From 470dc9637d4f767d38502b812bea863ea68beeec Mon Sep 17 00:00:00 2001 From: Kostya Serebryany Date: Fri, 1 Dec 2017 19:18:38 +0000 Subject: [libFuzzer] add an experimental search heuristic flag -reduce_depth git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319571 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/fuzzer/FuzzerLoop.cpp | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'lib/fuzzer/FuzzerLoop.cpp') diff --git a/lib/fuzzer/FuzzerLoop.cpp b/lib/fuzzer/FuzzerLoop.cpp index 81e609e33..51d37c3ee 100644 --- a/lib/fuzzer/FuzzerLoop.cpp +++ b/lib/fuzzer/FuzzerLoop.cpp @@ -433,7 +433,7 @@ void Fuzzer::PrintPulseAndReportSlowInput(const uint8_t *Data, size_t Size) { } bool Fuzzer::RunOne(const uint8_t *Data, size_t Size, bool MayDeleteFile, - InputInfo *II) { + InputInfo *II, bool *FoundUniqFeatures) { if (!Size) return false; @@ -451,6 +451,8 @@ bool Fuzzer::RunOne(const uint8_t *Data, size_t Size, bool MayDeleteFile, II->UniqFeatureSet.end(), Feature)) FoundUniqFeaturesOfII++; }); + if (FoundUniqFeatures) + *FoundUniqFeatures = FoundUniqFeaturesOfII; PrintPulseAndReportSlowInput(Data, Size); size_t NumNewFeatures = Corpus.NumFeatureUpdates() - NumUpdatesBefore; if (NumNewFeatures) { @@ -642,11 +644,18 @@ void Fuzzer::MutateAndTestOne() { Size = NewSize; II.NumExecutedMutations++; - bool NewCov = RunOne(CurrentUnitData, Size, /*MayDeleteFile=*/true, &II); + bool FoundUniqFeatures = false; + bool NewCov = RunOne(CurrentUnitData, Size, /*MayDeleteFile=*/true, &II, + &FoundUniqFeatures); + // Printf("FUF[%d] %d\n", i, FoundUniqFeatures); TryDetectingAMemoryLeak(CurrentUnitData, Size, /*DuringInitialCorpusExecution*/ false); - if (NewCov) + if (NewCov) { ReportNewCoverage(&II, {CurrentUnitData, CurrentUnitData + Size}); + break; // We will mutate this input more in the next rounds. + } + if (Options.ReduceDepth && !FoundUniqFeatures) + break; } } -- cgit v1.2.3