diff options
Diffstat (limited to 'lib/fuzzer')
| -rw-r--r-- | lib/fuzzer/FuzzerDriver.cpp | 2 | ||||
| -rw-r--r-- | lib/fuzzer/FuzzerFlags.def | 5 | ||||
| -rw-r--r-- | lib/fuzzer/FuzzerLoop.cpp | 6 | ||||
| -rw-r--r-- | lib/fuzzer/FuzzerOptions.h | 2 |
4 files changed, 9 insertions, 6 deletions
diff --git a/lib/fuzzer/FuzzerDriver.cpp b/lib/fuzzer/FuzzerDriver.cpp index f6b642dae..516b0038f 100644 --- a/lib/fuzzer/FuzzerDriver.cpp +++ b/lib/fuzzer/FuzzerDriver.cpp @@ -567,7 +567,7 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) { FuzzingOptions Options; Options.Verbosity = Flags.verbosity; Options.MaxLen = Flags.max_len; - Options.ExperimentalLenControl = Flags.experimental_len_control; + Options.LenControl = Flags.len_control; Options.UnitTimeoutSec = Flags.timeout; Options.ErrorExitCode = Flags.error_exitcode; Options.TimeoutExitCode = Flags.timeout_exitcode; diff --git a/lib/fuzzer/FuzzerFlags.def b/lib/fuzzer/FuzzerFlags.def index a32102a7d..7e722f415 100644 --- a/lib/fuzzer/FuzzerFlags.def +++ b/lib/fuzzer/FuzzerFlags.def @@ -17,7 +17,10 @@ FUZZER_FLAG_INT(runs, -1, FUZZER_FLAG_INT(max_len, 0, "Maximum length of the test input. " "If 0, libFuzzer tries to guess a good value based on the corpus " "and reports it. ") -FUZZER_FLAG_INT(experimental_len_control, 0, "experimental flag") +FUZZER_FLAG_INT(len_control, 1000, "Try generating small inputs first, " + "then try larger inputs over time. Specifies the rate at which the length " + "limit is increased (smaller == faster). If 0, immediately try inputs with " + "size up to max_len.") FUZZER_FLAG_INT(cross_over, 1, "If 1, cross over inputs.") FUZZER_FLAG_INT(mutate_depth, 5, "Apply this number of consecutive mutations to each input.") diff --git a/lib/fuzzer/FuzzerLoop.cpp b/lib/fuzzer/FuzzerLoop.cpp index 7366f69ff..7a3ce341f 100644 --- a/lib/fuzzer/FuzzerLoop.cpp +++ b/lib/fuzzer/FuzzerLoop.cpp @@ -755,15 +755,15 @@ void Fuzzer::Loop(const Vector<std::string> &CorpusDirs) { break; // Update TmpMaxMutationLen - if (Options.ExperimentalLenControl) { + if (Options.LenControl) { if (TmpMaxMutationLen < MaxMutationLen && TotalNumberOfRuns - LastCorpusUpdateRun > - Options.ExperimentalLenControl * Log(TmpMaxMutationLen)) { + Options.LenControl * Log(TmpMaxMutationLen)) { TmpMaxMutationLen = Min(MaxMutationLen, TmpMaxMutationLen + Log(TmpMaxMutationLen)); if (TmpMaxMutationLen <= MaxMutationLen) Printf("#%zd\tTEMP_MAX_LEN: %zd (%zd %zd)\n", TotalNumberOfRuns, - TmpMaxMutationLen, Options.ExperimentalLenControl, + TmpMaxMutationLen, Options.LenControl, LastCorpusUpdateRun); LastCorpusUpdateRun = TotalNumberOfRuns; } diff --git a/lib/fuzzer/FuzzerOptions.h b/lib/fuzzer/FuzzerOptions.h index 15a378020..cedf7f37e 100644 --- a/lib/fuzzer/FuzzerOptions.h +++ b/lib/fuzzer/FuzzerOptions.h @@ -18,7 +18,7 @@ namespace fuzzer { struct FuzzingOptions { int Verbosity = 1; size_t MaxLen = 0; - size_t ExperimentalLenControl = 0; + size_t LenControl = 1000; int UnitTimeoutSec = 300; int TimeoutExitCode = 77; int ErrorExitCode = 77; |