FUZZER_FLAG(int, verbosity, 1, "Verbosity level.")
FUZZER_FLAG(int, seed, 0, "Random seed. If 0, seed is generated.")
FUZZER_FLAG(int, iterations, -1,
- "Number of iterations of the fuzzer (-1 for infinite runs).")
+ "Number of iterations of the fuzzer internal loop"
+ " (-1 for infinite iterations).")
+FUZZER_FLAG(int, runs, -1,
+ "Number of individual test runs (-1 for infinite runs).")
FUZZER_FLAG(int, max_len, 64, "Maximal length of the test input.")
FUZZER_FLAG(int, cross_over, 1, "If 1, cross over inputs.")
FUZZER_FLAG(int, mutate_depth, 5,
// Define the main class fuzzer::Fuzzer and most functions.
//===----------------------------------------------------------------------===//
#include <cassert>
+#include <climits>
#include <chrono>
#include <cstddef>
#include <cstdlib>
int MutateDepth = 5;
bool ExitOnFirst = false;
bool UseFullCoverageSet = false;
+ size_t MaxNumberOfRuns = ULONG_MAX;
std::string OutputCorpus;
};
Fuzzer(FuzzingOptions Options) : Options(Options) {
size_t Fuzzer::MutateAndTestOne(Unit *U) {
size_t NewUnits = 0;
for (int i = 0; i < Options.MutateDepth; i++) {
+ if (TotalNumberOfRuns >= Options.MaxNumberOfRuns)
+ return NewUnits;
Mutate(U, Options.MaxLen);
size_t NewCoverage = RunOne(*U);
if (NewCoverage) {
size_t Fuzzer::Loop(size_t NumIterations) {
size_t NewUnits = 0;
for (size_t i = 1; i <= NumIterations; i++) {
- if (Options.DoCrossOver) {
- for (size_t J1 = 0; J1 < Corpus.size(); J1++) {
+ for (size_t J1 = 0; J1 < Corpus.size(); J1++) {
+ if (TotalNumberOfRuns >= Options.MaxNumberOfRuns)
+ return NewUnits;
+ // First, simply mutate the unit w/o doing crosses.
+ CurrentUnit = Corpus[J1];
+ NewUnits += MutateAndTestOne(&CurrentUnit);
+ // Now, cross with others.
+ if (Options.DoCrossOver) {
for (size_t J2 = 0; J2 < Corpus.size(); J2++) {
CurrentUnit.clear();
CrossOver(Corpus[J1], Corpus[J2], &CurrentUnit, Options.MaxLen);
NewUnits += MutateAndTestOne(&CurrentUnit);
}
}
- } else { // No CrossOver
- for (size_t J = 0; J < Corpus.size(); J++) {
- CurrentUnit = Corpus[J];
- NewUnits += MutateAndTestOne(&CurrentUnit);
- }
}
}
return NewUnits;
#include "FuzzerInternal.h"
-#include <climits>
#include <cstring>
#include <unistd.h>
#include <iostream>
Options.MutateDepth = Flags.mutate_depth;
Options.ExitOnFirst = Flags.exit_on_first;
Options.UseFullCoverageSet = Flags.use_full_coverage_set;
+ if (Flags.runs >= 0)
+ Options.MaxNumberOfRuns = Flags.runs;
if (!inputs.empty())
Options.OutputCorpus = inputs[0];
Fuzzer F(Options);
projects / oota-llvm.git / commitdiff