From cd0d243e72c28dbdb8046a283ff704b6044c9aa9 Mon Sep 17 00:00:00 2001
From: Kostya Serebryany <kcc@google.com>
Date: Fri, 2 Oct 2015 20:47:55 +0000
Subject: [PATCH] [libFuzzer] add a flag -max_total_time

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@249181 91177308-0d34-0410-b5e6-96231b3b80d8
---
 docs/LibFuzzer.rst          | 1 +
 lib/Fuzzer/FuzzerDriver.cpp | 1 +
 lib/Fuzzer/FuzzerFlags.def  | 4 +++-
 lib/Fuzzer/FuzzerInternal.h | 1 +
 lib/Fuzzer/FuzzerLoop.cpp   | 4 ++++
 lib/Fuzzer/test/fuzzer.test | 3 +++
 6 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/docs/LibFuzzer.rst b/docs/LibFuzzer.rst
index a9948d893e1..4155526ac84 100644
--- a/docs/LibFuzzer.rst
+++ b/docs/LibFuzzer.rst
@@ -60,6 +60,7 @@ The most important flags are::
   cross_over                         	1	If 1, cross over inputs.
   mutate_depth                       	5	Apply this number of consecutive mutations to each input.
   timeout                            	1200	Timeout in seconds (if positive). If one unit runs more than this number of seconds the process will abort.
+  max_total_time                        0       If positive, indicates the maximal total time in seconds to run the fuzzer.
   help                               	0	Print help.
   save_minimized_corpus              	0	If 1, the minimized corpus is saved into the first input directory. Example: ./fuzzer -save_minimized_corpus=1 NEW_EMPTY_DIR OLD_CORPUS
   jobs                               	0	Number of jobs to run. If jobs >= 1 we spawn this number of jobs in separate worker processes with stdout/stderr redirected to fuzz-JOB.log.
diff --git a/lib/Fuzzer/FuzzerDriver.cpp b/lib/Fuzzer/FuzzerDriver.cpp
index 9c4406e219c..4b9b57f27ea 100644
--- a/lib/Fuzzer/FuzzerDriver.cpp
+++ b/lib/Fuzzer/FuzzerDriver.cpp
@@ -249,6 +249,7 @@ int FuzzerDriver(const std::vector<std::string> &Args,
   Options.Verbosity = Flags.verbosity;
   Options.MaxLen = Flags.max_len;
   Options.UnitTimeoutSec = Flags.timeout;
+  Options.MaxTotalTimeSec = Flags.max_total_time;
   Options.DoCrossOver = Flags.cross_over;
   Options.MutateDepth = Flags.mutate_depth;
   Options.ExitOnFirst = Flags.exit_on_first;
diff --git a/lib/Fuzzer/FuzzerFlags.def b/lib/Fuzzer/FuzzerFlags.def
index 3b2a0f5544c..48ae220dee7 100644
--- a/lib/Fuzzer/FuzzerFlags.def
+++ b/lib/Fuzzer/FuzzerFlags.def
@@ -28,6 +28,8 @@ FUZZER_FLAG_INT(
     timeout, 1200,
     "Timeout in seconds (if positive). "
     "If one unit runs more than this number of seconds the process will abort.")
+FUZZER_FLAG_INT(max_total_time, 0, "If positive, indicates the maximal total "
+                                   "time in seconds to run the fuzzer.")
 FUZZER_FLAG_INT(help, 0, "Print help.")
 FUZZER_FLAG_INT(
     save_minimized_corpus, 0,
@@ -66,4 +68,4 @@ FUZZER_FLAG_INT(tbm_depth, 5, "Apply at most this number of consecutive"
                                "trace-based-mutations (tbm).")
 FUZZER_FLAG_INT(tbm_width, 5, "Apply at most this number of independent"
                                "trace-based-mutations (tbm)")
-FUZZER_FLAG_STRING(test_single_input, "Use specified file as test input.")
\ No newline at end of file
+FUZZER_FLAG_STRING(test_single_input, "Use specified file as test input.")
diff --git a/lib/Fuzzer/FuzzerInternal.h b/lib/Fuzzer/FuzzerInternal.h
index 862732eedf7..8d4833f1d93 100644
--- a/lib/Fuzzer/FuzzerInternal.h
+++ b/lib/Fuzzer/FuzzerInternal.h
@@ -73,6 +73,7 @@ class Fuzzer {
     int Verbosity = 1;
     int MaxLen = 0;
     int UnitTimeoutSec = 300;
+    int MaxTotalTimeSec = 0;
     bool DoCrossOver = true;
     int  MutateDepth = 5;
     bool ExitOnFirst = false;
diff --git a/lib/Fuzzer/FuzzerLoop.cpp b/lib/Fuzzer/FuzzerLoop.cpp
index 96783dac673..6e04868fd40 100644
--- a/lib/Fuzzer/FuzzerLoop.cpp
+++ b/lib/Fuzzer/FuzzerLoop.cpp
@@ -337,6 +337,10 @@ void Fuzzer::Loop() {
       RereadOutputCorpus();
       if (TotalNumberOfRuns >= Options.MaxNumberOfRuns)
         return;
+      if (Options.MaxTotalTimeSec > 0 &&
+          secondsSinceProcessStartUp() >
+              static_cast<size_t>(Options.MaxTotalTimeSec))
+        return;
       CurrentUnit = Corpus[J1];
       // Optionally, cross with another unit.
       if (Options.DoCrossOver && USF.GetRand().RandBool()) {
diff --git a/lib/Fuzzer/test/fuzzer.test b/lib/Fuzzer/test/fuzzer.test
index 29bd8071000..046c377206d 100644
--- a/lib/Fuzzer/test/fuzzer.test
+++ b/lib/Fuzzer/test/fuzzer.test
@@ -7,6 +7,9 @@ RUN: not LLVMFuzzer-InfiniteTest -timeout=2 2>&1 | FileCheck %s --check-prefix=I
 InfiniteTest: ALARM: working on the last Unit for
 InfiniteTest: Test unit written to timeout-
 
+RUN: LLVMFuzzer-SimpleCmpTest -max_total_time=1 2>&1 | FileCheck %s --check-prefix=MaxTotalTime
+MaxTotalTime: Done {{.*}} runs in {{.}} second(s)
+
 RUN: not LLVMFuzzer-TimeoutTest -timeout=5 2>&1 | FileCheck %s --check-prefix=TimeoutTest
 TimeoutTest: ALARM: working on the last Unit for
 TimeoutTest: Test unit written to timeout-
-- 
2.34.1