[llvm] r238063 - [lib/Fuzzer] remove -use_coverage_pairs=1, an experimental feature that is unlikely to ever scale
Kostya Serebryany
kcc at google.com
Fri May 22 15:47:04 PDT 2015
Author: kcc
Date: Fri May 22 17:47:03 2015
New Revision: 238063
URL: http://llvm.org/viewvc/llvm-project?rev=238063&view=rev
Log:
[lib/Fuzzer] remove -use_coverage_pairs=1, an experimental feature that is unlikely to ever scale
Modified:
llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
llvm/trunk/lib/Fuzzer/FuzzerFlags.def
llvm/trunk/lib/Fuzzer/FuzzerInternal.h
llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
llvm/trunk/lib/Fuzzer/test/fuzzer.test
Modified: llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp?rev=238063&r1=238062&r2=238063&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp Fri May 22 17:47:03 2015
@@ -237,7 +237,6 @@ int FuzzerDriver(int argc, char **argv,
Options.UseCounters = Flags.use_counters;
Options.UseTraces = Flags.use_traces;
Options.UseFullCoverageSet = Flags.use_full_coverage_set;
- Options.UseCoveragePairs = Flags.use_coverage_pairs;
Options.PreferSmallDuringInitialShuffle =
Flags.prefer_small_during_initial_shuffle;
Options.Tokens = ReadTokensFile(Flags.tokens);
Modified: llvm/trunk/lib/Fuzzer/FuzzerFlags.def
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerFlags.def?rev=238063&r1=238062&r2=238063&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerFlags.def (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerFlags.def Fri May 22 17:47:03 2015
@@ -41,8 +41,6 @@ FUZZER_FLAG_INT(use_full_coverage_set, 0
"Experimental: Maximize the number of different full"
" coverage sets as opposed to maximizing the total coverage."
" This is potentially MUCH slower, but may discover more paths.")
-FUZZER_FLAG_INT(use_coverage_pairs, 0,
- "Experimental: Maximize the number of different coverage pairs.")
FUZZER_FLAG_INT(jobs, 0, "Number of jobs to run. If jobs >= 1 we spawn"
" this number of jobs in separate worker processes"
" with stdout/stderr redirected to fuzz-JOB.log.")
Modified: llvm/trunk/lib/Fuzzer/FuzzerInternal.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerInternal.h?rev=238063&r1=238062&r2=238063&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerInternal.h (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerInternal.h Fri May 22 17:47:03 2015
@@ -64,7 +64,6 @@ class Fuzzer {
bool UseCounters = false;
bool UseTraces = false;
bool UseFullCoverageSet = false;
- bool UseCoveragePairs = false;
bool Reload = true;
int PreferSmallDuringInitialShuffle = -1;
size_t MaxNumberOfRuns = ULONG_MAX;
@@ -135,7 +134,6 @@ class Fuzzer {
std::vector<Unit> Corpus;
std::unordered_set<std::string> UnitHashesAddedToCorpus;
std::unordered_set<uintptr_t> FullCoverageSets;
- std::unordered_set<uint64_t> CoveragePairs;
// For UseCounters
std::vector<uint8_t> CounterBitmap;
Modified: llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp?rev=238063&r1=238062&r2=238063&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp Fri May 22 17:47:03 2015
@@ -161,8 +161,6 @@ size_t Fuzzer::RunOne(const Unit &U) {
size_t Res = 0;
if (Options.UseFullCoverageSet)
Res = RunOneMaximizeFullCoverageSet(U);
- else if (Options.UseCoveragePairs)
- Res = RunOneMaximizeCoveragePairs(U);
else
Res = RunOneMaximizeTotalCoverage(U);
auto UnitStopTime = system_clock::now();
@@ -214,28 +212,6 @@ void Fuzzer::ExecuteCallback(const Unit
}
}
-// Experimental. Does not yet scale.
-// Fuly reset the current coverage state, run a single unit,
-// collect all coverage pairs and return non-zero if a new pair is observed.
-size_t Fuzzer::RunOneMaximizeCoveragePairs(const Unit &U) {
- __sanitizer_reset_coverage();
- ExecuteCallback(U);
- uintptr_t *PCs;
- uintptr_t NumPCs = __sanitizer_get_coverage_guards(&PCs);
- bool HasNewPairs = false;
- for (uintptr_t i = 0; i < NumPCs; i++) {
- if (!PCs[i]) continue;
- for (uintptr_t j = 0; j < NumPCs; j++) {
- if (!PCs[j]) continue;
- uint64_t Pair = (i << 32) | j;
- HasNewPairs |= CoveragePairs.insert(Pair).second;
- }
- }
- if (HasNewPairs)
- return CoveragePairs.size();
- return 0;
-}
-
// Experimental.
// Fuly reset the current coverage state, run a single unit,
// compute a hash function from the full coverage set,
Modified: llvm/trunk/lib/Fuzzer/test/fuzzer.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/fuzzer.test?rev=238063&r1=238062&r2=238063&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/fuzzer.test (original)
+++ llvm/trunk/lib/Fuzzer/test/fuzzer.test Fri May 22 17:47:03 2015
@@ -15,7 +15,7 @@ NullDerefTest: CRASHED; file written to
RUN: not ./LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s
-RUN: not ./LLVMFuzzer-FourIndependentBranchesTest -timeout=15 -seed=1 -use_coverage_pairs=1 2>&1 | FileCheck %s
+RUN: not ./LLVMFuzzer-FourIndependentBranchesTest -timeout=15 -seed=1 -use_full_coverage_set=1 2>&1 | FileCheck %s
RUN: not ./LLVMFuzzer-CounterTest -use_counters=1 -max_len=6 -seed=1 -timeout=15 2>&1 | FileCheck %s
More information about the llvm-commits
mailing list