[cfe-dev] Introducing clang-triage: A bot to test clang with fuzzed inputs
Sami Liedes
sami.liedes at iki.fi
Tue Jan 6 14:37:41 PST 2015
On Tue, Jan 06, 2015 at 12:45:01PM -0800, Sean Silva wrote:
> > One thing that clearly does cause an overhead is the instrumentation
> > done by afl to get the edge coverage. It could probably also be made
> > more efficient by turning it into an LLVM pass instead of the current
> > textual search-and-replace on .s files (never before I've seen
> > instrumentation done that way), since now it among other things always
> > saves and restores registers at every conditional branch and function
> > entry point[1] (plus a few non-conditionals "due to the simplicity of
> > afl-as" [2]).
> >
>
> Do you have any idea how to quantify the overhead? Like what is the time
> difference between an instrumented and non-instrumented clang?
From some quick testing it seems we're talking about roughly 3-5x
execution times compared to an uninstrumented binary.
Sami
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20150107/e47995d8/attachment.sig>
More information about the cfe-dev
mailing list