[compiler-rt][libFuzzer] Add support for capturing SIGTRAP exits.

Swift's FatalError raises a SIGTRAP, which currently causes the fuzzer to exit without writing out the crashing input.

Author: DanBlackwell

compiler-rt/lib/fuzzer/FuzzerDriver.cpp

@@ -834,6 +834,7 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {
   Options.HandleInt = Flags.handle_int;
   Options.HandleSegv = Flags.handle_segv;
   Options.HandleTerm = Flags.handle_term;
+  Options.HandleTrap = Flags.handle_trap;
   Options.HandleXfsz = Flags.handle_xfsz;
   Options.HandleUsr1 = Flags.handle_usr1;
   Options.HandleUsr2 = Flags.handle_usr2;

compiler-rt/lib/fuzzer/FuzzerFlags.def

@@ -152,6 +152,7 @@ FUZZER_FLAG_INT(handle_ill, 1, "If 1, try to intercept SIGILL.")
 FUZZER_FLAG_INT(handle_fpe, 1, "If 1, try to intercept SIGFPE.")
 FUZZER_FLAG_INT(handle_int, 1, "If 1, try to intercept SIGINT.")
 FUZZER_FLAG_INT(handle_term, 1, "If 1, try to intercept SIGTERM.")
+FUZZER_FLAG_INT(handle_trap, 1, "If 1, try to intercept SIGTRAP.")
 FUZZER_FLAG_INT(handle_xfsz, 1, "If 1, try to intercept SIGXFSZ.")
 FUZZER_FLAG_INT(handle_usr1, 1, "If 1, try to intercept SIGUSR1.")
 FUZZER_FLAG_INT(handle_usr2, 1, "If 1, try to intercept SIGUSR2.")

compiler-rt/lib/fuzzer/FuzzerOptions.h

@@ -82,6 +82,7 @@ struct FuzzingOptions {
   bool HandleInt = false;
   bool HandleSegv = false;
   bool HandleTerm = false;
+  bool HandleTrap = false;
   bool HandleXfsz = false;
   bool HandleUsr1 = false;
   bool HandleUsr2 = false;

compiler-rt/lib/fuzzer/FuzzerUtilFuchsia.cpp

@@ -410,7 +410,7 @@ void SetSignalHandler(const FuzzingOptions &Options) {
 
   // Early exit if no crash handler needed.
   if (!Options.HandleSegv && !Options.HandleBus && !Options.HandleIll &&
-      !Options.HandleFpe && !Options.HandleAbrt)
+      !Options.HandleFpe && !Options.HandleAbrt && !Options.HandleTrap)
     return;
 
   // Set up the crash handler and wait until it is ready before proceeding.

compiler-rt/lib/fuzzer/FuzzerUtilPosix.cpp

@@ -132,6 +132,8 @@ void SetSignalHandler(const FuzzingOptions& Options) {
     SetSigaction(SIGILL, CrashHandler);
   if (Options.HandleFpe)
     SetSigaction(SIGFPE, CrashHandler);
+  if (Options.HandleTrap)
+    SetSigaction(SIGTRAP, CrashHandler);
   if (Options.HandleXfsz)
     SetSigaction(SIGXFSZ, FileSizeExceedHandler);
   if (Options.HandleUsr1)

compiler-rt/test/fuzzer/SimpleTest.cpp

@@ -9,6 +9,9 @@
 #include <cstdlib>
 #include <iostream>
 #include <ostream>
+#ifdef SIGTRAP_TEST
+#  include <signal.h>
+#endif
 
 static volatile int Sink;
 
@@ -20,7 +23,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
       Sink = 2;
       if (Size > 2 && Data[2] == '!') {
         std::cout << "BINGO; Found the target, exiting\n" << std::flush;
+#ifdef SIGTRAP_TEST
+        raise(SIGTRAP);
+#else
         exit(0);
+#endif
       }
     }
   }

compiler-rt/test/fuzzer/sig-trap.test

@@ -0,0 +1,7 @@
+RUN: %cpp_compiler %S/SimpleTest.cpp -DSIGTRAP_TEST -o %t-SigTrapTest
+
+RUN: not %run %t-SigTrapTest            2>&1 | FileCheck %s
+CHECK: BINGO
+CHECK: ERROR: libFuzzer: deadly signal
+
+RUN: trap "%run %t-SigTrapTest -handle_trap=0" TRAP