# We clean the fuzz cache during this test. Don't clean the user's cache.
env GOCACHE=$WORK/gocache
-# Test that fuzzminimizetime can be zero seconds
-! go test -fuzz=FuzzMinimizerRecoverable -run=FuzzMinimizerRecoverable -fuzztime=10000x -fuzzminimizetime=0s minimizer_test.go
-! stdout '^ok'
-stdout 'contains a non-zero byte'
-stdout FAIL
-
-# Test that fuzzminimizetime can be zero times
-! go test -fuzz=FuzzMinimizerRecoverable -run=FuzzMinimizerRecoverable -fuzztime=10000x -fuzzminimizetime=0x minimizer_test.go
-! stdout '^ok'
-stdout 'contains a non-zero byte'
-stdout FAIL
-
# Test that fuzzminimizetime cannot be negative seconds
! go test -fuzz=FuzzMinimizerRecoverable -run=FuzzMinimizerRecoverable -fuzztime=10000x -fuzzminimizetime=-1ms minimizer_test.go
! stdout '^ok'
stdout 'invalid count'
stdout FAIL
+# Test that fuzzminimizetime can be zero seconds, and minimization is disabled
+! go test -fuzz=FuzzMinimizeZeroDurationSet -run=FuzzMinimizeZeroDurationSet -fuzztime=10000x -fuzzminimizetime=0s minimizer_test.go
+! stdout '^ok'
+! stdout 'found a crash, minimizing...'
+stdout 'there was an Error'
+stdout FAIL
+
+# Test that fuzzminimizetime can be zero times, and minimization is disabled
+! go test -fuzz=FuzzMinimizeZeroLimitSet -run=FuzzMinimizeZeroLimitSet -fuzztime=10000x -fuzzminimizetime=0x minimizer_test.go
+! stdout '^ok'
+! stdout 'found a crash, minimizing...'
+stdout 'there was an Error'
+stdout FAIL
+
# Test that minimization is working for recoverable errors.
! go test -fuzz=FuzzMinimizerRecoverable -run=FuzzMinimizerRecoverable -fuzztime=10000x minimizer_test.go
! stdout '^ok'
"testing"
)
+func FuzzMinimizeZeroDurationSet(f *testing.F) {
+ f.Fuzz(func(t *testing.T, b []byte) {
+ if len(b) > 5 {
+ t.Errorf("there was an Error")
+ }
+ })
+}
+
+func FuzzMinimizeZeroLimitSet(f *testing.F) {
+ f.Fuzz(func(t *testing.T, b []byte) {
+ if len(b) > 5 {
+ t.Errorf("there was an Error")
+ }
+ })
+}
+
func FuzzMinimizerRecoverable(f *testing.F) {
f.Add(make([]byte, 100))
f.Fuzz(func(t *testing.T, b []byte) {
Limit int64
// MinimizeTimeout is the amount of wall clock time to spend minimizing
- // after discovering a crasher. If zero, there will be no time limit.
+ // after discovering a crasher. If zero, there will be no time limit. If
+ // MinimizeTimeout and MinimizeLimit are both zero, then minimization will
+ // be disabled.
MinimizeTimeout time.Duration
// MinimizeLimit is the maximum number of calls to the fuzz function to be
- // made while minimizing after finding a crash. If zero, there will be
- // no limit. Calls to the fuzz function made when minimizing also count
- // toward Limit.
+ // made while minimizing after finding a crash. If zero, there will be no
+ // limit. Calls to the fuzz function made when minimizing also count toward
+ // Limit. If MinimizeTimeout and MinimizeLimit are both zero, then
+ // minimization will be disabled.
MinimizeLimit int64
// parallel is the number of worker processes to run in parallel. If zero,
// generated values that workers reported as interesting.
corpus corpus
- // typesAreMinimizable is true if one or more of the types of fuzz function's
- // parameters can be minimized.
- typesAreMinimizable bool
+ // minimizationAllowed is true if one or more of the types of fuzz
+ // function's parameters can be minimized, and either the limit or duration
+ // for minimization is non-zero.
+ minimizationAllowed bool
// inputQueue is a queue of inputs that workers should try fuzzing. This is
// initially populated from the seed corpus and cached inputs. More inputs
resultC: make(chan fuzzResult),
corpus: corpus,
}
- for _, t := range opts.Types {
- if isMinimizable(t) {
- c.typesAreMinimizable = true
- break
+ if opts.MinimizeLimit > 0 || opts.MinimizeTimeout > 0 {
+ for _, t := range opts.Types {
+ if isMinimizable(t) {
+ c.minimizationAllowed = true
+ break
+ }
}
}
// peekMinimizeInput returns the next input that should be sent to workers for
// minimization.
func (c *coordinator) peekMinimizeInput() (fuzzMinimizeInput, bool) {
- if c.opts.Limit > 0 && c.count+c.countWaiting >= c.opts.Limit {
+ if !c.canMinimize() {
// Already making the maximum number of calls to the fuzz function.
// Don't send more inputs right now.
return fuzzMinimizeInput{}, false
// canMinimize returns whether the coordinator should attempt to find smaller
// inputs that reproduce a crash or new coverage.
func (c *coordinator) canMinimize() bool {
- return c.typesAreMinimizable &&
+ return c.minimizationAllowed &&
(c.opts.Limit == 0 || c.count+c.countWaiting < c.opts.Limit)
}