libFuzzer's runtime argument -stop_file doesn't work with -fork

[markszabo]

libFuzzer's a runtime argument -stop-file doesn't work when used with -fork. Here is the description of the two flags:

fork:      "Experimental mode where fuzzing happens in a subprocess"
stop_file: "Stop fuzzing ASAP if this file exists"

When using the two flags together, fuzzing continues even after stop-file is created.

Steps to reproduce

1. Create a simple fuzz test, e.g.

   #include <fuzzer/FuzzedDataProvider.h>
   #include <assert.h>
   
   extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
   {
       FuzzedDataProvider provider(data, size);
       int a = provider.ConsumeIntegral<int>();
       int b = provider.ConsumeIntegral<int>();
   
       assert(a+b == b+a);
   
       return 0;
   }

   Save it as test.cpp

2. Compile the test

   clang++ -g -fsanitize=address,fuzzer test.cpp -o test

3. Run the resulting binary with the -stop_file argument:

   ./test -fork=2 -stop_file=/tmp/stop-file

   I recommend also adding the -max_total_time=20 flag, as in fork mode fuzzing can't be stopped with Ctrl+C and otherwise will continue until the process is killed - or a crash is found.

4. In a separate terminal create the stop-file (with some content, see libFuzzer's runtime argument -stop_file doesn't work with empty files #72334):

   echo abc > /tmp/stop-file

   Observe that the fuzzing run continues.

5. Stop fuzzing, then start it without the -fork argument:

   rm /tmp/stop-file
   ./test -stop_file=/tmp/stop-file

6. In a separate terminal create the stop-file:

   echo abc > /tmp/stop-file

   Observe that the fuzzing stops quickly with a message like Done 5036370 runs in 21 second(s).

Expected behavior

Fuzzing should stop even when running with -fork.