Options.Tokens = ReadTokensFile(Flags.tokens);
Options.Reload = Flags.reload;
Options.OnlyASCII = Flags.only_ascii;
+ Options.TBMDepth = Flags.tbm_depth;
+ Options.TBMWidth = Flags.tbm_width;
if (Flags.runs >= 0)
Options.MaxNumberOfRuns = Flags.runs;
if (!inputs.empty())
"Report slowest units if they run for more than this number of seconds.")
FUZZER_FLAG_INT(only_ascii, 0,
"If 1, generate only ASCII (isprint+isspace) inputs.")
+FUZZER_FLAG_INT(tbm_depth, 5, "Apply at most this number of consecutive"
+ "trace-based-mutations (tbm).")
+FUZZER_FLAG_INT(tbm_width, 5, "Apply at most this number of independent"
+ "trace-based-mutations (tbm)")
int SyncTimeout = 600;
int ReportSlowUnits = 10;
bool OnlyASCII = false;
+ int TBMDepth = 10;
+ int TBMWidth = 10;
std::string OutputCorpus;
std::string SyncCommand;
std::vector<std::string> Tokens;
Unit CurrentUnit;
size_t TotalNumberOfRuns = 0;
+ size_t TotalNumberOfExecutedTraceBasedMutations = 0;
std::vector<Unit> Corpus;
std::unordered_set<std::string> UnitHashesAddedToCorpus;
if (!Options.Verbosity) return;
size_t Seconds = secondsSinceProcessStartUp();
size_t ExecPerSec = (Seconds ? TotalNumberOfRuns / Seconds : 0);
- Printf("#%zd\t%s cov: %zd bits: %zd units: %zd exec/s: %zd %s",
- TotalNumberOfRuns, Where, Cov, TotalBits(), Corpus.size(), ExecPerSec,
- End);
+ Printf("#%zd\t%s cov: %zd bits: %zd units: %zd exec/s: %zd",
+ TotalNumberOfRuns, Where, Cov, TotalBits(), Corpus.size(), ExecPerSec);
+ if (TotalNumberOfExecutedTraceBasedMutations)
+ Printf(" tbm: %zd", TotalNumberOfExecutedTraceBasedMutations);
+ Printf("%s", End);
}
void Fuzzer::RereadOutputCorpus() {
U->resize(NewSize);
RunOneAndUpdateCorpus(*U);
size_t NumTraceBasedMutations = StopTraceRecording();
- for (size_t j = 0; j < NumTraceBasedMutations; j++) {
- ApplyTraceBasedMutation(j, U);
- RunOneAndUpdateCorpus(*U);
+ size_t TBMWidth =
+ std::min((size_t)Options.TBMWidth, NumTraceBasedMutations);
+ size_t TBMDepth =
+ std::min((size_t)Options.TBMDepth, NumTraceBasedMutations);
+ Unit BackUp = *U;
+ for (size_t w = 0; w < TBMWidth; w++) {
+ *U = BackUp;
+ for (size_t d = 0; d < TBMDepth; d++) {
+ TotalNumberOfExecutedTraceBasedMutations++;
+ ApplyTraceBasedMutation(USF.GetRand()(NumTraceBasedMutations), U);
+ RunOneAndUpdateCorpus(*U);
+ }
}
}
}
size_t StopTraceRecording(FuzzerRandomBase &Rand) {
RecordingTraces = false;
- std::random_shuffle(Mutations.begin(), Mutations.end(), Rand);
- return std::min(Mutations.size(), 128UL);
+ return Mutations.size();
}
void ApplyTraceBasedMutation(size_t Idx, fuzzer::Unit *U);
RUN: not LLVMFuzzer-SimpleCmpTest-DFSan -use_traces=1 -seed=1 -runs=1000000 -timeout=5 2>&1 | FileCheck %s --check-prefix=CHECK1
RUN: LLVMFuzzer-SimpleCmpTest-DFSan -use_traces=1 -seed=1 -runs=100 -timeout=5 -verbosity=3 2>&1 | FileCheck %s -check-prefix=CHECK_DFSanCmpCallback
-RUN: not LLVMFuzzer-MemcmpTest-DFSan -use_traces=1 -seed=1 -runs=1000 -timeout=5 2>&1 | FileCheck %s --check-prefix=CHECK2
+RUN: not LLVMFuzzer-MemcmpTest-DFSan -use_traces=1 -seed=1 -runs=10000 -timeout=5 2>&1 | FileCheck %s --check-prefix=CHECK2
RUN: LLVMFuzzer-MemcmpTest-DFSan -use_traces=1 -seed=1 -runs=2 -timeout=5 -verbosity=3 2>&1 | FileCheck %s -check-prefix=CHECK_DFSanCmpCallback
RUN: not LLVMFuzzer-StrncmpTest-DFSan -use_traces=1 -seed=1 -runs=10000 -timeout=5 2>&1 | FileCheck %s --check-prefix=CHECK3
RUN: not LLVMFuzzer-UserSuppliedFuzzerTest -seed=1 -timeout=15 2>&1 | FileCheck %s
-RUN: not LLVMFuzzer-MemcmpTest -use_traces=1 -seed=1 -runs=10000 2>&1 | FileCheck %s
+RUN: not LLVMFuzzer-MemcmpTest -use_traces=1 -seed=1 -runs=100000 2>&1 | FileCheck %s
RUN: LLVMFuzzer-MemcmpTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=Done1000000
Done1000000: Done 1000000 runs in
-RUN: not LLVMFuzzer-StrncmpTest -use_traces=1 -seed=1 -runs=10000 2>&1 | FileCheck %s
+RUN: not LLVMFuzzer-StrncmpTest -use_traces=1 -seed=1 -runs=100000 2>&1 | FileCheck %s
RUN: LLVMFuzzer-StrncmpTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=Done1000000
-RUN: not LLVMFuzzer-StrcmpTest -use_traces=1 -seed=1 -runs=10000 2>&1 | FileCheck %s
+RUN: not LLVMFuzzer-StrcmpTest -use_traces=1 -seed=1 -runs=100000 2>&1 | FileCheck %s
RUN: LLVMFuzzer-StrcmpTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=Done1000000
RUN: not LLVMFuzzer-SwitchTest -use_traces=1 -seed=1 -runs=1000000 2>&1 | FileCheck %s
projects / oota-llvm.git / commitdiff