[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v4 6/7] fuzz: add minimization options
|
From: |
Alexander Bulekov |
|
Subject: |
Re: [PATCH v4 6/7] fuzz: add minimization options |
|
Date: |
Thu, 7 Jan 2021 00:54:08 -0500 |
On 201229 1240, Qiuhao Li wrote:
> -M1: loop around the remove minimizer
> -M2: try setting bits in operand of write/out to zero
> Signed-off-by: Qiuhao Li <Qiuhao.Li@outlook.com>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
> ---
> scripts/oss-fuzz/minimize_qtest_trace.py | 32 +++++++++++++++++++-----
> 1 file changed, 26 insertions(+), 6 deletions(-)
>
> diff --git a/scripts/oss-fuzz/minimize_qtest_trace.py
> b/scripts/oss-fuzz/minimize_qtest_trace.py
> index 70ac0c5366..a681984076 100755
> --- a/scripts/oss-fuzz/minimize_qtest_trace.py
> +++ b/scripts/oss-fuzz/minimize_qtest_trace.py
> @@ -16,6 +16,10 @@ QEMU_PATH = None
> TIMEOUT = 5
> CRASH_TOKEN = None
>
> +# Minimization levels
> +M1 = False # loop around the remove minimizer
> +M2 = False # try setting bits in operand of write/out to zero
> +
> write_suffix_lookup = {"b": (1, "B"),
> "w": (2, "H"),
> "l": (4, "L"),
> @@ -23,10 +27,20 @@ write_suffix_lookup = {"b": (1, "B"),
>
> def usage():
> sys.exit("""\
> -Usage: QEMU_PATH="/path/to/qemu" QEMU_ARGS="args" {} input_trace output_trace
> +Usage:
> +
> +QEMU_PATH="/path/to/qemu" QEMU_ARGS="args" {} [Options] input_trace
> output_trace
> +
> By default, will try to use the second-to-last line in the output to identify
> whether the crash occred. Optionally, manually set a string that idenitifes
> the
> crash by setting CRASH_TOKEN=
> +
> +Options:
> +
> +-M1: enable a loop around the remove minimizer, which may help decrease some
> + timing dependant instructions. Off by default.
> +-M2: try setting bits in operand of write/out to zero. Off by default.
> +
> """.format((sys.argv[0])))
>
> deduplication_note = """\n\
> @@ -213,24 +227,30 @@ def minimize_trace(inpath, outpath):
> print("Setting the timeout for {} seconds".format(TIMEOUT))
>
> newtrace = trace[:]
> -
> + global M1, M2
> # remove minimizer
> old_len = len(newtrace) + 1
> while(old_len > len(newtrace)):
> old_len = len(newtrace)
> + print("trace lenth = ", old_len)
> remove_minimizer(newtrace, outpath)
> + if not M1 and not M2:
> + break
> newtrace = list(filter(lambda s: s != "", newtrace))
> assert(check_if_trace_crashes(newtrace, outpath))
>
> - # set zero minimizer
> - set_zero_minimizer(newtrace, outpath)
> + if M2:
> + set_zero_minimizer(newtrace, outpath)
> assert(check_if_trace_crashes(newtrace, outpath))
>
>
> if __name__ == '__main__':
> if len(sys.argv) < 3:
> usage()
> -
> + if "-M1" in sys.argv:
> + M1 = True
> + if "-M2" in sys.argv:
> + M2 = True
> QEMU_PATH = os.getenv("QEMU_PATH")
> QEMU_ARGS = os.getenv("QEMU_ARGS")
> if QEMU_PATH is None or QEMU_ARGS is None:
> @@ -239,4 +259,4 @@ if __name__ == '__main__':
> # QEMU_ARGS += " -accel qtest"
> CRASH_TOKEN = os.getenv("CRASH_TOKEN")
> QEMU_ARGS += " -qtest stdio -monitor none -serial none "
> - minimize_trace(sys.argv[1], sys.argv[2])
> + minimize_trace(sys.argv[-2], sys.argv[-1])
> --
> 2.25.1
>
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [PATCH v4 6/7] fuzz: add minimization options,
Alexander Bulekov <=