[llvm] r280153 - [libfuzzer] simplified unit truncation; do not write trunc items to disc
Mike Aizatsky via llvm-commits
llvm-commits at lists.llvm.org
Tue Aug 30 13:49:07 PDT 2016
Author: aizatsky
Date: Tue Aug 30 15:49:07 2016
New Revision: 280153
URL: http://llvm.org/viewvc/llvm-project?rev=280153&view=rev
Log:
[libfuzzer] simplified unit truncation; do not write trunc items to disc
Differential Revision: https://reviews.llvm.org/D24049
Modified:
llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
llvm/trunk/lib/Fuzzer/test/fuzzer-trunc.test
Modified: llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp?rev=280153&r1=280152&r2=280153&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp Tue Aug 30 15:49:07 2016
@@ -33,7 +33,6 @@
namespace fuzzer {
static const size_t kMaxUnitSizeToPrint = 256;
-static const size_t TruncateMaxRuns = 1000;
thread_local bool Fuzzer::IsMyThread;
@@ -371,39 +370,22 @@ void Fuzzer::ShuffleCorpus(UnitVector *V
}
// Tries random prefixes of corpus items.
-// Prefix length is chosen according to exponential distribution
-// to sample short lengths much more heavily.
void Fuzzer::TruncateUnits(std::vector<Unit> *NewCorpus) {
- size_t MaxCorpusLen = 0;
- for (const auto &U : Corpus)
- MaxCorpusLen = std::max(MaxCorpusLen, U.size());
+ std::vector<double> Fractions = {0.25, 0.5, 0.75, 1.0};
- if (MaxCorpusLen <= 1)
- return;
-
- // 50% of exponential distribution is Log[2]/lambda.
- // Choose lambda so that median is MaxCorpusLen / 2.
- double Lambda = 2.0 * log(2.0) / static_cast<double>(MaxCorpusLen);
- std::exponential_distribution<> Dist(Lambda);
- std::vector<double> Sizes;
- size_t TruncatePoints = std::max(1ul, TruncateMaxRuns / Corpus.size());
- Sizes.reserve(TruncatePoints);
- for (size_t I = 0; I < TruncatePoints; ++I) {
- Sizes.push_back(Dist(MD.GetRand().Get_mt19937()) + 1);
- }
- std::sort(Sizes.begin(), Sizes.end());
-
- for (size_t S : Sizes) {
+ size_t TruncInputs = 0;
+ for (double Fraction : Fractions) {
for (const auto &U : Corpus) {
- if (S < U.size() && RunOne(U.data(), S)) {
- Unit U1(U.begin(), U.begin() + S);
- NewCorpus->push_back(U1);
- WriteToOutputCorpus(U1);
- PrintStatusForNewUnit(U1);
- }
+ uint64_t S = MD.GetRand()(U.size() * Fraction);
+ if (!S || !RunOne(U.data(), S))
+ continue;
+ TruncInputs++;
+ Unit U1(U.begin(), U.begin() + S);
+ NewCorpus->push_back(U1);
}
}
- PrintStats("TRUNC ");
+ if (TruncInputs)
+ Printf("\tINFO TRUNC %zd units added to in-memory corpus\n", TruncInputs);
}
void Fuzzer::ShuffleAndMinimize() {
Modified: llvm/trunk/lib/Fuzzer/test/fuzzer-trunc.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/fuzzer-trunc.test?rev=280153&r1=280152&r2=280153&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/fuzzer-trunc.test (original)
+++ llvm/trunk/lib/Fuzzer/test/fuzzer-trunc.test Tue Aug 30 15:49:07 2016
@@ -2,9 +2,7 @@
RUN: rm -rf FuzzerTruncateTestCORPUS
RUN: mkdir FuzzerTruncateTestCORPUS
RUN: echo "01234567890123456789012345678901234567890" > FuzzerTruncateTestCORPUS/unit1
-# Simply running a fuzzer won't produce new results
-RUN: LLVMFuzzer-EmptyTest -seed=1 -runs=100 -truncate_units=0 ./FuzzerTruncateTestCORPUS
-# Truncating would create a new unit of length 1.
-RUN: LLVMFuzzer-EmptyTest -seed=1 -runs=0 -truncate_units=1 ./FuzzerTruncateTestCORPUS
-RUN: find FuzzerTruncateTestCORPUS/b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
+RUN: LLVMFuzzer-EmptyTest -seed=1 -runs=0 -truncate_units=1 ./FuzzerTruncateTestCORPUS 2>&1 | FileCheck %s
RUN: rm -rf FuzzerTruncateTestCORPUS
+
+CHECK: INFO TRUNC 1 units added
More information about the llvm-commits
mailing list