[PATCH] D44232: [SimplifyCFG] Create attribute to disable select formation.
Matt Morehouse via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Thu Mar 8 10:24:01 PST 2018
morehouse added a comment.
In https://reviews.llvm.org/D44232#1031563, @hfinkel wrote:
> Another question: Do we actually want to disable select formation, or, do we want to expand all selects into control flow late in the pipeline (i.e., during instruction selection)? The issue here, as I understand it, is that fuzzing depends on control flow paths to differentiate executions. As a result, we really just don't want to have any selects (we don't want ones that the frontend might generate either).
I don't think we could do it during instruction selection, since SanitizerCoverage instrumentation is inserted before that. But if we could expand selects right before the SanitizerCoverage instrumentation happens (maybe even during the SanitizerCoverage pass?), that would provide even better coverage signal for fuzzing. Of course, that would be significantly more work.
Another concern comes from https://github.com/google/sanitizers/issues/893#issuecomment-350036791, where simplifyCFG takes two conditions and combines them into a single CMP, resulting in libFuzzer's TraceCMP heuristic becoming useless. So we would probably still want to disable part of simplifyCFG to avoid that.
https://reviews.llvm.org/D44232
More information about the llvm-commits
mailing list