Skip to content

Commit

Permalink
[libfuzzer] prune_corpus option for disabling pruning during the load.
Browse files Browse the repository at this point in the history 
Summary:
The option is very useful for testing, plus I intend to measure
its effect on fuzzer effectiveness.

Differential Revision: http://reviews.llvm.org/D21084

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@272035 91177308-0d34-0410-b5e6-96231b3b80d8
  • Loading branch information
@aizatsky-chromium
aizatsky-chromium committed Jun 7, 2016
1 parent aa009a7 commit c7f790d
Show file tree
Hide file tree
Showing 5 changed files with 19 additions and 1 deletion.
1 change: 1 addition & 0 deletions lib/Fuzzer/FuzzerDriver.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -336,6 +336,7 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {
Options.PrintNewCovPcs = Flags.print_new_cov_pcs;
Options.PrintFinalStats = Flags.print_final_stats;
Options.TruncateUnits = Flags.truncate_units;
Options.PruneCorpus = Flags.prune_corpus;

unsigned Seed = Flags.seed;
// Initialize Seed.
Expand Down
2 changes: 2 additions & 0 deletions lib/Fuzzer/FuzzerFlags.def
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,8 @@ FUZZER_FLAG_INT(detect_leaks, 1, "If 1, and if LeakSanitizer is enabled "
FUZZER_FLAG_INT(rss_limit_mb, 2048, "If non-zero, the fuzzer will exit upon"
"reaching this limit of RSS memory usage.")
FUZZER_FLAG_INT(truncate_units, 0, "Try truncated units when loading corpus.")
FUZZER_FLAG_INT(prune_corpus, 1, "Prune corpus items without new coverage when "
"loading corpus.")

FUZZER_DEPRECATED_FLAG(exit_on_first)
FUZZER_DEPRECATED_FLAG(save_minimized_corpus)
Expand Down
1 change: 1 addition & 0 deletions lib/Fuzzer/FuzzerInternal.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -331,6 +331,7 @@ class Fuzzer {
bool PrintFinalStats = false;
bool DetectLeaks = true;
bool TruncateUnits = false;
bool PruneCorpus = true;
};

// Aggregates all available coverage measurements.
Expand Down
3 changes: 2 additions & 1 deletion lib/Fuzzer/FuzzerLoop.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -400,7 +400,8 @@ void Fuzzer::ShuffleAndMinimize() {
}

for (const auto &U : Corpus) {
if (RunOne(U)) {
bool NewCoverage = RunOne(U);
if (!Options.PruneCorpus || NewCoverage) {
NewCorpus.push_back(U);
if (Options.Verbosity >= 2)
Printf("NEW0: %zd L %zd\n", MaxCoverage.BlockCoverage, U.size());
Expand Down
13 changes: 13 additions & 0 deletions lib/Fuzzer/test/fuzzer-prunecorpus.test
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
RUN: rm -rf %t/PruneCorpus
RUN: mkdir -p %t/PruneCorpus
RUN: echo a > %t/PruneCorpus/a
RUN: echo b > %t/PruneCorpus/b
RUN: LLVMFuzzer-EmptyTest %t/PruneCorpus -prune_corpus=1 -runs=0 2>&1 | FileCheck %s --check-prefix=PRUNE
RUN: LLVMFuzzer-EmptyTest %t/PruneCorpus -prune_corpus=0 -runs=0 2>&1 | FileCheck %s --check-prefix=NOPRUNE
RUN: rm -rf %t/PruneCorpus

PRUNE: READ units: 2
PRUNE: INITED{{.*}}units: 1
NOPRUNE: READ units: 2
NOPRUNE: INITED{{.*}}units: 2

0 comments on commit c7f790d

Please sign in to comment.