From 741ec2c3c00cd768151fc4cfc37d4e4d43c9f58b Mon Sep 17 00:00:00 2001 From: Kostya Serebryany Date: Fri, 8 Dec 2017 22:21:42 +0000 Subject: [libFuzzer] honor -use_counters, sligntly change the meaning of -experimental_len_control, call UpdateFeatureFrequency only if instructed by the flag git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@320205 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/fuzzer/FuzzerLoop.cpp | 11 +++++++---- lib/fuzzer/FuzzerOptions.h | 2 +- lib/fuzzer/FuzzerTracePC.h | 13 ++++++++++--- 3 files changed, 18 insertions(+), 8 deletions(-) (limited to 'lib') diff --git a/lib/fuzzer/FuzzerLoop.cpp b/lib/fuzzer/FuzzerLoop.cpp index f0de940e0..6ed48e08b 100644 --- a/lib/fuzzer/FuzzerLoop.cpp +++ b/lib/fuzzer/FuzzerLoop.cpp @@ -443,7 +443,8 @@ bool Fuzzer::RunOne(const uint8_t *Data, size_t Size, bool MayDeleteFile, size_t FoundUniqFeaturesOfII = 0; size_t NumUpdatesBefore = Corpus.NumFeatureUpdates(); TPC.CollectFeatures([&](size_t Feature) { - Corpus.UpdateFeatureFrequency(Feature); + if (Options.UseFeatureFrequency) + Corpus.UpdateFeatureFrequency(Feature); if (Corpus.AddFeature(Feature, Size, Options.Shrink)) UniqFeatureSetTmp.push_back(Feature); if (Options.ReduceInputs && II) @@ -757,7 +758,8 @@ void Fuzzer::Loop(const Vector &CorpusDirs) { // Update TmpMaxMutationLen if (Options.ExperimentalLenControl) { if (TmpMaxMutationLen < MaxMutationLen && - (TotalNumberOfRuns - LastCorpusUpdateRun > 1000 && + (TotalNumberOfRuns - LastCorpusUpdateRun > + Options.ExperimentalLenControl && duration_cast(Now - LastCorpusUpdateTime).count() >= 1)) { LastCorpusUpdateRun = TotalNumberOfRuns; LastCorpusUpdateTime = Now; @@ -765,8 +767,9 @@ void Fuzzer::Loop(const Vector &CorpusDirs) { Min(MaxMutationLen, TmpMaxMutationLen + Max(size_t(4), TmpMaxMutationLen / 8)); if (TmpMaxMutationLen <= MaxMutationLen) - Printf("#%zd\tTEMP_MAX_LEN: %zd\n", TotalNumberOfRuns, - TmpMaxMutationLen); + Printf("#%zd\tTEMP_MAX_LEN: %zd (%zd %zd)\n", TotalNumberOfRuns, + TmpMaxMutationLen, Options.ExperimentalLenControl, + LastCorpusUpdateRun); } } else { TmpMaxMutationLen = MaxMutationLen; diff --git a/lib/fuzzer/FuzzerOptions.h b/lib/fuzzer/FuzzerOptions.h index 31e1a4de7..15a378020 100644 --- a/lib/fuzzer/FuzzerOptions.h +++ b/lib/fuzzer/FuzzerOptions.h @@ -18,7 +18,7 @@ namespace fuzzer { struct FuzzingOptions { int Verbosity = 1; size_t MaxLen = 0; - bool ExperimentalLenControl = false; + size_t ExperimentalLenControl = 0; int UnitTimeoutSec = 300; int TimeoutExitCode = 77; int ErrorExitCode = 77; diff --git a/lib/fuzzer/FuzzerTracePC.h b/lib/fuzzer/FuzzerTracePC.h index 9df3d817d..f3bb41e42 100644 --- a/lib/fuzzer/FuzzerTracePC.h +++ b/lib/fuzzer/FuzzerTracePC.h @@ -230,7 +230,10 @@ void TracePC::CollectFeatures(Callback HandleFeature) const { size_t N = GetNumPCs(); auto Handle8bitCounter = [&](size_t FirstFeature, size_t Idx, uint8_t Counter) { - HandleFeature(FirstFeature + Idx * 8 + CounterToFeature(Counter)); + if (UseCounters) + HandleFeature(FirstFeature + Idx * 8 + CounterToFeature(Counter)); + else + HandleFeature(FirstFeature + Idx); }; size_t FirstFeature = 0; @@ -251,8 +254,12 @@ void TracePC::CollectFeatures(Callback HandleFeature) const { if (size_t NumClangCounters = ClangCountersEnd() - ClangCountersBegin()) { auto P = ClangCountersBegin(); for (size_t Idx = 0; Idx < NumClangCounters; Idx++) - if (auto Cnt = P[Idx]) - HandleFeature(FirstFeature + Idx * 8 + CounterToFeature(Cnt)); + if (auto Cnt = P[Idx]) { + if (UseCounters) + HandleFeature(FirstFeature + Idx * 8 + CounterToFeature(Cnt)); + else + HandleFeature(FirstFeature + Idx); + } FirstFeature += NumClangCounters; } -- cgit v1.2.3