[llvm] r228235 - [fuzzer] add flag prefer_small_during_initial_shuffle, be a bit more verbose
Kostya Serebryany
kcc at google.com
Wed Feb 4 15:42:42 PST 2015
Author: kcc
Date: Wed Feb 4 17:42:42 2015
New Revision: 228235
URL: http://llvm.org/viewvc/llvm-project?rev=228235&view=rev
Log:
[fuzzer] add flag prefer_small_during_initial_shuffle, be a bit more verbose
Modified:
llvm/trunk/lib/Fuzzer/FuzzerFlags.def
llvm/trunk/lib/Fuzzer/FuzzerInternal.h
llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
llvm/trunk/lib/Fuzzer/FuzzerMain.cpp
Modified: llvm/trunk/lib/Fuzzer/FuzzerFlags.def
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerFlags.def?rev=228235&r1=228234&r2=228235&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerFlags.def (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerFlags.def Wed Feb 4 17:42:42 2015
@@ -21,6 +21,10 @@ FUZZER_FLAG(int, max_len, 64, "Maximal l
FUZZER_FLAG(int, cross_over, 1, "If 1, cross over inputs.")
FUZZER_FLAG(int, mutate_depth, 5,
"Apply this number of consecutive mutations to each input.")
+FUZZER_FLAG(
+ int, prefer_small_during_initial_shuffle, -1,
+ "If 1, always prefer smaller inputs during the initial corpus shuffle."
+ " If 0, never do that. If -1, do it sometimes.")
FUZZER_FLAG(int, exit_on_first, 0,
"If 1, exit after the first new interesting input is found.")
FUZZER_FLAG(int, timeout, -1, "Timeout in seconds (if positive).")
Modified: llvm/trunk/lib/Fuzzer/FuzzerInternal.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerInternal.h?rev=228235&r1=228234&r2=228235&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerInternal.h (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerInternal.h Wed Feb 4 17:42:42 2015
@@ -47,6 +47,7 @@ class Fuzzer {
int MutateDepth = 5;
bool ExitOnFirst = false;
bool UseFullCoverageSet = false;
+ int PreferSmallDuringInitialShuffle = -1;
size_t MaxNumberOfRuns = ULONG_MAX;
std::string OutputCorpus;
};
@@ -63,6 +64,13 @@ class Fuzzer {
// Save the current corpus to OutputCorpus.
void SaveCorpus();
+ size_t secondsSinceProcessStartUp() {
+ return duration_cast<seconds>(system_clock::now() - ProcessStartTime)
+ .count();
+ }
+
+ size_t getTotalNumberOfRuns() { return TotalNumberOfRuns; }
+
static void AlarmCallback();
private:
Modified: llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp?rev=228235&r1=228234&r2=228235&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp Wed Feb 4 17:42:42 2015
@@ -48,10 +48,19 @@ void Fuzzer::AlarmCallback() {
}
void Fuzzer::ShuffleAndMinimize() {
+ bool PreferSmall =
+ (Options.PreferSmallDuringInitialShuffle == 1 ||
+ (Options.PreferSmallDuringInitialShuffle == -1 && rand() % 2));
if (Options.Verbosity)
- std::cerr << "Shuffle: " << Corpus.size() << "\n";
+ std::cerr << "Shuffle: Size: " << Corpus.size()
+ << " prefer small: " << PreferSmall
+ << "\n";
std::vector<Unit> NewCorpus;
- random_shuffle(Corpus.begin(), Corpus.end());
+ std::random_shuffle(Corpus.begin(), Corpus.end());
+ if (PreferSmall)
+ std::stable_sort(
+ Corpus.begin(), Corpus.end(),
+ [](const Unit &A, const Unit &B) { return A.size() < B.size(); });
size_t MaxCov = 0;
Unit &U = CurrentUnit;
for (const auto &C : Corpus) {
@@ -64,7 +73,9 @@ void Fuzzer::ShuffleAndMinimize() {
MaxCov = NewCoverage;
NewCorpus.push_back(U);
if (Options.Verbosity >= 2)
- std::cerr << "NEW0: " << NewCoverage << "\n";
+ std::cerr << "NEW0: " << NewCoverage
+ << " L " << U.size()
+ << "\n";
}
}
}
@@ -109,8 +120,7 @@ size_t Fuzzer::RunOneMaximizeTotalCovera
TestOneInput(U.data(), U.size());
size_t NewCoverage = __sanitizer_get_total_unique_coverage();
if (!(TotalNumberOfRuns & (TotalNumberOfRuns - 1)) && Options.Verbosity) {
- size_t Seconds =
- duration_cast<seconds>(system_clock::now() - ProcessStartTime).count();
+ size_t Seconds = secondsSinceProcessStartUp();
std::cerr
<< "#" << TotalNumberOfRuns
<< "\tcov: " << NewCoverage
Modified: llvm/trunk/lib/Fuzzer/FuzzerMain.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerMain.cpp?rev=228235&r1=228234&r2=228235&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerMain.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerMain.cpp Wed Feb 4 17:42:42 2015
@@ -163,6 +163,8 @@ int main(int argc, char **argv) {
Options.MutateDepth = Flags.mutate_depth;
Options.ExitOnFirst = Flags.exit_on_first;
Options.UseFullCoverageSet = Flags.use_full_coverage_set;
+ Options.PreferSmallDuringInitialShuffle =
+ Flags.prefer_small_during_initial_shuffle;
if (Flags.runs >= 0)
Options.MaxNumberOfRuns = Flags.runs;
if (!inputs.empty())
@@ -191,6 +193,8 @@ int main(int argc, char **argv) {
F.SaveCorpus();
F.Loop(Flags.iterations < 0 ? INT_MAX : Flags.iterations);
if (Flags.verbosity)
- std::cerr << "Done\n";
+ std::cerr << "Done " << F.getTotalNumberOfRuns()
+ << " runs in " << F.secondsSinceProcessStartUp()
+ << " seconds\n";
return 0;
}
More information about the llvm-commits
mailing list