summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/fuzzer/FuzzerLoop.cpp11
-rw-r--r--lib/fuzzer/FuzzerOptions.h2
-rw-r--r--lib/fuzzer/FuzzerTracePC.h13
3 files changed, 18 insertions, 8 deletions
diff --git a/lib/fuzzer/FuzzerLoop.cpp b/lib/fuzzer/FuzzerLoop.cpp
index f0de940e0..6ed48e08b 100644
--- a/lib/fuzzer/FuzzerLoop.cpp
+++ b/lib/fuzzer/FuzzerLoop.cpp
@@ -443,7 +443,8 @@ bool Fuzzer::RunOne(const uint8_t *Data, size_t Size, bool MayDeleteFile,
size_t FoundUniqFeaturesOfII = 0;
size_t NumUpdatesBefore = Corpus.NumFeatureUpdates();
TPC.CollectFeatures([&](size_t Feature) {
- Corpus.UpdateFeatureFrequency(Feature);
+ if (Options.UseFeatureFrequency)
+ Corpus.UpdateFeatureFrequency(Feature);
if (Corpus.AddFeature(Feature, Size, Options.Shrink))
UniqFeatureSetTmp.push_back(Feature);
if (Options.ReduceInputs && II)
@@ -757,7 +758,8 @@ void Fuzzer::Loop(const Vector<std::string> &CorpusDirs) {
// Update TmpMaxMutationLen
if (Options.ExperimentalLenControl) {
if (TmpMaxMutationLen < MaxMutationLen &&
- (TotalNumberOfRuns - LastCorpusUpdateRun > 1000 &&
+ (TotalNumberOfRuns - LastCorpusUpdateRun >
+ Options.ExperimentalLenControl &&
duration_cast<seconds>(Now - LastCorpusUpdateTime).count() >= 1)) {
LastCorpusUpdateRun = TotalNumberOfRuns;
LastCorpusUpdateTime = Now;
@@ -765,8 +767,9 @@ void Fuzzer::Loop(const Vector<std::string> &CorpusDirs) {
Min(MaxMutationLen,
TmpMaxMutationLen + Max(size_t(4), TmpMaxMutationLen / 8));
if (TmpMaxMutationLen <= MaxMutationLen)
- Printf("#%zd\tTEMP_MAX_LEN: %zd\n", TotalNumberOfRuns,
- TmpMaxMutationLen);
+ Printf("#%zd\tTEMP_MAX_LEN: %zd (%zd %zd)\n", TotalNumberOfRuns,
+ TmpMaxMutationLen, Options.ExperimentalLenControl,
+ LastCorpusUpdateRun);
}
} else {
TmpMaxMutationLen = MaxMutationLen;
diff --git a/lib/fuzzer/FuzzerOptions.h b/lib/fuzzer/FuzzerOptions.h
index 31e1a4de7..15a378020 100644
--- a/lib/fuzzer/FuzzerOptions.h
+++ b/lib/fuzzer/FuzzerOptions.h
@@ -18,7 +18,7 @@ namespace fuzzer {
struct FuzzingOptions {
int Verbosity = 1;
size_t MaxLen = 0;
- bool ExperimentalLenControl = false;
+ size_t ExperimentalLenControl = 0;
int UnitTimeoutSec = 300;
int TimeoutExitCode = 77;
int ErrorExitCode = 77;
diff --git a/lib/fuzzer/FuzzerTracePC.h b/lib/fuzzer/FuzzerTracePC.h
index 9df3d817d..f3bb41e42 100644
--- a/lib/fuzzer/FuzzerTracePC.h
+++ b/lib/fuzzer/FuzzerTracePC.h
@@ -230,7 +230,10 @@ void TracePC::CollectFeatures(Callback HandleFeature) const {
size_t N = GetNumPCs();
auto Handle8bitCounter = [&](size_t FirstFeature,
size_t Idx, uint8_t Counter) {
- HandleFeature(FirstFeature + Idx * 8 + CounterToFeature(Counter));
+ if (UseCounters)
+ HandleFeature(FirstFeature + Idx * 8 + CounterToFeature(Counter));
+ else
+ HandleFeature(FirstFeature + Idx);
};
size_t FirstFeature = 0;
@@ -251,8 +254,12 @@ void TracePC::CollectFeatures(Callback HandleFeature) const {
if (size_t NumClangCounters = ClangCountersEnd() - ClangCountersBegin()) {
auto P = ClangCountersBegin();
for (size_t Idx = 0; Idx < NumClangCounters; Idx++)
- if (auto Cnt = P[Idx])
- HandleFeature(FirstFeature + Idx * 8 + CounterToFeature(Cnt));
+ if (auto Cnt = P[Idx]) {
+ if (UseCounters)
+ HandleFeature(FirstFeature + Idx * 8 + CounterToFeature(Cnt));
+ else
+ HandleFeature(FirstFeature + Idx);
+ }
FirstFeature += NumClangCounters;
}