On 201229 1240, Qiuhao Li wrote: > -M1: loop around the remove minimizer > -M2: try setting bits in operand of write/out to zero > Signed-off-by: Qiuhao Li <[email protected]>
Reviewed-by: Alexander Bulekov <[email protected]> > --- > scripts/oss-fuzz/minimize_qtest_trace.py | 32 +++++++++++++++++++----- > 1 file changed, 26 insertions(+), 6 deletions(-) > > diff --git a/scripts/oss-fuzz/minimize_qtest_trace.py > b/scripts/oss-fuzz/minimize_qtest_trace.py > index 70ac0c5366..a681984076 100755 > --- a/scripts/oss-fuzz/minimize_qtest_trace.py > +++ b/scripts/oss-fuzz/minimize_qtest_trace.py > @@ -16,6 +16,10 @@ QEMU_PATH = None > TIMEOUT = 5 > CRASH_TOKEN = None > > +# Minimization levels > +M1 = False # loop around the remove minimizer > +M2 = False # try setting bits in operand of write/out to zero > + > write_suffix_lookup = {"b": (1, "B"), > "w": (2, "H"), > "l": (4, "L"), > @@ -23,10 +27,20 @@ write_suffix_lookup = {"b": (1, "B"), > > def usage(): > sys.exit("""\ > -Usage: QEMU_PATH="/path/to/qemu" QEMU_ARGS="args" {} input_trace output_trace > +Usage: > + > +QEMU_PATH="/path/to/qemu" QEMU_ARGS="args" {} [Options] input_trace > output_trace > + > By default, will try to use the second-to-last line in the output to identify > whether the crash occred. Optionally, manually set a string that idenitifes > the > crash by setting CRASH_TOKEN= > + > +Options: > + > +-M1: enable a loop around the remove minimizer, which may help decrease some > + timing dependant instructions. Off by default. > +-M2: try setting bits in operand of write/out to zero. Off by default. > + > """.format((sys.argv[0]))) > > deduplication_note = """\n\ > @@ -213,24 +227,30 @@ def minimize_trace(inpath, outpath): > print("Setting the timeout for {} seconds".format(TIMEOUT)) > > newtrace = trace[:] > - > + global M1, M2 > # remove minimizer > old_len = len(newtrace) + 1 > while(old_len > len(newtrace)): > old_len = len(newtrace) > + print("trace lenth = ", old_len) > remove_minimizer(newtrace, outpath) > + if not M1 and not M2: > + break > newtrace = list(filter(lambda s: s != "", newtrace)) > assert(check_if_trace_crashes(newtrace, outpath)) > > - # set zero minimizer > - set_zero_minimizer(newtrace, outpath) > + if M2: > + set_zero_minimizer(newtrace, outpath) > assert(check_if_trace_crashes(newtrace, outpath)) > > > if __name__ == '__main__': > if len(sys.argv) < 3: > usage() > - > + if "-M1" in sys.argv: > + M1 = True > + if "-M2" in sys.argv: > + M2 = True > QEMU_PATH = os.getenv("QEMU_PATH") > QEMU_ARGS = os.getenv("QEMU_ARGS") > if QEMU_PATH is None or QEMU_ARGS is None: > @@ -239,4 +259,4 @@ if __name__ == '__main__': > # QEMU_ARGS += " -accel qtest" > CRASH_TOKEN = os.getenv("CRASH_TOKEN") > QEMU_ARGS += " -qtest stdio -monitor none -serial none " > - minimize_trace(sys.argv[1], sys.argv[2]) > + minimize_trace(sys.argv[-2], sys.argv[-1]) > -- > 2.25.1 >
