[compiler-rt] r325050 - [libFuzzer] Set -experimental_len_control=1000 as default.

Matt Morehouse via llvm-commits llvm-commits at lists.llvm.org
Tue Feb 13 12:52:15 PST 2018 

Author: morehouse
Date: Tue Feb 13 12:52:15 2018
New Revision: 325050

URL: http://llvm.org/viewvc/llvm-project?rev=325050&view=rev
Log:
[libFuzzer] Set -experimental_len_control=1000 as default.

Summary:
Experiments using
https://github.com/google/fuzzer-test-suite/tree/master/engine-comparison
show a significant increase in coverage and reduction in corpus size
with this option enabled.

Addresses https://llvm.org/pr36371.

Reviewers: kcc

Reviewed By: kcc

Subscribers: llvm-commits

Differential Revision: https://reviews.llvm.org/D42932

Modified:
    compiler-rt/trunk/lib/fuzzer/FuzzerDriver.cpp
    compiler-rt/trunk/lib/fuzzer/FuzzerFlags.def
    compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp
    compiler-rt/trunk/lib/fuzzer/FuzzerOptions.h

Modified: compiler-rt/trunk/lib/fuzzer/FuzzerDriver.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerDriver.cpp?rev=325050&r1=325049&r2=325050&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerDriver.cpp (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerDriver.cpp Tue Feb 13 12:52:15 2018
@@ -567,7 +567,7 @@ int FuzzerDriver(int *argc, char ***argv
   FuzzingOptions Options;
   Options.Verbosity = Flags.verbosity;
   Options.MaxLen = Flags.max_len;
-  Options.ExperimentalLenControl = Flags.experimental_len_control;
+  Options.LenControl = Flags.len_control;
   Options.UnitTimeoutSec = Flags.timeout;
   Options.ErrorExitCode = Flags.error_exitcode;
   Options.TimeoutExitCode = Flags.timeout_exitcode;

Modified: compiler-rt/trunk/lib/fuzzer/FuzzerFlags.def
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerFlags.def?rev=325050&r1=325049&r2=325050&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerFlags.def (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerFlags.def Tue Feb 13 12:52:15 2018
@@ -17,7 +17,10 @@ FUZZER_FLAG_INT(runs, -1,
 FUZZER_FLAG_INT(max_len, 0, "Maximum length of the test input. "
     "If 0, libFuzzer tries to guess a good value based on the corpus "
     "and reports it. ")
-FUZZER_FLAG_INT(experimental_len_control, 0, "experimental flag")
+FUZZER_FLAG_INT(len_control, 1000, "Try generating small inputs first, "
+  "then try larger inputs over time.  Specifies the rate at which the length "
+  "limit is increased (smaller == faster).  If 0, immediately try inputs with "
+  "size up to max_len.")
 FUZZER_FLAG_INT(cross_over, 1, "If 1, cross over inputs.")
 FUZZER_FLAG_INT(mutate_depth, 5,
             "Apply this number of consecutive mutations to each input.")

Modified: compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp?rev=325050&r1=325049&r2=325050&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp Tue Feb 13 12:52:15 2018
@@ -755,15 +755,15 @@ void Fuzzer::Loop(const Vector<std::stri
       break;
 
     // Update TmpMaxMutationLen
-    if (Options.ExperimentalLenControl) {
+    if (Options.LenControl) {
       if (TmpMaxMutationLen < MaxMutationLen &&
           TotalNumberOfRuns - LastCorpusUpdateRun >
-              Options.ExperimentalLenControl * Log(TmpMaxMutationLen)) {
+              Options.LenControl * Log(TmpMaxMutationLen)) {
         TmpMaxMutationLen =
             Min(MaxMutationLen, TmpMaxMutationLen + Log(TmpMaxMutationLen));
         if (TmpMaxMutationLen <= MaxMutationLen)
           Printf("#%zd\tTEMP_MAX_LEN: %zd (%zd %zd)\n", TotalNumberOfRuns,
-                 TmpMaxMutationLen, Options.ExperimentalLenControl,
+                 TmpMaxMutationLen, Options.LenControl,
                  LastCorpusUpdateRun);
         LastCorpusUpdateRun = TotalNumberOfRuns;
       }

Modified: compiler-rt/trunk/lib/fuzzer/FuzzerOptions.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerOptions.h?rev=325050&r1=325049&r2=325050&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerOptions.h (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerOptions.h Tue Feb 13 12:52:15 2018
@@ -18,7 +18,7 @@ namespace fuzzer {
 struct FuzzingOptions {
   int Verbosity = 1;
   size_t MaxLen = 0;
-  size_t ExperimentalLenControl = 0;
+  size_t LenControl = 1000;
   int UnitTimeoutSec = 300;
   int TimeoutExitCode = 77;
   int ErrorExitCode = 77;

More information about the llvm-commits mailing list