diff options
author | Kostya Serebryany <kcc@google.com> | 2017-12-08 22:21:42 +0000 |
---|---|---|
committer | Kostya Serebryany <kcc@google.com> | 2017-12-08 22:21:42 +0000 |
commit | 741ec2c3c00cd768151fc4cfc37d4e4d43c9f58b (patch) | |
tree | d65178a2c617e9f00694244196b3a2468cc29fb6 /lib | |
parent | e192b547369508e2fedc3eab8ac473d3ee158443 (diff) |
[libFuzzer] honor -use_counters, sligntly change the meaning of -experimental_len_control, call UpdateFeatureFrequency only if instructed by the flag
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@320205 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib')
-rw-r--r-- | lib/fuzzer/FuzzerLoop.cpp | 11 | ||||
-rw-r--r-- | lib/fuzzer/FuzzerOptions.h | 2 | ||||
-rw-r--r-- | lib/fuzzer/FuzzerTracePC.h | 13 |
3 files changed, 18 insertions, 8 deletions
diff --git a/lib/fuzzer/FuzzerLoop.cpp b/lib/fuzzer/FuzzerLoop.cpp index f0de940e0..6ed48e08b 100644 --- a/lib/fuzzer/FuzzerLoop.cpp +++ b/lib/fuzzer/FuzzerLoop.cpp @@ -443,7 +443,8 @@ bool Fuzzer::RunOne(const uint8_t *Data, size_t Size, bool MayDeleteFile, size_t FoundUniqFeaturesOfII = 0; size_t NumUpdatesBefore = Corpus.NumFeatureUpdates(); TPC.CollectFeatures([&](size_t Feature) { - Corpus.UpdateFeatureFrequency(Feature); + if (Options.UseFeatureFrequency) + Corpus.UpdateFeatureFrequency(Feature); if (Corpus.AddFeature(Feature, Size, Options.Shrink)) UniqFeatureSetTmp.push_back(Feature); if (Options.ReduceInputs && II) @@ -757,7 +758,8 @@ void Fuzzer::Loop(const Vector<std::string> &CorpusDirs) { // Update TmpMaxMutationLen if (Options.ExperimentalLenControl) { if (TmpMaxMutationLen < MaxMutationLen && - (TotalNumberOfRuns - LastCorpusUpdateRun > 1000 && + (TotalNumberOfRuns - LastCorpusUpdateRun > + Options.ExperimentalLenControl && duration_cast<seconds>(Now - LastCorpusUpdateTime).count() >= 1)) { LastCorpusUpdateRun = TotalNumberOfRuns; LastCorpusUpdateTime = Now; @@ -765,8 +767,9 @@ void Fuzzer::Loop(const Vector<std::string> &CorpusDirs) { Min(MaxMutationLen, TmpMaxMutationLen + Max(size_t(4), TmpMaxMutationLen / 8)); if (TmpMaxMutationLen <= MaxMutationLen) - Printf("#%zd\tTEMP_MAX_LEN: %zd\n", TotalNumberOfRuns, - TmpMaxMutationLen); + Printf("#%zd\tTEMP_MAX_LEN: %zd (%zd %zd)\n", TotalNumberOfRuns, + TmpMaxMutationLen, Options.ExperimentalLenControl, + LastCorpusUpdateRun); } } else { TmpMaxMutationLen = MaxMutationLen; diff --git a/lib/fuzzer/FuzzerOptions.h b/lib/fuzzer/FuzzerOptions.h index 31e1a4de7..15a378020 100644 --- a/lib/fuzzer/FuzzerOptions.h +++ b/lib/fuzzer/FuzzerOptions.h @@ -18,7 +18,7 @@ namespace fuzzer { struct FuzzingOptions { int Verbosity = 1; size_t MaxLen = 0; - bool ExperimentalLenControl = false; + size_t ExperimentalLenControl = 0; int UnitTimeoutSec = 300; int TimeoutExitCode = 77; int ErrorExitCode = 77; diff --git a/lib/fuzzer/FuzzerTracePC.h b/lib/fuzzer/FuzzerTracePC.h index 9df3d817d..f3bb41e42 100644 --- a/lib/fuzzer/FuzzerTracePC.h +++ b/lib/fuzzer/FuzzerTracePC.h @@ -230,7 +230,10 @@ void TracePC::CollectFeatures(Callback HandleFeature) const { size_t N = GetNumPCs(); auto Handle8bitCounter = [&](size_t FirstFeature, size_t Idx, uint8_t Counter) { - HandleFeature(FirstFeature + Idx * 8 + CounterToFeature(Counter)); + if (UseCounters) + HandleFeature(FirstFeature + Idx * 8 + CounterToFeature(Counter)); + else + HandleFeature(FirstFeature + Idx); }; size_t FirstFeature = 0; @@ -251,8 +254,12 @@ void TracePC::CollectFeatures(Callback HandleFeature) const { if (size_t NumClangCounters = ClangCountersEnd() - ClangCountersBegin()) { auto P = ClangCountersBegin(); for (size_t Idx = 0; Idx < NumClangCounters; Idx++) - if (auto Cnt = P[Idx]) - HandleFeature(FirstFeature + Idx * 8 + CounterToFeature(Cnt)); + if (auto Cnt = P[Idx]) { + if (UseCounters) + HandleFeature(FirstFeature + Idx * 8 + CounterToFeature(Cnt)); + else + HandleFeature(FirstFeature + Idx); + } FirstFeature += NumClangCounters; } |