5cda4dc7b4
This patch scales the energy computed by the Entropic schedule based on the execution time of each input. The input execution time is compared with the average execution time of inputs in the corpus, and, based on the amount by which they differ, the energy is scaled from 0.1x (for inputs executing slow) to 3x (for inputs executing fast). Note that the exact scaling criteria and formula is borrowed from AFL. On FuzzBench, this gives a sizeable throughput increase, which in turn leads to more coverage on several benchmarks. For details, see the following report. https://storage.googleapis.com/fuzzer-test-suite-public/exectime-report/index.html Differential Revision: https://reviews.llvm.org/D86092
34 lines
1.1 KiB
C++
34 lines
1.1 KiB
C++
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
|
|
// See https://llvm.org/LICENSE.txt for license information.
|
|
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
|
|
|
|
// Tests whether scaling the Entropic scheduling weight based on input execution
|
|
// time is effective or not. Inputs of size 10 will take at least 100
|
|
// microseconds more than any input of size 1-9. The input of size 2 in the
|
|
// corpus should be favored by the exec-time-scaled Entropic scheduling policy
|
|
// than the input of size 10 in the corpus, eventually finding the crashing
|
|
// input {0xab, 0xcd} with less executions.
|
|
#include <chrono>
|
|
#include <cstdint>
|
|
#include <thread>
|
|
|
|
static volatile int Sink;
|
|
static volatile int *Nil = nullptr;
|
|
|
|
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
|
|
if (Size > 10)
|
|
return 0; // To make the test quicker.
|
|
|
|
if (Size == 10) {
|
|
size_t ExecTimeUSec = 100;
|
|
std::this_thread::sleep_for(std::chrono::microseconds(ExecTimeUSec));
|
|
|
|
Sink = 0; // execute a lot slower than the crashing input below.
|
|
}
|
|
|
|
if (Size == 2 && Data[0] == 0xab && Data[1] == 0xcd)
|
|
*Nil = 42; // crash.
|
|
|
|
return 0;
|
|
}
|