[PATCH] D21084: [libfuzzer] prune_corpus option for disabling pruning during the load.
Mike Aizatsky via llvm-commits
llvm-commits at lists.llvm.org
Tue Jun 7 11:23:13 PDT 2016
This revision was automatically updated to reflect the committed changes.
Closed by commit rL272035: [libfuzzer] prune_corpus option for disabling pruning during the load. (authored by aizatsky).
Changed prior to commit:
http://reviews.llvm.org/D21084?vs=59914&id=59917#toc
Repository:
rL LLVM
http://reviews.llvm.org/D21084
Files:
llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
llvm/trunk/lib/Fuzzer/FuzzerFlags.def
llvm/trunk/lib/Fuzzer/FuzzerInternal.h
llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
llvm/trunk/lib/Fuzzer/test/fuzzer-prunecorpus.test
Index: llvm/trunk/lib/Fuzzer/FuzzerInternal.h
===================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerInternal.h
+++ llvm/trunk/lib/Fuzzer/FuzzerInternal.h
@@ -331,6 +331,7 @@
bool PrintFinalStats = false;
bool DetectLeaks = true;
bool TruncateUnits = false;
+ bool PruneCorpus = true;
};
// Aggregates all available coverage measurements.
Index: llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
===================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
+++ llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
@@ -400,7 +400,8 @@
}
for (const auto &U : Corpus) {
- if (RunOne(U)) {
+ bool NewCoverage = RunOne(U);
+ if (!Options.PruneCorpus || NewCoverage) {
NewCorpus.push_back(U);
if (Options.Verbosity >= 2)
Printf("NEW0: %zd L %zd\n", MaxCoverage.BlockCoverage, U.size());
Index: llvm/trunk/lib/Fuzzer/FuzzerFlags.def
===================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerFlags.def
+++ llvm/trunk/lib/Fuzzer/FuzzerFlags.def
@@ -85,6 +85,8 @@
FUZZER_FLAG_INT(rss_limit_mb, 2048, "If non-zero, the fuzzer will exit upon"
"reaching this limit of RSS memory usage.")
FUZZER_FLAG_INT(truncate_units, 0, "Try truncated units when loading corpus.")
+FUZZER_FLAG_INT(prune_corpus, 1, "Prune corpus items without new coverage when "
+ "loading corpus.")
FUZZER_DEPRECATED_FLAG(exit_on_first)
FUZZER_DEPRECATED_FLAG(save_minimized_corpus)
Index: llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
===================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
+++ llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
@@ -336,6 +336,7 @@
Options.PrintNewCovPcs = Flags.print_new_cov_pcs;
Options.PrintFinalStats = Flags.print_final_stats;
Options.TruncateUnits = Flags.truncate_units;
+ Options.PruneCorpus = Flags.prune_corpus;
unsigned Seed = Flags.seed;
// Initialize Seed.
Index: llvm/trunk/lib/Fuzzer/test/fuzzer-prunecorpus.test
===================================================================
--- llvm/trunk/lib/Fuzzer/test/fuzzer-prunecorpus.test
+++ llvm/trunk/lib/Fuzzer/test/fuzzer-prunecorpus.test
@@ -0,0 +1,13 @@
+RUN: rm -rf %t/PruneCorpus
+RUN: mkdir -p %t/PruneCorpus
+RUN: echo a > %t/PruneCorpus/a
+RUN: echo b > %t/PruneCorpus/b
+RUN: LLVMFuzzer-EmptyTest %t/PruneCorpus -prune_corpus=1 -runs=0 2>&1 | FileCheck %s --check-prefix=PRUNE
+RUN: LLVMFuzzer-EmptyTest %t/PruneCorpus -prune_corpus=0 -runs=0 2>&1 | FileCheck %s --check-prefix=NOPRUNE
+RUN: rm -rf %t/PruneCorpus
+
+PRUNE: READ units: 2
+PRUNE: INITED{{.*}}units: 1
+NOPRUNE: READ units: 2
+NOPRUNE: INITED{{.*}}units: 2
+
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D21084.59917.patch
Type: text/x-patch
Size: 2762 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20160607/67e8c97b/attachment.bin>
More information about the llvm-commits
mailing list