[PATCH] D43672: [libFuzzer] Adds experimental flag -ngram that changes the fuzzer fitness function
Kostya Serebryany via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Fri Feb 23 15:11:01 PST 2018
kcc added a comment.
I am indeed interested in experimenting with bounded path coverage, similar to this.
My prior experiments demonstrated some value but also huge corpus expansion (bad).
It might be worth submitting something like this to simplify further experiments.
================
Comment at: FuzzerTracePC.cpp:380
ATTRIBUTE_NO_SANITIZE_ALL
void __sanitizer_cov_trace_pc_guard(uint32_t *Guard) {
uintptr_t PC = reinterpret_cast<uintptr_t>(__builtin_return_address(0));
----------------
By default, we don't use trace_pc_guard any more -- we have switched to the inline instrumentation https://clang.llvm.org/docs/SanitizerCoverage.html#inline-8bit-counters
So, this logic needs to be moved there. Consider trace_pc_guard is not used any more.
================
Comment at: FuzzerTracePC.cpp:385
+ if (fuzzer::TPC.Ngram > 1) {
+ uint32_t Idx8bit = XorState ^ Idx;
+ XorState = XorState ^ *Guard ^ GuardHist[fuzzer::TPC.Ngram-1];
----------------
This is even less friendly to multi-threaded code than the current tracing.
================
Comment at: FuzzerTracePC.cpp:387
+ XorState = XorState ^ *Guard ^ GuardHist[fuzzer::TPC.Ngram-1];
+ for (uint8_t i=fuzzer::TPC.Ngram-1; i>0;i--) GuardHist[i] = GuardHist[i-1];
+ GuardHist[0] = *Guard;
----------------
please try to format the code as the rest of the code in these files.
Also, I recommend using clang-format on the changed lines (don't reformat the entire file, just the changes).
================
Comment at: FuzzerTracePC.h:75
static const size_t kTracePcBits = 18;
+ static const uint8_t nGramMax = 1 << 7;
+ uint8_t Ngram = 1;
----------------
constants start with 'k'
e.g. kMaxNGram
================
Comment at: FuzzerTracePC.h:88
void SetPrintNewPCs(bool P) { DoPrintNewPCs = P; }
+ void SetNgram(uint8_t N) { if (N <= nGramMax) Ngram = N; else Ngram = nGramMax; }
void SetPrintNewFuncs(size_t P) { NumPrintNewFuncs = P; }
----------------
Ngram = Min(N, kMaxNGram)
Repository:
rCRT Compiler Runtime
https://reviews.llvm.org/D43672
More information about the llvm-commits
mailing list