[libFuzzer] add an experimental search heuristic flag -reduce_depth
llvm-svn: 319571
diff --git a/compiler-rt/lib/fuzzer/FuzzerLoop.cpp b/compiler-rt/lib/fuzzer/FuzzerLoop.cpp
index 81e609e..51d37c3 100644
--- a/compiler-rt/lib/fuzzer/FuzzerLoop.cpp
+++ b/compiler-rt/lib/fuzzer/FuzzerLoop.cpp
@@ -433,7 +433,7 @@
}
bool Fuzzer::RunOne(const uint8_t *Data, size_t Size, bool MayDeleteFile,
- InputInfo *II) {
+ InputInfo *II, bool *FoundUniqFeatures) {
if (!Size)
return false;
@@ -451,6 +451,8 @@
II->UniqFeatureSet.end(), Feature))
FoundUniqFeaturesOfII++;
});
+ if (FoundUniqFeatures)
+ *FoundUniqFeatures = FoundUniqFeaturesOfII;
PrintPulseAndReportSlowInput(Data, Size);
size_t NumNewFeatures = Corpus.NumFeatureUpdates() - NumUpdatesBefore;
if (NumNewFeatures) {
@@ -642,11 +644,18 @@
Size = NewSize;
II.NumExecutedMutations++;
- bool NewCov = RunOne(CurrentUnitData, Size, /*MayDeleteFile=*/true, &II);
+ bool FoundUniqFeatures = false;
+ bool NewCov = RunOne(CurrentUnitData, Size, /*MayDeleteFile=*/true, &II,
+ &FoundUniqFeatures);
+ // Printf("FUF[%d] %d\n", i, FoundUniqFeatures);
TryDetectingAMemoryLeak(CurrentUnitData, Size,
/*DuringInitialCorpusExecution*/ false);
- if (NewCov)
+ if (NewCov) {
ReportNewCoverage(&II, {CurrentUnitData, CurrentUnitData + Size});
+ break; // We will mutate this input more in the next rounds.
+ }
+ if (Options.ReduceDepth && !FoundUniqFeatures)
+ break;
}
}
