[cfe-dev] Introducing clang-triage: A bot to test clang with fuzzed inputs
Sami Liedes
sami.liedes at iki.fi
Tue Jan 6 05:11:07 PST 2015
On Mon, Jan 05, 2015 at 04:36:32PM -0800, Sean Silva wrote:
> I'm wondering how much we can improve on that 300 executions/second. My
> guess is that a lot of time is constant-overhead startup code. A back of
> the envelope calculation:
>
> 300 executions/second * 300 bytes/source file (small files) ~ 100 000
> bytes/second.
> 4 cores * 3 giga instructions/second ~ 10 000 000 000 instructions/second.
>
> So that's about 1 million instructions per byte, which seems excessive.
One thing that clearly does cause an overhead is the instrumentation
done by afl to get the edge coverage. It could probably also be made
more efficient by turning it into an LLVM pass instead of the current
textual search-and-replace on .s files (never before I've seen
instrumentation done that way), since now it among other things always
saves and restores registers at every conditional branch and function
entry point[1] (plus a few non-conditionals "due to the simplicity of
afl-as" [2]).
Sami
[1] https://github.com/mcarpenter/afl/blob/master/afl-as.h#L115
[2] https://groups.google.com/d/msg/afl-users/9swBIFHTmpo/P_PNdubKpQwJ
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20150106/3aa932ed/attachment.sig>
More information about the cfe-dev
mailing list