diff options
| author | Kostya Serebryany <kcc@google.com> | 2015-05-08 21:30:55 +0000 |
|---|---|---|
| committer | Kostya Serebryany <kcc@google.com> | 2015-05-08 21:30:55 +0000 |
| commit | 1ac8055bc7dd625bfe92f0d7f48f2ed6daa1ccda (patch) | |
| tree | 233c190fb3b41cd28815d0bbe31c2e6b661df6d3 /llvm/lib/Fuzzer/FuzzerLoop.cpp | |
| parent | ae0254dabca242f69e2d534097df84f810c7a2d0 (diff) | |
| download | bcm5719-llvm-1ac8055bc7dd625bfe92f0d7f48f2ed6daa1ccda.tar.gz bcm5719-llvm-1ac8055bc7dd625bfe92f0d7f48f2ed6daa1ccda.zip | |
[lib/Fuzzer] use -fsanitize-coverage=trace-cmp when building LLVM with LLVM_USE_SANITIZE_COVERAGE; in lib/Fuzzer try to reload the corpus to pick up new units from other processes
llvm-svn: 236906
Diffstat (limited to 'llvm/lib/Fuzzer/FuzzerLoop.cpp')
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerLoop.cpp | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/llvm/lib/Fuzzer/FuzzerLoop.cpp b/llvm/lib/Fuzzer/FuzzerLoop.cpp index 9d35384ecd5..9f9d92e2c0c 100644 --- a/llvm/lib/Fuzzer/FuzzerLoop.cpp +++ b/llvm/lib/Fuzzer/FuzzerLoop.cpp @@ -86,6 +86,30 @@ void Fuzzer::PrintStats(const char *Where, size_t Cov, const char *End) { << End; } +void Fuzzer::RereadOutputCorpus() { + if (Options.OutputCorpus.empty()) return; + std::vector<Unit> AdditionalCorpus; + ReadDirToVectorOfUnits(Options.OutputCorpus.c_str(), &AdditionalCorpus, + &EpochOfLastReadOfOutputCorpus); + if (Corpus.empty()) { + Corpus = AdditionalCorpus; + return; + } + if (!Options.Reload) return; + for (auto &X : AdditionalCorpus) { + if (X.size() > (size_t)Options.MaxLen) + X.resize(Options.MaxLen); + if (UnitsAddedAfterInitialLoad.insert(X).second) { + Corpus.push_back(X); + CurrentUnit.clear(); + CurrentUnit.insert(CurrentUnit.begin(), X.begin(), X.end()); + size_t NewCoverage = RunOne(CurrentUnit); + if (NewCoverage && Options.Verbosity >= 1) + PrintStats("RELOAD", NewCoverage); + } + } +} + void Fuzzer::ShuffleAndMinimize() { size_t MaxCov = 0; bool PreferSmall = @@ -268,6 +292,7 @@ void Fuzzer::SaveCorpus() { void Fuzzer::ReportNewCoverage(size_t NewCoverage, const Unit &U) { if (!NewCoverage) return; Corpus.push_back(U); + UnitsAddedAfterInitialLoad.insert(U); PrintStats("NEW ", NewCoverage, ""); if (Options.Verbosity) { std::cerr << " L: " << U.size(); @@ -299,6 +324,7 @@ void Fuzzer::MutateAndTestOne(Unit *U) { void Fuzzer::Loop(size_t NumIterations) { for (size_t i = 1; i <= NumIterations; i++) { for (size_t J1 = 0; J1 < Corpus.size(); J1++) { + RereadOutputCorpus(); if (TotalNumberOfRuns >= Options.MaxNumberOfRuns) return; // First, simply mutate the unit w/o doing crosses. |
