From: Kostya Serebryany Date: Wed, 19 Jul 2017 22:10:30 +0000 (+0000) Subject: [libFuzzer] enable reduce_inputs=1 by default (seems to be a big win usually) X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a575cf69b328032415f25c14beb4bf44a6c7a1db;p=llvm [libFuzzer] enable reduce_inputs=1 by default (seems to be a big win usually) git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@308541 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/docs/LibFuzzer.rst b/docs/LibFuzzer.rst index 0f0b0e2e6fb..b833c2a6cb9 100644 --- a/docs/LibFuzzer.rst +++ b/docs/LibFuzzer.rst @@ -345,6 +345,9 @@ possible event codes are: ``NEW`` The fuzzer has created a test input that covers new areas of the code under test. This input will be saved to the primary corpus directory. +``REDUCE`` + The fuzzer has found a better (smaller) input that triggers previously + discovered features (set ``-reduce_inputs=0`` to disable). ``pulse`` The fuzzer has generated 2\ :sup:`n` inputs (generated periodically to reassure the user that the fuzzer is still working). diff --git a/lib/Fuzzer/FuzzerFlags.def b/lib/Fuzzer/FuzzerFlags.def index 526805705b2..2887fd24d48 100644 --- a/lib/Fuzzer/FuzzerFlags.def +++ b/lib/Fuzzer/FuzzerFlags.def @@ -66,8 +66,8 @@ FUZZER_FLAG_INT(use_value_profile, 0, "Experimental. Use value profile to guide fuzzing.") FUZZER_FLAG_INT(use_cmp, 1, "Use CMP traces to guide mutations") FUZZER_FLAG_INT(shrink, 0, "Experimental. Try to shrink corpus inputs.") -FUZZER_FLAG_INT(reduce_inputs, 0, "Experimental. " - "Try to reduce the size of inputs wile preserving their full feature sets") +FUZZER_FLAG_INT(reduce_inputs, 1, + "Try to reduce the size of inputs while preserving their full feature sets") FUZZER_FLAG_UNSIGNED(jobs, 0, "Number of jobs to run. If jobs >= 1 we spawn" " this number of jobs in separate worker processes" " with stdout/stderr redirected to fuzz-JOB.log.") diff --git a/lib/Fuzzer/test/shrink.test b/lib/Fuzzer/test/shrink.test index edb86cb1938..79355a8f71a 100644 --- a/lib/Fuzzer/test/shrink.test +++ b/lib/Fuzzer/test/shrink.test @@ -1,6 +1,6 @@ -RUN: LLVMFuzzer-ShrinkControlFlowTest -seed=1 -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 -shrink=1 2>&1 | FileCheck %s --check-prefix=SHRINK1 -RUN: LLVMFuzzer-ShrinkControlFlowTest -seed=1 -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 -shrink=0 2>&1 | FileCheck %s --check-prefix=SHRINK0 -RUN: LLVMFuzzer-ShrinkValueProfileTest -seed=1 -exit_on_item=aea2e3923af219a8956f626558ef32f30a914ebc -runs=100000 -shrink=1 -use_value_profile=1 2>&1 | FileCheck %s --check-prefix=SHRINK1_VP +RUN: LLVMFuzzer-ShrinkControlFlowTest -seed=1 -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 -shrink=1 -reduce_inputs=0 2>&1 | FileCheck %s --check-prefix=SHRINK1 +RUN: LLVMFuzzer-ShrinkControlFlowTest -seed=1 -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -runs=1000000 -shrink=0 -reduce_inputs=0 2>&1 | FileCheck %s --check-prefix=SHRINK0 +RUN: LLVMFuzzer-ShrinkValueProfileTest -seed=1 -exit_on_item=aea2e3923af219a8956f626558ef32f30a914ebc -runs=100000 -shrink=1 -reduce_inputs=0 -use_value_profile=1 2>&1 | FileCheck %s --check-prefix=SHRINK1_VP SHRINK0: Done 1000000 runs in SHRINK1: INFO: found item with checksum '0eb8e4ed029b774d80f2b66408203801cb982a60', exiting. diff --git a/lib/Fuzzer/test/value-profile-load.test b/lib/Fuzzer/test/value-profile-load.test index 14d3109a24e..f4a5fd5a68e 100644 --- a/lib/Fuzzer/test/value-profile-load.test +++ b/lib/Fuzzer/test/value-profile-load.test @@ -1,3 +1,3 @@ CHECK: AddressSanitizer: global-buffer-overflow -RUN: not LLVMFuzzer-LoadTest -seed=1 -use_cmp=0 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s +RUN: not LLVMFuzzer-LoadTest -seed=2 -use_cmp=0 -use_value_profile=1 -runs=20000000 2>&1 | FileCheck %s