forked from OSchip/llvm-project
Kostya Serebryany
parent
71f2a5e60f
commit
9c9a8a96d3
|
|
@ -178,6 +178,28 @@ worker processes can be overridden by the ``-workers=N`` option. For example,
|
|||
running with ``-jobs=30`` on a 12-core machine would run 6 workers by default,
|
||||
with each worker averaging 5 bugs by completion of the entire process.
|
||||
|
||||
Fork mode
|
||||
---------
|
||||
|
||||
**Experimental** mode ``-fork=N`` (where ``N`` is the number of parallel jobs)
|
||||
enables oom-, timeout-, and crash-resistant
|
||||
fuzzing with separate processes (using ``fork-exec``, not just ``fork``).
|
||||
|
||||
The top libFuzzer process will not do any fuzzing itself, but will
|
||||
spawn up to ``N`` concurrent child processes providing them
|
||||
small random subsets of the corpus. After a child exits, the top process
|
||||
merges the corpus generated by the child back to the main corpus.
|
||||
|
||||
Related flags:
|
||||
``-ignore_ooms``
|
||||
True by default. If an OOM happens during fuzzing in one of the child processes,
|
||||
the reproducer is saved on disk, and fuzzing continues.
|
||||
``-ignore_timeouts``
|
||||
True by default, same as ``-ignore_ooms``, but for timeouts.
|
||||
``-ignore_crashes``
|
||||
False by default, same as ``-ignore_ooms``, but for all other crashes.
|
||||
|
||||
The plan is to eventually replace ``-jobs=N`` and ``-workers=N`` with ``-fork=N``.
|
||||
|
||||
Resuming merge
|
||||
--------------
|
||||
|
|
|
|||
Loading…
Reference in New Issue