diff options
Diffstat (limited to 'llvm/lib')
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerDriver.cpp | 1 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerFlags.def | 2 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerInternal.h | 1 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerLoop.cpp | 3 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/test/fuzzer-prunecorpus.test | 13 | 
5 files changed, 19 insertions, 1 deletions
| diff --git a/llvm/lib/Fuzzer/FuzzerDriver.cpp b/llvm/lib/Fuzzer/FuzzerDriver.cpp index de5e461eda5..9807d605aeb 100644 --- a/llvm/lib/Fuzzer/FuzzerDriver.cpp +++ b/llvm/lib/Fuzzer/FuzzerDriver.cpp @@ -336,6 +336,7 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {    Options.PrintNewCovPcs = Flags.print_new_cov_pcs;    Options.PrintFinalStats = Flags.print_final_stats;    Options.TruncateUnits = Flags.truncate_units; +  Options.PruneCorpus = Flags.prune_corpus;    unsigned Seed = Flags.seed;    // Initialize Seed. diff --git a/llvm/lib/Fuzzer/FuzzerFlags.def b/llvm/lib/Fuzzer/FuzzerFlags.def index 1f27fe8902f..2945152ae70 100644 --- a/llvm/lib/Fuzzer/FuzzerFlags.def +++ b/llvm/lib/Fuzzer/FuzzerFlags.def @@ -85,6 +85,8 @@ FUZZER_FLAG_INT(detect_leaks, 1, "If 1, and if LeakSanitizer is enabled "  FUZZER_FLAG_INT(rss_limit_mb, 2048, "If non-zero, the fuzzer will exit upon"      "reaching this limit of RSS memory usage.")  FUZZER_FLAG_INT(truncate_units, 0, "Try truncated units when loading corpus.") +FUZZER_FLAG_INT(prune_corpus, 1, "Prune corpus items without new coverage when " +                                 "loading corpus.")  FUZZER_DEPRECATED_FLAG(exit_on_first)  FUZZER_DEPRECATED_FLAG(save_minimized_corpus) diff --git a/llvm/lib/Fuzzer/FuzzerInternal.h b/llvm/lib/Fuzzer/FuzzerInternal.h index 637d2b4b375..ba4ced5b608 100644 --- a/llvm/lib/Fuzzer/FuzzerInternal.h +++ b/llvm/lib/Fuzzer/FuzzerInternal.h @@ -331,6 +331,7 @@ public:      bool PrintFinalStats = false;      bool DetectLeaks = true;      bool TruncateUnits = false; +    bool PruneCorpus = true;    };    // Aggregates all available coverage measurements. diff --git a/llvm/lib/Fuzzer/FuzzerLoop.cpp b/llvm/lib/Fuzzer/FuzzerLoop.cpp index 378178e064d..b7422329e05 100644 --- a/llvm/lib/Fuzzer/FuzzerLoop.cpp +++ b/llvm/lib/Fuzzer/FuzzerLoop.cpp @@ -400,7 +400,8 @@ void Fuzzer::ShuffleAndMinimize() {    }    for (const auto &U : Corpus) { -    if (RunOne(U)) { +    bool NewCoverage = RunOne(U); +    if (!Options.PruneCorpus || NewCoverage) {        NewCorpus.push_back(U);        if (Options.Verbosity >= 2)          Printf("NEW0: %zd L %zd\n", MaxCoverage.BlockCoverage, U.size()); diff --git a/llvm/lib/Fuzzer/test/fuzzer-prunecorpus.test b/llvm/lib/Fuzzer/test/fuzzer-prunecorpus.test new file mode 100644 index 00000000000..a8a660e91b9 --- /dev/null +++ b/llvm/lib/Fuzzer/test/fuzzer-prunecorpus.test @@ -0,0 +1,13 @@ +RUN: rm -rf %t/PruneCorpus +RUN: mkdir -p %t/PruneCorpus +RUN: echo a > %t/PruneCorpus/a +RUN: echo b > %t/PruneCorpus/b +RUN: LLVMFuzzer-EmptyTest %t/PruneCorpus -prune_corpus=1 -runs=0 2>&1 | FileCheck %s --check-prefix=PRUNE +RUN: LLVMFuzzer-EmptyTest %t/PruneCorpus -prune_corpus=0 -runs=0 2>&1 | FileCheck %s --check-prefix=NOPRUNE +RUN: rm -rf %t/PruneCorpus + +PRUNE: READ units: 2 +PRUNE: INITED{{.*}}units: 1 +NOPRUNE: READ units: 2 +NOPRUNE: INITED{{.*}}units: 2 + | 

