Make simplification steps configurable

Closes #54
senier · May 15, 2024 · 45a2c0f · 45a2c0f
1 parent 2ddfe3a
commit 45a2c0f
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 
 - Crash result simplification (#30)
+- Configurable simplification steps (#54)
 
 ### Changed
 

diff --git a/cobrafuzz/fuzzer.py b/cobrafuzz/fuzzer.py
@@ -221,6 +221,7 @@ def __init__(  # noqa: PLR0913
         state_file: Optional[Path] = None,
         load_crashes: bool = True,
         simplify: Optional[Path] = None,
+        simp_steps: int = 10000,
     ):
         """
         Fuzz-test target and store crash artifacts into crash_dir.
@@ -248,6 +249,7 @@ def __init__(  # noqa: PLR0913
         seeds:              List of files and directories to seed the fuzzer with.
         simplify:           When set, run simplifier and store simplified crash results in
                             directory.
+        simp_steps:         Number of unsuccessful steps before stopping simplification.
         start_method:       Multiprocessing start method to use (spawn, forkserver or fork).
                             Defaults to "spawn". Do not use "fork" as it is unreliable and may lead
                             to deadlocks.
@@ -293,6 +295,7 @@ def __init__(  # noqa: PLR0913
             file=state_file,
         )
         self._simplify = simplify
+        self._simp_steps = simp_steps
 
         if load_crashes:
             self._load_crashes(regression=regression)
@@ -485,6 +488,7 @@ def start(self) -> None:  # noqa: PLR0912
                     crash_dir=self._crash_dir,
                     target=self._target,
                     output_dir=self._simplify,
+                    steps=self._simp_steps,
                 ).simplify()
             sys.exit(1)
 

diff --git a/cobrafuzz/main.py b/cobrafuzz/main.py
@@ -39,6 +39,15 @@ def __call__(self) -> None:
             required=True,
             help="Simplified output directory.",
         )
+        parser_simp.add_argument(
+            "--steps",
+            type=int,
+            help=(
+                "Number of unsuccessful steps before stopping simplification "
+                "(default: %(default)d)."
+            ),
+            default=10000,
+        )
         parser_simp.set_defaults(func=self.simp)
 
         parser_fuzz = subparsers.add_parser(
@@ -57,7 +66,7 @@ def __call__(self) -> None:
             "--max-input-size",
             type=int,
             default=4096,
-            help="Max input size to be generated in bytes.",
+            help="Max input size to be generated in bytes (default: %(default)d).",
         )
         parser_fuzz.add_argument(
             "--close-stdout",
@@ -101,6 +110,15 @@ def __call__(self) -> None:
             type=Path,
             help="Run simplifier and store results in directory.",
         )
+        parser_fuzz.add_argument(
+            "--simp-steps",
+            type=int,
+            help=(
+                "Number of unsuccessful steps before stopping simplification "
+                "(default: %(default)d)."
+            ),
+            default=10000,
+        )
 
         parser_fuzz.add_argument(
             "seeds",
@@ -134,6 +152,7 @@ def fuzz(self, args: argparse.Namespace) -> None:
             start_method=args.start_method,
             state_file=args.state_file,
             simplify=args.simplify,
+            simp_steps=args.simp_steps,
         )
         logging.basicConfig(format="[%(asctime)s] %(message)s")
         try:
@@ -146,4 +165,5 @@ def simp(self, args: argparse.Namespace) -> None:
             crash_dir=args.crash_dir,
             target=self.function,
             output_dir=args.output_dir,
+            steps=args.steps,
         ).simplify()