[libFuzzer] implement the -shrink=1 option that tires to make elements of the corpus smaller, off by default

llvm-svn: 282995
author: Kostya Serebryany <kcc@google.com> 2016-10-01 01:04:29 +0000
committer: Kostya Serebryany <kcc@google.com> 2016-10-01 01:04:29 +0000
commit: d216922a806eee5b5119ffd2dee836c459654583 (patch)
tree: c155da1e865489be276f41cd5f0837a62d24e4ee /llvm/lib/Fuzzer/FuzzerLoop.cpp
parent: 73957e39a49e3d84e7b678fa6dd92255277d76f9 (diff)
download: bcm5719-llvm-d216922a806eee5b5119ffd2dee836c459654583.tar.gz
bcm5719-llvm-d216922a806eee5b5119ffd2dee836c459654583.zip
1 files changed, 27 insertions, 9 deletions
diff --git a/llvm/lib/Fuzzer/FuzzerLoop.cpp b/llvm/lib/Fuzzer/FuzzerLoop.cpp
index ab4a25da8ee..f2e0f243a1a 100644
--- a/llvm/lib/Fuzzer/FuzzerLoop.cpp
+++ b/llvm/lib/Fuzzer/FuzzerLoop.cpp
@@ -79,8 +79,6 @@ void Fuzzer::PrepareCounters(Fuzzer::Coverage *C) {
 bool Fuzzer::RecordMaxCoverage(Fuzzer::Coverage *C) {
   bool Res = false;
 
-  TPC.FinalizeTrace();
-
   uint64_t NewBlockCoverage = EF->__sanitizer_get_total_unique_coverage();
   if (NewBlockCoverage > C->BlockCoverage) {
     Res = true;
@@ -107,12 +105,6 @@ bool Fuzzer::RecordMaxCoverage(Fuzzer::Coverage *C) {
     }
   }
 
-  if (TPC.UpdateCounterMap(&C->TPCMap))
-    Res = true;
-
-  if (TPC.UpdateValueProfileMap(&C->VPMap))
-    Res = true;
-
   return Res;
 }
 
@@ -353,6 +345,16 @@ void Fuzzer::SetMaxMutationLen(size_t MaxMutationLen) {
   this->MaxMutationLen = MaxMutationLen;
 }
 
+void Fuzzer::CheckExitOnItem() {
+  if (!Options.ExitOnItem.empty()) {
+    if (Corpus.HasUnit(Options.ExitOnItem)) {
+      Printf("INFO: found item with checksum '%s', exiting.\n",
+             Options.ExitOnItem.c_str());
+      _Exit(0);
+    }
+  }
+}
+
 void Fuzzer::CheckExitOnSrcPos() {
   if (!Options.ExitOnSrcPos.empty()) {
     uintptr_t *PCIDs;
@@ -422,7 +424,22 @@ bool Fuzzer::RunOne(const uint8_t *Data, size_t Size) {
   TotalNumberOfRuns++;
 
   ExecuteCallback(Data, Size);
-  bool Res = RecordMaxCoverage(&MaxCoverage);
+  bool Res = false;
+
+  if (TPC.FinalizeTrace(Size))
+    if (Options.Shrink)
+      Res = true;
+
+  if (!Res) {
+    if (TPC.UpdateCounterMap(&MaxCoverage.TPCMap))
+      Res = true;
+
+    if (TPC.UpdateValueProfileMap(&MaxCoverage.VPMap))
+      Res = true;
+  }
+
+  if (RecordMaxCoverage(&MaxCoverage))
+    Res = true;
 
   CheckExitOnSrcPos();
   auto TimeOfUnit =
@@ -667,6 +684,7 @@ void Fuzzer::MutateAndTestOne() {
     if (RunOne(CurrentUnitData, Size)) {
       Corpus.AddToCorpus({CurrentUnitData, CurrentUnitData + Size});
       ReportNewCoverage(&II, {CurrentUnitData, CurrentUnitData + Size});
+      CheckExitOnItem();
     }
     StopTraceRecording();
     TryDetectingAMemoryLeak(CurrentUnitData, Size,
author	Kostya Serebryany <kcc@google.com>	2016-10-01 01:04:29 +0000
committer	Kostya Serebryany <kcc@google.com>	2016-10-01 01:04:29 +0000
commit	d216922a806eee5b5119ffd2dee836c459654583 (patch)
tree	c155da1e865489be276f41cd5f0837a62d24e4ee /llvm/lib/Fuzzer/FuzzerLoop.cpp
parent	73957e39a49e3d84e7b678fa6dd92255277d76f9 (diff)
download	bcm5719-llvm-d216922a806eee5b5119ffd2dee836c459654583.tar.gz bcm5719-llvm-d216922a806eee5b5119ffd2dee836c459654583.zip