[libFuzzer] add a flag -max_total_time

author Kostya Serebryany <kcc@google.com>

Fri, 2 Oct 2015 20:47:55 +0000 (20:47 +0000)

committer Kostya Serebryany <kcc@google.com>

Fri, 2 Oct 2015 20:47:55 +0000 (20:47 +0000)
author Kostya Serebryany <kcc@google.com>
Fri, 2 Oct 2015 20:47:55 +0000 (20:47 +0000)
committer Kostya Serebryany <kcc@google.com>
Fri, 2 Oct 2015 20:47:55 +0000 (20:47 +0000)
diff --git a/docs/LibFuzzer.rst b/docs/LibFuzzer.rst

index a9948d893e14ed462f68b36074a410c92c50884e..4155526ac8461a94816906c4b5223db76a4102d4 100644 (file)
--- a/docs/LibFuzzer.rst
+++ b/docs/LibFuzzer.rst
@@ -60,6 +60,7 @@ The most important flags are::
    cross_over                           1       If 1, cross over inputs.
    mutate_depth                         5       Apply this number of consecutive mutations to each input.
    timeout                              1200    Timeout in seconds (if positive). If one unit runs more than this number of seconds the process will abort.
+  max_total_time                        0       If positive, indicates the maximal total time in seconds to run the fuzzer.
    help                                 0       Print help.
    save_minimized_corpus                0       If 1, the minimized corpus is saved into the first input directory. Example: ./fuzzer -save_minimized_corpus=1 NEW_EMPTY_DIR OLD_CORPUS
    jobs                                 0       Number of jobs to run. If jobs >= 1 we spawn this number of jobs in separate worker processes with stdout/stderr redirected to fuzz-JOB.log.
diff --git a/lib/Fuzzer/FuzzerDriver.cpp b/lib/Fuzzer/FuzzerDriver.cpp

index 9c4406e219c79553d47dda1ea19a2664bab5b370..4b9b57f27ea76c6e4b7607f668e56bf282d0796b 100644 (file)
--- a/lib/Fuzzer/FuzzerDriver.cpp
+++ b/lib/Fuzzer/FuzzerDriver.cpp
@@ -249,6 +249,7 @@ int FuzzerDriver(const std::vector<std::string> &Args,
    Options.Verbosity = Flags.verbosity;
    Options.MaxLen = Flags.max_len;
    Options.UnitTimeoutSec = Flags.timeout;
+  Options.MaxTotalTimeSec = Flags.max_total_time;
    Options.DoCrossOver = Flags.cross_over;
    Options.MutateDepth = Flags.mutate_depth;
    Options.ExitOnFirst = Flags.exit_on_first;
diff --git a/lib/Fuzzer/FuzzerFlags.def b/lib/Fuzzer/FuzzerFlags.def

index 3b2a0f5544c5ea823a5d490e3917d3122aaf6c29..48ae220dee71d97d8859ecd929f55ea2d29ba40e 100644 (file)
--- a/lib/Fuzzer/FuzzerFlags.def
+++ b/lib/Fuzzer/FuzzerFlags.def
@@ -28,6 +28,8 @@ FUZZER_FLAG_INT(
      timeout, 1200,
      "Timeout in seconds (if positive). "
      "If one unit runs more than this number of seconds the process will abort.")
+FUZZER_FLAG_INT(max_total_time, 0, "If positive, indicates the maximal total "
+                                   "time in seconds to run the fuzzer.")
  FUZZER_FLAG_INT(help, 0, "Print help.")
  FUZZER_FLAG_INT(
      save_minimized_corpus, 0,
@@ -66,4 +68,4 @@ FUZZER_FLAG_INT(tbm_depth, 5, "Apply at most this number of consecutive"
                                 "trace-based-mutations (tbm).")
  FUZZER_FLAG_INT(tbm_width, 5, "Apply at most this number of independent"
                                 "trace-based-mutations (tbm)")
-FUZZER_FLAG_STRING(test_single_input, "Use specified file as test input.")
-\ No newline at end of file
+FUZZER_FLAG_STRING(test_single_input, "Use specified file as test input.")
diff --git a/lib/Fuzzer/FuzzerInternal.h b/lib/Fuzzer/FuzzerInternal.h

index 862732eedf7e785ff06a1e818f5c99507a9d6601..8d4833f1d93c607b3c168776c48eb6136093c2af 100644 (file)
--- a/lib/Fuzzer/FuzzerInternal.h
+++ b/lib/Fuzzer/FuzzerInternal.h
@@ -73,6 +73,7 @@ class Fuzzer {
      int Verbosity = 1;
      int MaxLen = 0;
      int UnitTimeoutSec = 300;
+    int MaxTotalTimeSec = 0;
      bool DoCrossOver = true;
      int  MutateDepth = 5;
      bool ExitOnFirst = false;
diff --git a/lib/Fuzzer/FuzzerLoop.cpp b/lib/Fuzzer/FuzzerLoop.cpp

index 96783dac6739e488c61a3612702f1d1aabb9fd9c..6e04868fd40fb5519252b90def527f162ad3eb2b 100644 (file)
--- a/lib/Fuzzer/FuzzerLoop.cpp
+++ b/lib/Fuzzer/FuzzerLoop.cpp
@@ -337,6 +337,10 @@ void Fuzzer::Loop() {
        RereadOutputCorpus();
        if (TotalNumberOfRuns >= Options.MaxNumberOfRuns)
          return;
+      if (Options.MaxTotalTimeSec > 0 &&
+          secondsSinceProcessStartUp() >
+              static_cast<size_t>(Options.MaxTotalTimeSec))
+        return;
        CurrentUnit = Corpus[J1];
        // Optionally, cross with another unit.
        if (Options.DoCrossOver && USF.GetRand().RandBool()) {
diff --git a/lib/Fuzzer/test/fuzzer.test b/lib/Fuzzer/test/fuzzer.test

index 29bd8071000003f05a9782057a28fbfaafdc7431..046c377206d935ac37733a77b6d2eef5058ab962 100644 (file)
--- a/lib/Fuzzer/test/fuzzer.test
+++ b/lib/Fuzzer/test/fuzzer.test
@@ -7,6 +7,9 @@ RUN: not LLVMFuzzer-InfiniteTest -timeout=2 2>&1 | FileCheck %s --check-prefix=I
  InfiniteTest: ALARM: working on the last Unit for
  InfiniteTest: Test unit written to timeout-
  
+RUN: LLVMFuzzer-SimpleCmpTest -max_total_time=1 2>&1 | FileCheck %s --check-prefix=MaxTotalTime
+MaxTotalTime: Done {{.*}} runs in {{.}} second(s)
+
  RUN: not LLVMFuzzer-TimeoutTest -timeout=5 2>&1 | FileCheck %s --check-prefix=TimeoutTest
  TimeoutTest: ALARM: working on the last Unit for
  TimeoutTest: Test unit written to timeout-
author	Kostya Serebryany <kcc@google.com>
	Fri, 2 Oct 2015 20:47:55 +0000 (20:47 +0000)
committer	Kostya Serebryany <kcc@google.com>
	Fri, 2 Oct 2015 20:47:55 +0000 (20:47 +0000)
docs/LibFuzzer.rst		patch \| blob \| history
lib/Fuzzer/FuzzerDriver.cpp		patch \| blob \| history
lib/Fuzzer/FuzzerFlags.def		patch \| blob \| history
lib/Fuzzer/FuzzerInternal.h		patch \| blob \| history
lib/Fuzzer/FuzzerLoop.cpp		patch \| blob \| history
lib/Fuzzer/test/fuzzer.test		patch \| blob \| history