diff options
| -rw-r--r-- | llvm/docs/LibFuzzer.rst | 1 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerDriver.cpp | 1 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerFlags.def | 4 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerInternal.h | 1 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerLoop.cpp | 4 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/test/fuzzer.test | 3 |
6 files changed, 13 insertions, 1 deletions
diff --git a/llvm/docs/LibFuzzer.rst b/llvm/docs/LibFuzzer.rst index a9948d893e1..4155526ac84 100644 --- a/llvm/docs/LibFuzzer.rst +++ b/llvm/docs/LibFuzzer.rst @@ -60,6 +60,7 @@ The most important flags are:: cross_over 1 If 1, cross over inputs. mutate_depth 5 Apply this number of consecutive mutations to each input. timeout 1200 Timeout in seconds (if positive). If one unit runs more than this number of seconds the process will abort. + max_total_time 0 If positive, indicates the maximal total time in seconds to run the fuzzer. help 0 Print help. save_minimized_corpus 0 If 1, the minimized corpus is saved into the first input directory. Example: ./fuzzer -save_minimized_corpus=1 NEW_EMPTY_DIR OLD_CORPUS jobs 0 Number of jobs to run. If jobs >= 1 we spawn this number of jobs in separate worker processes with stdout/stderr redirected to fuzz-JOB.log. diff --git a/llvm/lib/Fuzzer/FuzzerDriver.cpp b/llvm/lib/Fuzzer/FuzzerDriver.cpp index 9c4406e219c..4b9b57f27ea 100644 --- a/llvm/lib/Fuzzer/FuzzerDriver.cpp +++ b/llvm/lib/Fuzzer/FuzzerDriver.cpp @@ -249,6 +249,7 @@ int FuzzerDriver(const std::vector<std::string> &Args, Options.Verbosity = Flags.verbosity; Options.MaxLen = Flags.max_len; Options.UnitTimeoutSec = Flags.timeout; + Options.MaxTotalTimeSec = Flags.max_total_time; Options.DoCrossOver = Flags.cross_over; Options.MutateDepth = Flags.mutate_depth; Options.ExitOnFirst = Flags.exit_on_first; diff --git a/llvm/lib/Fuzzer/FuzzerFlags.def b/llvm/lib/Fuzzer/FuzzerFlags.def index 3b2a0f5544c..48ae220dee7 100644 --- a/llvm/lib/Fuzzer/FuzzerFlags.def +++ b/llvm/lib/Fuzzer/FuzzerFlags.def @@ -28,6 +28,8 @@ FUZZER_FLAG_INT( timeout, 1200, "Timeout in seconds (if positive). " "If one unit runs more than this number of seconds the process will abort.") +FUZZER_FLAG_INT(max_total_time, 0, "If positive, indicates the maximal total " + "time in seconds to run the fuzzer.") FUZZER_FLAG_INT(help, 0, "Print help.") FUZZER_FLAG_INT( save_minimized_corpus, 0, @@ -66,4 +68,4 @@ FUZZER_FLAG_INT(tbm_depth, 5, "Apply at most this number of consecutive" "trace-based-mutations (tbm).") FUZZER_FLAG_INT(tbm_width, 5, "Apply at most this number of independent" "trace-based-mutations (tbm)") -FUZZER_FLAG_STRING(test_single_input, "Use specified file as test input.")
\ No newline at end of file +FUZZER_FLAG_STRING(test_single_input, "Use specified file as test input.") diff --git a/llvm/lib/Fuzzer/FuzzerInternal.h b/llvm/lib/Fuzzer/FuzzerInternal.h index 862732eedf7..8d4833f1d93 100644 --- a/llvm/lib/Fuzzer/FuzzerInternal.h +++ b/llvm/lib/Fuzzer/FuzzerInternal.h @@ -73,6 +73,7 @@ class Fuzzer { int Verbosity = 1; int MaxLen = 0; int UnitTimeoutSec = 300; + int MaxTotalTimeSec = 0; bool DoCrossOver = true; int MutateDepth = 5; bool ExitOnFirst = false; diff --git a/llvm/lib/Fuzzer/FuzzerLoop.cpp b/llvm/lib/Fuzzer/FuzzerLoop.cpp index 96783dac673..6e04868fd40 100644 --- a/llvm/lib/Fuzzer/FuzzerLoop.cpp +++ b/llvm/lib/Fuzzer/FuzzerLoop.cpp @@ -337,6 +337,10 @@ void Fuzzer::Loop() { RereadOutputCorpus(); if (TotalNumberOfRuns >= Options.MaxNumberOfRuns) return; + if (Options.MaxTotalTimeSec > 0 && + secondsSinceProcessStartUp() > + static_cast<size_t>(Options.MaxTotalTimeSec)) + return; CurrentUnit = Corpus[J1]; // Optionally, cross with another unit. if (Options.DoCrossOver && USF.GetRand().RandBool()) { diff --git a/llvm/lib/Fuzzer/test/fuzzer.test b/llvm/lib/Fuzzer/test/fuzzer.test index 29bd8071000..046c377206d 100644 --- a/llvm/lib/Fuzzer/test/fuzzer.test +++ b/llvm/lib/Fuzzer/test/fuzzer.test @@ -7,6 +7,9 @@ RUN: not LLVMFuzzer-InfiniteTest -timeout=2 2>&1 | FileCheck %s --check-prefix=I InfiniteTest: ALARM: working on the last Unit for InfiniteTest: Test unit written to timeout- +RUN: LLVMFuzzer-SimpleCmpTest -max_total_time=1 2>&1 | FileCheck %s --check-prefix=MaxTotalTime +MaxTotalTime: Done {{.*}} runs in {{.}} second(s) + RUN: not LLVMFuzzer-TimeoutTest -timeout=5 2>&1 | FileCheck %s --check-prefix=TimeoutTest TimeoutTest: ALARM: working on the last Unit for TimeoutTest: Test unit written to timeout- |
