Magic-Mirror/llvm-capstone
1
0
Fork 0
mirror of https://github.com/capstone-engine/llvm-capstone.git synced 2025-01-16 13:08:42 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

[libFuzzer] better document the -merge=1 flag

Browse Source 
llvm-svn: 268957
This commit is contained in:
Kostya Serebryany 2016-05-09 19:11:36 +00:00
parent 5eddc2395b
commit 61b07ac75b
2 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
llvm/docs/LibFuzzer.rst
View File

@ -64,14 +64,22 @@ the current corpus. If a mutation triggers execution of a previously-uncovered
path in the code under test, then that mutation is saved to the corpus for
future variations.
LibFuzzer will work fine without any initial seeds, but will be less
efficient. In particular, if the library under test accepts complex,
structured inputs then starting from a varied corpus is very important.
LibFuzzer will work without any initial seeds, but will be less
efficient if the library under test accepts complex,
structured inputs.
The corpus can also act as a sanity/regression check, to confirm that the
fuzzing entrypoint still works and that all of the sample inputs run through
the code under test without problems.
If you have a large corpus (either generated by fuzzing or acquired by other means)
you may want to minimize it while still preserving the full coverage. One way to do that
is to use the `-merge=1` flag:
.. code-block:: console
mkdir NEW_CORPUS_DIR # Store minimized corpus here.
./my-fuzzer -merge=1 NEW_CORPUS_DIR FULL_CORPUS_DIR
Getting Started
===============
@ -216,7 +224,7 @@ The most important command line options are:
``-merge``
If set to 1, any corpus inputs from the 2nd, 3rd etc. corpus directories
that trigger new code coverage will be merged into the first corpus
directory. Defaults to 0.
directory. Defaults to 0. This flag can be used to minimize a corpus.
``-reload``
If set to 1 (the default), the corpus directory is re-read periodically to
check for new inputs; this allows detection of new inputs that were discovered

3
llvm/lib/Fuzzer/FuzzerFlags.def
View File

@ -35,7 +35,8 @@ FUZZER_FLAG_INT(max_total_time, 0, "If positive, indicates the maximal total "
"time in seconds to run the fuzzer.")
FUZZER_FLAG_INT(help, 0, "Print help.")
FUZZER_FLAG_INT(merge, 0, "If 1, the 2-nd, 3-rd, etc corpora will be "
"merged into the 1-st corpus. Only interesting units will be taken.")
"merged into the 1-st corpus. Only interesting units will be taken. "
"This flag can be used to minimize a corpus.")
FUZZER_FLAG_INT(use_counters, 1, "Use coverage counters")
FUZZER_FLAG_INT(use_indir_calls, 1, "Use indirect caller-callee counters")
FUZZER_FLAG_INT(use_traces, 0, "Experimental: use instruction traces")