commit 59587beb10a1e7a0f936d2b4a8e6e057bae9bf28
author Kostya Serebryany <kcc@google.com> Wed May 16 23:26:37 2018 +0000
committer Copybara-Service <copybara-worker@google.com> Thu Mar 25 23:17:01 2021 -0700
tree 002872c4dfcc0e891049bf796043ba7d75bc2b14
parent 970ba881587cea1b44e95fd7032ef09091f68f58

[libFuzzer] add an experimental flag -focus_function: libFuzzer will try to focus on inputs that trigger that function

llvm-svn: 332554
GitOrigin-RevId: e9c6f06cce2c69e91c7dcffbef3bcacb05bdea71

FuzzerLoop.cpp

diff --git a/FuzzerLoop.cpp b/FuzzerLoop.cpp
index dfa6cf3..4bf5c78 100644
--- a/FuzzerLoop.cpp
+++ b/FuzzerLoop.cpp
@@ -159,6 +159,7 @@
   AllocateCurrentUnitData();
   CurrentUnitSize = 0;
   memset(BaseSha1, 0, sizeof(BaseSha1));
+  TPC.SetFocusFunction(Options.FocusFunction);
 }
 
 Fuzzer::~Fuzzer() {}
@@ -333,6 +334,8 @@
       else
         Printf("/%zdMb", N >> 20);
     }
+    if (size_t FF = Corpus.NumInputsThatTouchFocusFunction())
+      Printf(" focus: %zd", FF);
   }
   if (TmpMaxMutationLen)
     Printf(" lim: %zd", TmpMaxMutationLen);
@@ -464,6 +467,7 @@
   if (NumNewFeatures) {
     TPC.UpdateObservedPCs();
     Corpus.AddToCorpus({Data, Data + Size}, NumNewFeatures, MayDeleteFile,
+                       TPC.ObservedFocusFunction(),
                        UniqFeatureSetTmp);
     return true;
   }
@@ -733,6 +737,10 @@
   }
 
   PrintStats("INITED");
+  if (!Options.FocusFunction.empty())
+    Printf("INFO: %zd/%zd inputs touch the focus function\n",
+           Corpus.NumInputsThatTouchFocusFunction(), Corpus.size());
+
   if (Corpus.empty()) {
     Printf("ERROR: no interesting inputs were found. "
            "Is the code instrumented for coverage? Exiting.\n");