From 79e8f0553763406c5767f071a78d3ed5bff066af Mon Sep 17 00:00:00 2001 From: Max Moroz Date: Mon, 16 Jul 2018 14:54:23 +0000 Subject: [libFuzzer] Implement stat::stability_rate based on the percentage of unstable edges. Summary: Created a -print_unstable_stats flag. When -print_unstable_stats=1, we run it 2 more times on interesting inputs poisoning unstable edges in an array. On program termination, we run PrintUnstableStats() which will print a line with a stability percentage like AFL does. Patch by Kyungtak Woo (@kevinwkt). Reviewers: metzman, Dor1s, kcc, morehouse Reviewed By: metzman, Dor1s, morehouse Subscribers: delcypher, llvm-commits, #sanitizers, kcc, morehouse, Dor1s Differential Revision: https://reviews.llvm.org/D49212 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@337175 91177308-0d34-0410-b5e6-96231b3b80d8 --- test/fuzzer/PrintUnstableStatsTest.cpp | 69 ++++++++++++++++++++++++++++++++++ test/fuzzer/print_unstable_stats.test | 3 ++ 2 files changed, 72 insertions(+) create mode 100644 test/fuzzer/PrintUnstableStatsTest.cpp create mode 100644 test/fuzzer/print_unstable_stats.test (limited to 'test') diff --git a/test/fuzzer/PrintUnstableStatsTest.cpp b/test/fuzzer/PrintUnstableStatsTest.cpp new file mode 100644 index 000000000..078eb4c3d --- /dev/null +++ b/test/fuzzer/PrintUnstableStatsTest.cpp @@ -0,0 +1,69 @@ +#include +#include +#include +#include + +int x = 0; +bool skip0 = false; +bool skip1 = false; +bool skip2 = false; + +__attribute__((noinline)) void det0() { x++; } +__attribute__((noinline)) void det1() { x++; } +__attribute__((noinline)) void det2() { x++; } +__attribute__((noinline)) void det3() { x++; } +__attribute__((noinline)) void det4() { x++; } + +__attribute__((noinline)) void ini0() { x++; } +__attribute__((noinline)) void ini1() { x++; } +__attribute__((noinline)) void ini2() { x++; } + +__attribute__((noinline)) void t0() { x++; } +__attribute__((noinline)) void t1() { x++; } +__attribute__((noinline)) void t2() { x++; } +__attribute__((noinline)) void t3() { x++; } +__attribute__((noinline)) void t4() { x++; } + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + if (Size == 1 && Data[0] == 'A' && !skip0) { + skip0 = true; + ini0(); + } + if (Size == 1 && Data[0] == 'B' && !skip1) { + skip1 = true; + ini1(); + } + if (Size == 1 && Data[0] == 'C' && !skip2) { + skip2 = true; + ini2(); + } + + det0(); + det1(); + int a = rand(); + det2(); + + switch (a % 5) { + case 0: + t0(); + break; + case 1: + t1(); + break; + case 2: + t2(); + break; + case 3: + t3(); + break; + case 4: + t4(); + break; + default: + assert(false); + } + + det3(); + det4(); + return 0; +} diff --git a/test/fuzzer/print_unstable_stats.test b/test/fuzzer/print_unstable_stats.test new file mode 100644 index 000000000..bba99aecc --- /dev/null +++ b/test/fuzzer/print_unstable_stats.test @@ -0,0 +1,3 @@ +RUN: %cpp_compiler %S/PrintUnstableStatsTest.cpp -o %t-PrintUnstableStatsTest +RUN: %run %t-PrintUnstableStatsTest -print_unstable_stats=1 -runs=100000 2>&1 | FileCheck %s --check-prefix=LONG +LONG: stat::stability_rate: 27.59 -- cgit v1.2.3