[libFuzzer] add a flag -max_total_time

llvm-svn: 249181
2025-02-09 22:04:10 +00:00 · 2015-10-02 20:47:55 +00:00 · 2015-10-02 20:47:55 +00:00 · 70f0401f05
commit 70f0401f05
parent d6b9e09e7d
6 changed files with 13 additions and 1 deletions
--- a/docs/LibFuzzer.rst
+++ b/docs/LibFuzzer.rst
@ -60,6 +60,7 @@ The most important flags are::
  cross_over                         	1	If 1, cross over inputs.
  mutate_depth                       	5	Apply this number of consecutive mutations to each input.
  timeout                            	1200	Timeout in seconds (if positive). If one unit runs more than this number of seconds the process will abort.
+  max_total_time                        0       If positive, indicates the maximal total time in seconds to run the fuzzer.
  help                               	0	Print help.
  save_minimized_corpus              	0	If 1, the minimized corpus is saved into the first input directory. Example: ./fuzzer -save_minimized_corpus=1 NEW_EMPTY_DIR OLD_CORPUS
  jobs                               	0	Number of jobs to run. If jobs >= 1 we spawn this number of jobs in separate worker processes with stdout/stderr redirected to fuzz-JOB.log.
--- a/lib/Fuzzer/FuzzerDriver.cpp
+++ b/lib/Fuzzer/FuzzerDriver.cpp
@ -249,6 +249,7 @@ int FuzzerDriver(const std::vector<std::string> &Args,
  Options.Verbosity = Flags.verbosity;
  Options.MaxLen = Flags.max_len;
  Options.UnitTimeoutSec = Flags.timeout;
+  Options.MaxTotalTimeSec = Flags.max_total_time;
  Options.DoCrossOver = Flags.cross_over;
  Options.MutateDepth = Flags.mutate_depth;
  Options.ExitOnFirst = Flags.exit_on_first;
--- a/lib/Fuzzer/FuzzerFlags.def
+++ b/lib/Fuzzer/FuzzerFlags.def
@ -28,6 +28,8 @@ FUZZER_FLAG_INT(
    timeout, 1200,
    "Timeout in seconds (if positive). "
    "If one unit runs more than this number of seconds the process will abort.")
+FUZZER_FLAG_INT(max_total_time, 0, "If positive, indicates the maximal total "
+                                   "time in seconds to run the fuzzer.")
 FUZZER_FLAG_INT(help, 0, "Print help.")
 FUZZER_FLAG_INT(
    save_minimized_corpus, 0,
@ -66,4 +68,4 @@ FUZZER_FLAG_INT(tbm_depth, 5, "Apply at most this number of consecutive"
                               "trace-based-mutations (tbm).")
 FUZZER_FLAG_INT(tbm_width, 5, "Apply at most this number of independent"
                               "trace-based-mutations (tbm)")
-FUZZER_FLAG_STRING(test_single_input, "Use specified file as test input.")
+FUZZER_FLAG_STRING(test_single_input, "Use specified file as test input.")
--- a/lib/Fuzzer/FuzzerInternal.h
+++ b/lib/Fuzzer/FuzzerInternal.h
@ -73,6 +73,7 @@ class Fuzzer {
    int Verbosity = 1;
    int MaxLen = 0;
    int UnitTimeoutSec = 300;
+    int MaxTotalTimeSec = 0;
    bool DoCrossOver = true;
    int  MutateDepth = 5;
    bool ExitOnFirst = false;
--- a/lib/Fuzzer/FuzzerLoop.cpp
+++ b/lib/Fuzzer/FuzzerLoop.cpp
@ -337,6 +337,10 @@ void Fuzzer::Loop() {
      RereadOutputCorpus();
      if (TotalNumberOfRuns >= Options.MaxNumberOfRuns)
        return;
+      if (Options.MaxTotalTimeSec > 0 &&
+          secondsSinceProcessStartUp() >
+              static_cast<size_t>(Options.MaxTotalTimeSec))
+        return;
      CurrentUnit = Corpus[J1];
      // Optionally, cross with another unit.
      if (Options.DoCrossOver && USF.GetRand().RandBool()) {
--- a/lib/Fuzzer/test/fuzzer.test
+++ b/lib/Fuzzer/test/fuzzer.test
@ -7,6 +7,9 @@ RUN: not LLVMFuzzer-InfiniteTest -timeout=2 2>&1 | FileCheck %s --check-prefix=I
 InfiniteTest: ALARM: working on the last Unit for
 InfiniteTest: Test unit written to timeout-

+RUN: LLVMFuzzer-SimpleCmpTest -max_total_time=1 2>&1 | FileCheck %s --check-prefix=MaxTotalTime
+MaxTotalTime: Done {{.*}} runs in {{.}} second(s)
+
 RUN: not LLVMFuzzer-TimeoutTest -timeout=5 2>&1 | FileCheck %s --check-prefix=TimeoutTest
 TimeoutTest: ALARM: working on the last Unit for
 TimeoutTest: Test unit written to timeout-