diff options
| author | Max Moroz <mmoroz@chromium.org> | 2019-08-12 20:21:27 +0000 |
|---|---|---|
| committer | Max Moroz <mmoroz@chromium.org> | 2019-08-12 20:21:27 +0000 |
| commit | 74cec618f304e88ca83875e84978acfa1b8cc1ec (patch) | |
| tree | 7aea0cdf4939e3f909019292a3dffc7f40cf4a5c /compiler-rt/lib/fuzzer | |
| parent | 532e724992393415c5deaf7f71fa1f46fca60932 (diff) | |
| download | bcm5719-llvm-74cec618f304e88ca83875e84978acfa1b8cc1ec.tar.gz bcm5719-llvm-74cec618f304e88ca83875e84978acfa1b8cc1ec.zip | |
[libFuzzer] Merge: print feature coverage number as well.
Summary:
feature coverage is a useful signal that is available during the merge
process, but was not printed previously.
Output example:
```
$ ./fuzzer -use_value_profile=1 -merge=1 new_corpus/ seed_corpus/
INFO: Seed: 1676551929
INFO: Loaded 1 modules (2380 inline 8-bit counters): 2380 [0x90d180, 0x90dacc),
INFO: Loaded 1 PC tables (2380 PCs): 2380 [0x684018,0x68d4d8),
MERGE-OUTER: 180 files, 78 in the initial corpus
MERGE-OUTER: attempt 1
INFO: Seed: 1676574577
INFO: Loaded 1 modules (2380 inline 8-bit counters): 2380 [0x90d180, 0x90dacc),
INFO: Loaded 1 PC tables (2380 PCs): 2380 [0x684018,0x68d4d8),
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes
MERGE-INNER: using the control file '/tmp/libFuzzerTemp.111754.txt'
MERGE-INNER: 180 total files; 0 processed earlier; will process 180 files now
#1 pulse cov: 134 ft: 330 exec/s: 0 rss: 37Mb
#2 pulse cov: 142 ft: 462 exec/s: 0 rss: 38Mb
#4 pulse cov: 152 ft: 651 exec/s: 0 rss: 38Mb
#8 pulse cov: 152 ft: 943 exec/s: 0 rss: 38Mb
#16 pulse cov: 520 ft: 2783 exec/s: 0 rss: 39Mb
#32 pulse cov: 552 ft: 3280 exec/s: 0 rss: 41Mb
#64 pulse cov: 576 ft: 3641 exec/s: 0 rss: 50Mb
#78 LOADED cov: 602 ft: 3936 exec/s: 0 rss: 88Mb
#128 pulse cov: 611 ft: 3996 exec/s: 0 rss: 93Mb
#180 DONE cov: 611 ft: 4016 exec/s: 0 rss: 155Mb
MERGE-OUTER: succesfull in 1 attempt(s)
MERGE-OUTER: the control file has 39741 bytes
MERGE-OUTER: consumed 0Mb (37Mb rss) to parse the control file
MERGE-OUTER: 9 new files with 80 new features added; 9 new coverage edges
```
Reviewers: hctim, morehouse
Reviewed By: morehouse
Subscribers: delcypher, #sanitizers, llvm-commits, kcc
Tags: #llvm, #sanitizers
Differential Revision: https://reviews.llvm.org/D66030
llvm-svn: 368617
Diffstat (limited to 'compiler-rt/lib/fuzzer')
| -rw-r--r-- | compiler-rt/lib/fuzzer/FuzzerInternal.h | 3 | ||||
| -rw-r--r-- | compiler-rt/lib/fuzzer/FuzzerLoop.cpp | 5 | ||||
| -rw-r--r-- | compiler-rt/lib/fuzzer/FuzzerMerge.cpp | 9 |
3 files changed, 11 insertions, 6 deletions
diff --git a/compiler-rt/lib/fuzzer/FuzzerInternal.h b/compiler-rt/lib/fuzzer/FuzzerInternal.h index f2a4c437de3..31096ce804b 100644 --- a/compiler-rt/lib/fuzzer/FuzzerInternal.h +++ b/compiler-rt/lib/fuzzer/FuzzerInternal.h @@ -98,7 +98,8 @@ private: void ReportNewCoverage(InputInfo *II, const Unit &U); void PrintPulseAndReportSlowInput(const uint8_t *Data, size_t Size); void WriteUnitToFileWithPrefix(const Unit &U, const char *Prefix); - void PrintStats(const char *Where, const char *End = "\n", size_t Units = 0); + void PrintStats(const char *Where, const char *End = "\n", size_t Units = 0, + size_t Features = 0); void PrintStatusForNewUnit(const Unit &U, const char *Text); void CheckExitOnSrcPosOrItem(); diff --git a/compiler-rt/lib/fuzzer/FuzzerLoop.cpp b/compiler-rt/lib/fuzzer/FuzzerLoop.cpp index f773f9a1339..9c266739306 100644 --- a/compiler-rt/lib/fuzzer/FuzzerLoop.cpp +++ b/compiler-rt/lib/fuzzer/FuzzerLoop.cpp @@ -319,14 +319,15 @@ void Fuzzer::RssLimitCallback() { _Exit(Options.OOMExitCode); // Stop right now. } -void Fuzzer::PrintStats(const char *Where, const char *End, size_t Units) { +void Fuzzer::PrintStats(const char *Where, const char *End, size_t Units, + size_t Features) { size_t ExecPerSec = execPerSec(); if (!Options.Verbosity) return; Printf("#%zd\t%s", TotalNumberOfRuns, Where); if (size_t N = TPC.GetTotalPCCoverage()) Printf(" cov: %zd", N); - if (size_t N = Corpus.NumFeatures()) + if (size_t N = Features ? Features : Corpus.NumFeatures()) Printf(" ft: %zd", N); if (!Corpus.empty()) { Printf(" corp: %zd", Corpus.NumActiveUnits()); diff --git a/compiler-rt/lib/fuzzer/FuzzerMerge.cpp b/compiler-rt/lib/fuzzer/FuzzerMerge.cpp index bd99128ef7b..c05c49225ea 100644 --- a/compiler-rt/lib/fuzzer/FuzzerMerge.cpp +++ b/compiler-rt/lib/fuzzer/FuzzerMerge.cpp @@ -210,6 +210,9 @@ void Fuzzer::CrashResistantMergeInternalStep(const std::string &CFPath) { std::ofstream OF(CFPath, std::ofstream::out | std::ofstream::app); Set<size_t> AllFeatures; + auto PrintStatsWrapper = [this, &AllFeatures](const char* Where) { + this->PrintStats(Where, "\n", 0, AllFeatures.size()); + }; Set<const TracePC::PCTableEntry *> AllPCs; for (size_t i = M.FirstNotProcessedFile; i < M.Files.size(); i++) { Fuzzer::MaybeExitGracefully(); @@ -238,9 +241,9 @@ void Fuzzer::CrashResistantMergeInternalStep(const std::string &CFPath) { TPC.UpdateObservedPCs(); // Show stats. if (!(TotalNumberOfRuns & (TotalNumberOfRuns - 1))) - PrintStats("pulse "); + PrintStatsWrapper("pulse "); if (TotalNumberOfRuns == M.NumFilesInFirstCorpus) - PrintStats("LOADED"); + PrintStatsWrapper("LOADED"); // Write the post-run marker and the coverage. OF << "FT " << i; for (size_t F : UniqFeatures) @@ -254,7 +257,7 @@ void Fuzzer::CrashResistantMergeInternalStep(const std::string &CFPath) { OF << "\n"; OF.flush(); } - PrintStats("DONE "); + PrintStatsWrapper("DONE "); } static void WriteNewControlFile(const std::string &CFPath, |
