[compiler-rt] r338661 - [libFuzzer] use absolute distance in addition to the hamming distance in value profiling; our A/B testing have (somewhat weak) indication that this provides an additional signal for corpus expansion
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Wed Aug 1 17:24:49 PDT 2018
Author: kcc
Date: Wed Aug 1 17:24:49 2018
New Revision: 338661
URL: http://llvm.org/viewvc/llvm-project?rev=338661&view=rev
Log:
[libFuzzer] use absolute distance in addition to the hamming distance in value profiling; our A/B testing have (somewhat weak) indication that this provides an additional signal for corpus expansion
Modified:
compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.cpp
compiler-rt/trunk/test/fuzzer/only-some-bytes.test
Modified: compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.cpp?rev=338661&r1=338660&r2=338661&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.cpp (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.cpp Wed Aug 1 17:24:49 2018
@@ -401,20 +401,15 @@ ATTRIBUTE_TARGET_POPCNT ALWAYS_INLINE
ATTRIBUTE_NO_SANITIZE_ALL
void TracePC::HandleCmp(uintptr_t PC, T Arg1, T Arg2) {
uint64_t ArgXor = Arg1 ^ Arg2;
- uint64_t ArgDistance = __builtin_popcountll(ArgXor) + 1; // [1,65]
- uintptr_t Idx = ((PC & 4095) + 1) * ArgDistance;
if (sizeof(T) == 4)
TORC4.Insert(ArgXor, Arg1, Arg2);
else if (sizeof(T) == 8)
TORC8.Insert(ArgXor, Arg1, Arg2);
- // TODO: remove these flags and instead use all metrics at once.
- if (UseValueProfileMask & 1)
- ValueProfileMap.AddValue(Idx);
- if (UseValueProfileMask & 2)
- ValueProfileMap.AddValue(
- PC * 64 + (Arg1 == Arg2 ? 0 : __builtin_clzll(Arg1 - Arg2) + 1));
- if (UseValueProfileMask & 4) // alternative way to use the hamming distance
- ValueProfileMap.AddValue(PC * 64 + ArgDistance);
+ uint64_t HammingDistance = __builtin_popcountll(ArgXor); // [0,64]
+ uint64_t AbsoluteDistance =
+ (Arg1 == Arg2 ? 0 : __builtin_clzll(Arg1 - Arg2) + 1);
+ ValueProfileMap.AddValue(PC * 128 + HammingDistance);
+ ValueProfileMap.AddValue(PC * 128 + 64 + AbsoluteDistance);
}
static size_t InternalStrnlen(const char *S, size_t MaxLen) {
Modified: compiler-rt/trunk/test/fuzzer/only-some-bytes.test
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/fuzzer/only-some-bytes.test?rev=338661&r1=338660&r2=338661&view=diff
==============================================================================
--- compiler-rt/trunk/test/fuzzer/only-some-bytes.test (original)
+++ compiler-rt/trunk/test/fuzzer/only-some-bytes.test Wed Aug 1 17:24:49 2018
@@ -34,5 +34,5 @@ HAVE_DFT: INFO: 1/{{.*}} inputs have the
# Collect DFT, then use it.
RUN: rm -rf %t/C && mkdir %t/C && cp %t/IN/* %t/C
RUN: rm -rf %t/C_DFT && %libfuzzer_src/scripts/collect_data_flow.py %t-DFT %t/C %t/C_DFT > /dev/null 2>&1
-RUN: not %t-Fuzz -focus_function=f0 -data_flow_trace=%t/C_DFT -seed=1 -runs=1000000 -use_value_profile=3 %t/C 2> %t/log
+RUN: not %t-Fuzz -focus_function=f0 -data_flow_trace=%t/C_DFT -seed=1 -runs=1000000 -use_value_profile=1 %t/C 2> %t/log
RUN: grep BINGO %t/log
More information about the llvm-commits
mailing list