpus;
   std::unordered_set<std::string> UnitHashesAddedToCorpus;

lib/Fuzzer/FuzzerLoop.cpp

@@ -557,6 +557,15 @@ void Fuzzer::TryDetectingAMemoryLeak(uint8_t *Data, size_t Size) {
   RunOneAndUpdateCorpus(Data, Size);
   __lsan_enable();
   if (!HasMoreMallocsThanFrees) return;  // a leak is unlikely.
+  if (NumberOfLeakDetectionAttempts++ > 1000) {
+    Options.DetectLeaks = false;
+    Printf("INFO: libFuzzer disabled leak detection after every mutation.\n"
+           "      Most likely the target function accumulates allocated\n"
+           "      memory in a global state w/o actually leaking it.\n"
+           "      If LeakSanitizer is enabled in this process it will still\n"
+           "      run on the process shutdown.\n");
+    return;
+  }
   // Now perform the actual lsan pass. This is expensive and we must ensure
   // we don't call it too often.
   if (__lsan_do_recoverable_leak_check()) {  // Leak is found, report it.

lib/Fuzzer/test/AccumulateAllocationsTest.cpp

@@ -0,0 +1,17 @@
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+
+// Test with a more mallocs than frees, but no leak.
+#include <cstdint>
+#include <cstddef>
+
+const int kAllocatedPointersSize = 10000;
+int NumAllocatedPointers = 0;
+int *AllocatedPointers[kAllocatedPointersSize];
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (NumAllocatedPointers < kAllocatedPointersSize)
+    AllocatedPointers[NumAllocatedPointers++] = new int;
+  return 0;
+}
+

lib/Fuzzer/test/CMakeLists.txt

@@ -13,6 +13,7 @@ set(DFSanTests
   )
 
 set(Tests
+  AccumulateAllocationsTest
   BufferOverflowOnInput
   CallerCalleeTest
   CounterTest