From: Kostya Serebryany Date: Wed, 4 Feb 2015 23:42:42 +0000 (+0000) Subject: [fuzzer] add flag prefer_small_during_initial_shuffle, be a bit more verbose X-Git-Url: http://plrg.eecs.uci.edu/git/?p=oota-llvm.git;a=commitdiff_plain;h=5d85a10810264617304f1420b5ed5d35287b80f1 [fuzzer] add flag prefer_small_during_initial_shuffle, be a bit more verbose git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@228235 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/Fuzzer/FuzzerFlags.def b/lib/Fuzzer/FuzzerFlags.def index f4a4bb96441..754d02e0153 100644 --- a/lib/Fuzzer/FuzzerFlags.def +++ b/lib/Fuzzer/FuzzerFlags.def @@ -21,6 +21,10 @@ FUZZER_FLAG(int, max_len, 64, "Maximal length of the test input.") FUZZER_FLAG(int, cross_over, 1, "If 1, cross over inputs.") FUZZER_FLAG(int, mutate_depth, 5, "Apply this number of consecutive mutations to each input.") +FUZZER_FLAG( + int, prefer_small_during_initial_shuffle, -1, + "If 1, always prefer smaller inputs during the initial corpus shuffle." + " If 0, never do that. If -1, do it sometimes.") FUZZER_FLAG(int, exit_on_first, 0, "If 1, exit after the first new interesting input is found.") FUZZER_FLAG(int, timeout, -1, "Timeout in seconds (if positive).") diff --git a/lib/Fuzzer/FuzzerInternal.h b/lib/Fuzzer/FuzzerInternal.h index acf07ee6166..34752ff4944 100644 --- a/lib/Fuzzer/FuzzerInternal.h +++ b/lib/Fuzzer/FuzzerInternal.h @@ -47,6 +47,7 @@ class Fuzzer { int MutateDepth = 5; bool ExitOnFirst = false; bool UseFullCoverageSet = false; + int PreferSmallDuringInitialShuffle = -1; size_t MaxNumberOfRuns = ULONG_MAX; std::string OutputCorpus; }; @@ -63,6 +64,13 @@ class Fuzzer { // Save the current corpus to OutputCorpus. void SaveCorpus(); + size_t secondsSinceProcessStartUp() { + return duration_cast(system_clock::now() - ProcessStartTime) + .count(); + } + + size_t getTotalNumberOfRuns() { return TotalNumberOfRuns; } + static void AlarmCallback(); private: diff --git a/lib/Fuzzer/FuzzerLoop.cpp b/lib/Fuzzer/FuzzerLoop.cpp index d825148c758..9c65f257d9c 100644 --- a/lib/Fuzzer/FuzzerLoop.cpp +++ b/lib/Fuzzer/FuzzerLoop.cpp @@ -48,10 +48,19 @@ void Fuzzer::AlarmCallback() { } void Fuzzer::ShuffleAndMinimize() { + bool PreferSmall = + (Options.PreferSmallDuringInitialShuffle == 1 || + (Options.PreferSmallDuringInitialShuffle == -1 && rand() % 2)); if (Options.Verbosity) - std::cerr << "Shuffle: " << Corpus.size() << "\n"; + std::cerr << "Shuffle: Size: " << Corpus.size() + << " prefer small: " << PreferSmall + << "\n"; std::vector NewCorpus; - random_shuffle(Corpus.begin(), Corpus.end()); + std::random_shuffle(Corpus.begin(), Corpus.end()); + if (PreferSmall) + std::stable_sort( + Corpus.begin(), Corpus.end(), + [](const Unit &A, const Unit &B) { return A.size() < B.size(); }); size_t MaxCov = 0; Unit &U = CurrentUnit; for (const auto &C : Corpus) { @@ -64,7 +73,9 @@ void Fuzzer::ShuffleAndMinimize() { MaxCov = NewCoverage; NewCorpus.push_back(U); if (Options.Verbosity >= 2) - std::cerr << "NEW0: " << NewCoverage << "\n"; + std::cerr << "NEW0: " << NewCoverage + << " L " << U.size() + << "\n"; } } } @@ -109,8 +120,7 @@ size_t Fuzzer::RunOneMaximizeTotalCoverage(const Unit &U) { TestOneInput(U.data(), U.size()); size_t NewCoverage = __sanitizer_get_total_unique_coverage(); if (!(TotalNumberOfRuns & (TotalNumberOfRuns - 1)) && Options.Verbosity) { - size_t Seconds = - duration_cast(system_clock::now() - ProcessStartTime).count(); + size_t Seconds = secondsSinceProcessStartUp(); std::cerr << "#" << TotalNumberOfRuns << "\tcov: " << NewCoverage diff --git a/lib/Fuzzer/FuzzerMain.cpp b/lib/Fuzzer/FuzzerMain.cpp index 35e50f0ee31..294b9ccc429 100644 --- a/lib/Fuzzer/FuzzerMain.cpp +++ b/lib/Fuzzer/FuzzerMain.cpp @@ -163,6 +163,8 @@ int main(int argc, char **argv) { Options.MutateDepth = Flags.mutate_depth; Options.ExitOnFirst = Flags.exit_on_first; Options.UseFullCoverageSet = Flags.use_full_coverage_set; + Options.PreferSmallDuringInitialShuffle = + Flags.prefer_small_during_initial_shuffle; if (Flags.runs >= 0) Options.MaxNumberOfRuns = Flags.runs; if (!inputs.empty()) @@ -191,6 +193,8 @@ int main(int argc, char **argv) { F.SaveCorpus(); F.Loop(Flags.iterations < 0 ? INT_MAX : Flags.iterations); if (Flags.verbosity) - std::cerr << "Done\n"; + std::cerr << "Done " << F.getTotalNumberOfRuns() + << " runs in " << F.secondsSinceProcessStartUp() + << " seconds\n"; return 0; }