[llvm] r354533 - [libFuzzer] document -fork=N
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Wed Feb 20 16:32:30 PST 2019
Author: kcc
Date: Wed Feb 20 16:32:30 2019
New Revision: 354533
URL: http://llvm.org/viewvc/llvm-project?rev=354533&view=rev
Log:
[libFuzzer] document -fork=N
Modified:
llvm/trunk/docs/LibFuzzer.rst
Modified: llvm/trunk/docs/LibFuzzer.rst
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/docs/LibFuzzer.rst?rev=354533&r1=354532&r2=354533&view=diff
==============================================================================
--- llvm/trunk/docs/LibFuzzer.rst (original)
+++ llvm/trunk/docs/LibFuzzer.rst Wed Feb 20 16:32:30 2019
@@ -178,6 +178,28 @@ worker processes can be overridden by th
running with ``-jobs=30`` on a 12-core machine would run 6 workers by default,
with each worker averaging 5 bugs by completion of the entire process.
+Fork mode
+---------
+
+**Experimental** mode ``-fork=N`` (where ``N`` is the number of parallel jobs)
+enables oom-, timeout-, and crash-resistant
+fuzzing with separate processes (using ``fork-exec``, not just ``fork``).
+
+The top libFuzzer process will not do any fuzzing itself, but will
+spawn up to ``N`` concurrent child processes providing them
+small random subsets of the corpus. After a child exits, the top process
+merges the corpus generated by the child back to the main corpus.
+
+Related flags:
+``-ignore_ooms``
+ True by default. If an OOM happens during fuzzing in one of the child processes,
+ the reproducer is saved on disk, and fuzzing continues.
+``-ignore_timeouts``
+ True by default, same as ``-ignore_ooms``, but for timeouts.
+``-ignore_crashes``
+ False by default, same as ``-ignore_ooms``, but for all other crashes.
+
+The plan is to eventually replace ``-jobs=N`` and ``-workers=N`` with ``-fork=N``.
Resuming merge
--------------
More information about the llvm-commits
mailing list