2017-08-22 07:25:50 +08:00
|
|
|
//
|
2019-01-19 16:50:56 +08:00
|
|
|
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
|
|
|
|
// See https://llvm.org/LICENSE.txt for license information.
|
|
|
|
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
|
2017-08-22 07:25:50 +08:00
|
|
|
//
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
// fuzzer::FuzzingOptions
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
|
|
#ifndef LLVM_FUZZER_OPTIONS_H
|
|
|
|
#define LLVM_FUZZER_OPTIONS_H
|
|
|
|
|
|
|
|
#include "FuzzerDefs.h"
|
|
|
|
|
|
|
|
namespace fuzzer {
|
|
|
|
|
|
|
|
struct FuzzingOptions {
|
|
|
|
int Verbosity = 1;
|
|
|
|
size_t MaxLen = 0;
|
2018-02-14 04:52:15 +08:00
|
|
|
size_t LenControl = 1000;
|
2020-07-31 08:07:20 +08:00
|
|
|
bool KeepSeed = false;
|
2017-08-22 07:25:50 +08:00
|
|
|
int UnitTimeoutSec = 300;
|
2019-02-09 08:16:21 +08:00
|
|
|
int TimeoutExitCode = 70;
|
|
|
|
int OOMExitCode = 71;
|
|
|
|
int InterruptExitCode = 72;
|
2017-08-22 07:25:50 +08:00
|
|
|
int ErrorExitCode = 77;
|
2019-02-16 05:51:15 +08:00
|
|
|
bool IgnoreTimeouts = true;
|
|
|
|
bool IgnoreOOMs = true;
|
|
|
|
bool IgnoreCrashes = false;
|
2017-08-22 07:25:50 +08:00
|
|
|
int MaxTotalTimeSec = 0;
|
|
|
|
int RssLimitMb = 0;
|
2017-12-02 06:12:04 +08:00
|
|
|
int MallocLimitMb = 0;
|
2017-08-22 07:25:50 +08:00
|
|
|
bool DoCrossOver = true;
|
2020-09-02 00:22:59 +08:00
|
|
|
bool CrossOverUniformDist = false;
|
2017-08-22 07:25:50 +08:00
|
|
|
int MutateDepth = 5;
|
2017-12-02 03:18:38 +08:00
|
|
|
bool ReduceDepth = false;
|
2017-08-22 07:25:50 +08:00
|
|
|
bool UseCounters = false;
|
|
|
|
bool UseMemmem = true;
|
|
|
|
bool UseCmp = false;
|
2018-07-04 06:33:09 +08:00
|
|
|
int UseValueProfile = false;
|
2017-08-22 07:25:50 +08:00
|
|
|
bool Shrink = false;
|
|
|
|
bool ReduceInputs = false;
|
|
|
|
int ReloadIntervalSec = 1;
|
|
|
|
bool ShuffleAtStartUp = true;
|
|
|
|
bool PreferSmall = true;
|
|
|
|
size_t MaxNumberOfRuns = -1L;
|
|
|
|
int ReportSlowUnits = 10;
|
|
|
|
bool OnlyASCII = false;
|
Entropic: Boosting LibFuzzer Performance
Summary:
This is collaboration between Marcel Boehme @ Monash, Australia and Valentin Manès plus Sang Kil Cha @ KAIST, South Korea.
We have made a few modifications to boost LibFuzzer performance by changing how weights are assigned to the seeds in the corpus. Essentially, seeds that reveal more "information" about globally rare features are assigned a higher weight. Our results on the Fuzzer Test Suite seem quite promising. In terms of bug finding, our Entropic patch usually finds the same errors much faster and in more runs. In terms of coverage, our version Entropic achieves the same coverage in less than half the time for the majority of subjects. For the lack of space, we shared more detailed performance results directly with @kcc. We'll publish the preprint with all the technical details as soon as it is accepted. Happy to share if you drop us an email.
There should be plenty of opportunities to optimise further. For instance, while Entropic achieves the same coverage in less than half the time, Entropic has a much lower #execs per second. We ran the perf-tool and found a few performance bottlenecks.
Thanks for open-sourcing LibFuzzer (and the entire LLVM Compiler Infrastructure)! This has been such a tremendous help to my research.
Patch By: Marcel Boehme
Reviewers: kcc, metzman, morehouse, Dor1s, vitalybuka
Reviewed By: kcc
Subscribers: dgg5503, Valentin, llvm-commits, kcc
Tags: #llvm
Differential Revision: https://reviews.llvm.org/D73776
2020-05-20 01:28:18 +08:00
|
|
|
bool Entropic = false;
|
|
|
|
size_t EntropicFeatureFrequencyThreshold = 0xFF;
|
|
|
|
size_t EntropicNumberOfRarestFeatures = 100;
|
2017-08-22 07:25:50 +08:00
|
|
|
std::string OutputCorpus;
|
|
|
|
std::string ArtifactPrefix = "./";
|
|
|
|
std::string ExactArtifactPath;
|
|
|
|
std::string ExitOnSrcPos;
|
|
|
|
std::string ExitOnItem;
|
2018-05-17 07:26:37 +08:00
|
|
|
std::string FocusFunction;
|
2018-06-06 09:23:29 +08:00
|
|
|
std::string DataFlowTrace;
|
2019-05-23 08:22:46 +08:00
|
|
|
std::string CollectDataFlow;
|
2019-04-13 08:20:31 +08:00
|
|
|
std::string FeaturesDir;
|
2019-06-15 06:56:50 +08:00
|
|
|
std::string StopFile;
|
2017-08-22 07:25:50 +08:00
|
|
|
bool SaveArtifacts = true;
|
|
|
|
bool PrintNEW = true; // Print a status line when new units are found;
|
|
|
|
bool PrintNewCovPcs = false;
|
2017-08-29 06:52:22 +08:00
|
|
|
int PrintNewCovFuncs = 0;
|
2017-08-22 07:25:50 +08:00
|
|
|
bool PrintFinalStats = false;
|
|
|
|
bool PrintCorpusStats = false;
|
|
|
|
bool PrintCoverage = false;
|
2018-05-22 03:47:00 +08:00
|
|
|
bool DumpCoverage = false;
|
2017-08-22 07:25:50 +08:00
|
|
|
bool DetectLeaks = true;
|
2017-10-24 06:04:30 +08:00
|
|
|
int PurgeAllocatorIntervalSec = 1;
|
2017-08-22 07:25:50 +08:00
|
|
|
int TraceMalloc = 0;
|
|
|
|
bool HandleAbrt = false;
|
2020-08-12 04:16:08 +08:00
|
|
|
bool HandleAlrm = false;
|
2017-08-22 07:25:50 +08:00
|
|
|
bool HandleBus = false;
|
|
|
|
bool HandleFpe = false;
|
|
|
|
bool HandleIll = false;
|
|
|
|
bool HandleInt = false;
|
|
|
|
bool HandleSegv = false;
|
|
|
|
bool HandleTerm = false;
|
|
|
|
bool HandleXfsz = false;
|
2017-11-10 04:30:19 +08:00
|
|
|
bool HandleUsr1 = false;
|
|
|
|
bool HandleUsr2 = false;
|
2017-08-22 07:25:50 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
} // namespace fuzzer
|
|
|
|
|
|
|
|
#endif // LLVM_FUZZER_OPTIONS_H
|