[llvm] r292325 - [libFuzzer] remove stale code

Kostya Serebryany via llvm-commits llvm-commits at lists.llvm.org
Tue Jan 17 17:10:18 PST 2017


Author: kcc
Date: Tue Jan 17 19:10:18 2017
New Revision: 292325

URL: http://llvm.org/viewvc/llvm-project?rev=292325&view=rev
Log:
[libFuzzer] remove stale code

Modified:
    llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
    llvm/trunk/lib/Fuzzer/FuzzerFlags.def
    llvm/trunk/lib/Fuzzer/FuzzerOptions.h
    llvm/trunk/lib/Fuzzer/FuzzerTraceState.cpp

Modified: llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp?rev=292325&r1=292324&r2=292325&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp Tue Jan 17 19:10:18 2017
@@ -401,7 +401,6 @@ int FuzzerDriver(int *argc, char ***argv
   Options.MutateDepth = Flags.mutate_depth;
   Options.UseCounters = Flags.use_counters;
   Options.UseIndirCalls = Flags.use_indir_calls;
-  Options.UseMemcmp = Flags.use_memcmp;
   Options.UseMemmem = Flags.use_memmem;
   Options.UseCmp = Flags.use_cmp;
   Options.UseValueProfile = Flags.use_value_profile;

Modified: llvm/trunk/lib/Fuzzer/FuzzerFlags.def
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerFlags.def?rev=292325&r1=292324&r2=292325&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerFlags.def (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerFlags.def Tue Jan 17 19:10:18 2017
@@ -45,8 +45,6 @@ FUZZER_FLAG_INT(minimize_crash, 0, "If 1
 FUZZER_FLAG_INT(minimize_crash_internal_step, 0, "internal flag")
 FUZZER_FLAG_INT(use_counters, 1, "Use coverage counters")
 FUZZER_FLAG_INT(use_indir_calls, 1, "Use indirect caller-callee counters")
-FUZZER_FLAG_INT(use_memcmp, 0,
-                "Use hints from intercepting memcmp, strcmp, etc")
 FUZZER_FLAG_INT(use_memmem, 1,
                 "Use hints from intercepting memmem, strstr, etc")
 FUZZER_FLAG_INT(use_value_profile, 0,

Modified: llvm/trunk/lib/Fuzzer/FuzzerOptions.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerOptions.h?rev=292325&r1=292324&r2=292325&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerOptions.h (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerOptions.h Tue Jan 17 19:10:18 2017
@@ -1,4 +1,3 @@
-//===- FuzzerOptions.h - Internal header for the Fuzzer ---------*- C++ -* ===//
 //
 //                     The LLVM Compiler Infrastructure
 //
@@ -29,7 +28,6 @@ struct FuzzingOptions {
   int MutateDepth = 5;
   bool UseCounters = false;
   bool UseIndirCalls = true;
-  bool UseMemcmp = true;
   bool UseMemmem = true;
   bool UseCmp = false;
   bool UseValueProfile = false;

Modified: llvm/trunk/lib/Fuzzer/FuzzerTraceState.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerTraceState.cpp?rev=292325&r1=292324&r2=292325&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerTraceState.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerTraceState.cpp Tue Jan 17 19:10:18 2017
@@ -13,7 +13,6 @@
 #include "FuzzerInternal.h"
 #include "FuzzerIO.h"
 #include "FuzzerMutate.h"
-#include "FuzzerRandom.h"
 #include "FuzzerTracePC.h"
 #include <algorithm>
 #include <cstring>
@@ -23,14 +22,7 @@
 
 namespace fuzzer {
 
-// For now, very simple: put Size bytes of Data at position Pos.
-struct TraceBasedMutation {
-  uint32_t Pos;
-  Word W;
-};
-
 // Declared as static globals for faster checks inside the hooks.
-static bool RecordingMemcmp = false;
 static bool RecordingMemmem = false;
 static bool DoingMyOwnMemmem = false;
 
@@ -43,64 +35,21 @@ public:
              const Fuzzer *F)
       : MD(MD), Options(Options), F(F) {}
 
-  void TraceMemcmpCallback(size_t CmpSize, const uint8_t *Data1,
-                           const uint8_t *Data2);
-
-  int TryToAddDesiredData(const uint8_t *PresentData,
-                          const uint8_t *DesiredData, size_t DataSize);
-
   void StartTraceRecording() {
-    if (!Options.UseMemcmp && !Options.UseMemmem)
+    if (!Options.UseMemmem)
       return;
-    RecordingMemcmp = Options.UseMemcmp;
-    RecordingMemmem = Options.UseMemmem;
-    NumMutations = 0;
+    RecordingMemmem = true;
     InterestingWords.clear();
     MD.ClearAutoDictionary();
   }
 
   void StopTraceRecording() {
-    if (!RecordingMemcmp && !RecordingMemmem)
+    if (!RecordingMemmem)
       return;
-    RecordingMemcmp = false;
-    for (size_t i = 0; i < NumMutations; i++) {
-      auto &M = Mutations[i];
-      if (Options.Verbosity >= 2) {
-        AutoDictUnitCounts[M.W]++;
-        AutoDictAdds++;
-        if ((AutoDictAdds & (AutoDictAdds - 1)) == 0) {
-          typedef std::pair<size_t, Word> CU;
-          std::vector<CU> CountedUnits;
-          for (auto &I : AutoDictUnitCounts)
-            CountedUnits.push_back(std::make_pair(I.second, I.first));
-          std::sort(CountedUnits.begin(), CountedUnits.end(),
-                    [](const CU &a, const CU &b) { return a.first > b.first; });
-          Printf("AutoDict:\n");
-          for (auto &I : CountedUnits) {
-            Printf("   %zd ", I.first);
-            PrintASCII(I.second.data(), I.second.size());
-            Printf("\n");
-          }
-        }
-      }
-      MD.AddWordToAutoDictionary({M.W, M.Pos});
-    }
     for (auto &W : InterestingWords)
       MD.AddWordToAutoDictionary({W});
   }
 
-  void AddMutation(uint32_t Pos, uint32_t Size, const uint8_t *Data) {
-    if (NumMutations >= kMaxMutations) return;
-    auto &M = Mutations[NumMutations++];
-    M.Pos = Pos;
-    M.W.Set(Data, Size);
-  }
-
-  void AddMutation(uint32_t Pos, uint32_t Size, uint64_t Data) {
-    assert(Size <= sizeof(Data));
-    AddMutation(Pos, Size, reinterpret_cast<uint8_t*>(&Data));
-  }
-
   void AddInterestingWord(const uint8_t *Data, size_t Size) {
     if (!RecordingMemmem || !F->InFuzzingThread()) return;
     if (Size <= 1) return;
@@ -110,75 +59,14 @@ public:
   }
 
  private:
-  bool IsTwoByteData(uint64_t Data) {
-    int64_t Signed = static_cast<int64_t>(Data);
-    Signed >>= 16;
-    return Signed == 0 || Signed == -1L;
-  }
 
-  // We don't want to create too many trace-based mutations as it is both
-  // expensive and useless. So after some number of mutations is collected,
-  // start rejecting some of them. The more there are mutations the more we
-  // reject.
-  bool WantToHandleOneMoreMutation() {
-    const size_t FirstN = 64;
-    // Gladly handle first N mutations.
-    if (NumMutations <= FirstN) return true;
-    size_t Diff = NumMutations - FirstN;
-    size_t DiffLog = sizeof(long) * 8 - __builtin_clzl((long)Diff);
-    assert(DiffLog > 0 && DiffLog < 64);
-    bool WantThisOne = MD.GetRand()(1 << DiffLog) == 0;  // 1 out of DiffLog.
-    return WantThisOne;
-  }
-
-  static const size_t kMaxMutations = 1 << 16;
-  size_t NumMutations;
-  TraceBasedMutation Mutations[kMaxMutations];
   // TODO: std::set is too inefficient, need to have a custom DS here.
   std::set<Word> InterestingWords;
   MutationDispatcher &MD;
   const FuzzingOptions Options;
   const Fuzzer *F;
-  std::map<Word, size_t> AutoDictUnitCounts;
-  size_t AutoDictAdds = 0;
 };
 
-int TraceState::TryToAddDesiredData(const uint8_t *PresentData,
-                                    const uint8_t *DesiredData,
-                                    size_t DataSize) {
-  if (NumMutations >= kMaxMutations || !WantToHandleOneMoreMutation()) return 0;
-  ScopedDoingMyOwnMemmem scoped_doing_my_own_memmem;
-  const uint8_t *UnitData;
-  auto UnitSize = F->GetCurrentUnitInFuzzingThead(&UnitData);
-  int Res = 0;
-  const uint8_t *Beg = UnitData;
-  const uint8_t *End = Beg + UnitSize;
-  for (const uint8_t *Cur = Beg; Cur < End; Cur++) {
-    Cur = (uint8_t *)SearchMemory(Cur, End - Cur, PresentData, DataSize);
-    if (!Cur)
-      break;
-    size_t Pos = Cur - Beg;
-    assert(Pos < UnitSize);
-    AddMutation(Pos, DataSize, DesiredData);
-    Res++;
-  }
-  return Res;
-}
-
-void TraceState::TraceMemcmpCallback(size_t CmpSize, const uint8_t *Data1,
-                                     const uint8_t *Data2) {
-  if (!RecordingMemcmp || !F->InFuzzingThread()) return;
-  CmpSize = std::min(CmpSize, Word::GetMaxSize());
-  int Added2 = TryToAddDesiredData(Data1, Data2, CmpSize);
-  int Added1 = TryToAddDesiredData(Data2, Data1, CmpSize);
-  if ((Added1 || Added2) && Options.Verbosity >= 3) {
-    Printf("MemCmp Added %d%d: ", Added1, Added2);
-    if (Added1) PrintASCII(Data1, CmpSize);
-    if (Added2) PrintASCII(Data2, CmpSize);
-    Printf("\n");
-  }
-}
-
 static TraceState *TS;
 
 void Fuzzer::StartTraceRecording() {
@@ -192,7 +80,7 @@ void Fuzzer::StopTraceRecording() {
 }
 
 void Fuzzer::InitializeTraceState() {
-  if (!Options.UseMemcmp && !Options.UseMemmem) return;
+  if (!Options.UseMemmem) return;
   TS = new TraceState(MD, Options, this);
 }
 
@@ -205,7 +93,6 @@ static size_t InternalStrnlen(const char
 }  // namespace fuzzer
 
 using fuzzer::TS;
-using fuzzer::RecordingMemcmp;
 
 extern "C" {
 
@@ -222,9 +109,6 @@ void __sanitizer_weak_hook_memcmp(void *
   if (result == 0) return;  // No reason to mutate.
   if (n <= 1) return;  // Not interesting.
   fuzzer::TPC.AddValueForMemcmp(caller_pc, s1, s2, n, /*StopAtZero*/false);
-  if (!RecordingMemcmp) return;
-  TS->TraceMemcmpCallback(n, reinterpret_cast<const uint8_t *>(s1),
-                          reinterpret_cast<const uint8_t *>(s2));
 }
 
 ATTRIBUTE_NO_SANITIZE_MEMORY
@@ -237,9 +121,6 @@ void __sanitizer_weak_hook_strncmp(void
   n = std::min(n, Len2);
   if (n <= 1) return;  // Not interesting.
   fuzzer::TPC.AddValueForMemcmp(caller_pc, s1, s2, n, /*StopAtZero*/true);
-  if (!RecordingMemcmp) return;
-  TS->TraceMemcmpCallback(n, reinterpret_cast<const uint8_t *>(s1),
-                          reinterpret_cast<const uint8_t *>(s2));
 }
 
 
@@ -252,9 +133,6 @@ void __sanitizer_weak_hook_strcmp(void *
   size_t N = std::min(Len1, Len2);
   if (N <= 1) return;  // Not interesting.
   fuzzer::TPC.AddValueForMemcmp(caller_pc, s1, s2, N, /*StopAtZero*/true);
-  if (!RecordingMemcmp) return;
-  TS->TraceMemcmpCallback(N, reinterpret_cast<const uint8_t *>(s1),
-                          reinterpret_cast<const uint8_t *>(s2));
 }
 
 ATTRIBUTE_NO_SANITIZE_MEMORY




More information about the llvm-commits mailing list