
<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 16, 2016 at 4:13 PM, David Blaikie <span dir="ltr"><<a href="mailto:dblaikie@gmail.com" target="_blank">dblaikie@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Sat, Feb 13, 2016 at 9:56 AM, Kostya Serebryany via llvm-commits <span dir="ltr"><<a href="mailto:llvm-commits@lists.llvm.org" target="_blank">llvm-commits@lists.llvm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Author: kcc<br>

Date: Sat Feb 13 11:56:51 2016<br>

New Revision: 260829<br>

<br>

URL: <a href="http://llvm.org/viewvc/llvm-project?rev=260829&view=rev" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project?rev=260829&view=rev</a><br>

Log:<br>

[libFuzzer] remove std::vector operations from hot paths, NFC<br>

<br>

Modified:<br>

    llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp<br>

    llvm/trunk/lib/Fuzzer/FuzzerInternal.h<br>

    llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp<br>

    llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp<br>

    llvm/trunk/lib/Fuzzer/FuzzerUtil.cpp<br>

<br>

Modified: llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp<br>

URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp?rev=260829&r1=260828&r2=260829&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp?rev=260829&r1=260828&r2=260829&view=diff</a><br>

==============================================================================<br>

--- llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp (original)<br>

+++ llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp Sat Feb 13 11:56:51 2016<br>

@@ -229,7 +229,7 @@ int RunOneTest(Fuzzer *F, const char *In<br>

   Unit U = FileToVector(InputFilePath);<br>

   Unit PreciseSizedU(U);<br>

   assert(PreciseSizedU.size() == PreciseSizedU.capacity());<br>

-  F->ExecuteCallback(PreciseSizedU);<br>

+  F->ExecuteCallback(PreciseSizedU.data(), PreciseSizedU.size());<br></blockquote><div><br></div></span><div>Could this be ArrayRef instead - then the call site wouldn't need to change?</div></div></div></div></blockquote><div>This code can not use any of the nice LLVM infrastructure, it has to stay independent. </div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><div class="h5"><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

   return 0;<br>

 }<br>

<br>

<br>

Modified: llvm/trunk/lib/Fuzzer/FuzzerInternal.h<br>

URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerInternal.h?rev=260829&r1=260828&r2=260829&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerInternal.h?rev=260829&r1=260828&r2=260829&view=diff</a><br>

==============================================================================<br>

--- llvm/trunk/lib/Fuzzer/FuzzerInternal.h (original)<br>

+++ llvm/trunk/lib/Fuzzer/FuzzerInternal.h Sat Feb 13 11:56:51 2016<br>

@@ -93,7 +93,7 @@ void ComputeSHA1(const uint8_t *Data, si<br>

<br>

 // Changes U to contain only ASCII (isprint+isspace) characters.<br>

 // Returns true iff U has been changed.<br>

-bool ToASCII(Unit &U);<br>

+bool ToASCII(uint8_t *Data, size_t Size);<br>

 bool IsASCII(const Unit &U);<br>

<br>

 int NumberOfCpuCores();<br>

@@ -251,6 +251,7 @@ private:<br>

   std::vector<Mutator> CurrentMutatorSequence;<br>

   std::vector<DictionaryEntry *> CurrentDictionaryEntrySequence;<br>

   const std::vector<Unit> *Corpus = nullptr;<br>

+  std::vector<uint8_t> MutateInPlaceHere;<br>

<br>

   static Mutator Mutators[];<br>

 };<br>

@@ -318,7 +319,7 @@ public:<br>

<br>

   static void StaticAlarmCallback();<br>

<br>

-  void ExecuteCallback(const Unit &U);<br>

+  void ExecuteCallback(const uint8_t *Data, size_t Size);<br>

<br>

   // Merge Corpora[1:] into Corpora[0].<br>

   void Merge(const std::vector<std::string> &Corpora);<br>

@@ -328,8 +329,9 @@ private:<br>

   void AlarmCallback();<br>

   void MutateAndTestOne();<br>

   void ReportNewCoverage(const Unit &U);<br>

-  bool RunOne(const Unit &U);<br>

-  void RunOneAndUpdateCorpus(Unit &U);<br>

+  bool RunOne(const uint8_t *Data, size_t Size);<br>

+  bool RunOne(const Unit &U) { return RunOne(U.data(), U.size()); }<br>

+  void RunOneAndUpdateCorpus(uint8_t *Data, size_t Size);<br>

   void WriteToOutputCorpus(const Unit &U);<br>

   void WriteUnitToFileWithPrefix(const Unit &U, const char *Prefix);<br>

   void PrintStats(const char *Where, const char *End = "\n");<br>

@@ -376,6 +378,8 @@ private:<br>

     return Res;<br>

   }<br>

<br>

+  std::vector<uint8_t> MutateInPlaceHere;<br>

+<br>

   std::piecewise_constant_distribution<double> CorpusDistribution;<br>

   UserCallback CB;<br>

   MutationDispatcher &MD;<br>

<br>

Modified: llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp<br>

URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp?rev=260829&r1=260828&r2=260829&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp?rev=260829&r1=260828&r2=260829&view=diff</a><br>

==============================================================================<br>

--- llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp (original)<br>

+++ llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp Sat Feb 13 11:56:51 2016<br>

@@ -208,7 +208,7 @@ void Fuzzer::ShuffleAndMinimize() {<br>

       size_t Last = std::min(First + Options.MaxLen, C.size());<br>

       U.insert(U.begin(), C.begin() + First, C.begin() + Last);<br>

       if (Options.OnlyASCII)<br>

-        ToASCII(U);<br>

+        ToASCII(U.data(), U.size());<br>

       if (RunOne(U)) {<br>

         NewCorpus.push_back(U);<br>

         if (Options.Verbosity >= 2)<br>

@@ -223,12 +223,12 @@ void Fuzzer::ShuffleAndMinimize() {<br>

   PrintStats("INITED");<br>

 }<br>

<br>

-bool Fuzzer::RunOne(const Unit &U) {<br>

+bool Fuzzer::RunOne(const uint8_t *Data, size_t Size) {<br>

   UnitStartTime = system_clock::now();<br>

   TotalNumberOfRuns++;<br>

<br>

   PrepareCoverageBeforeRun();<br>

-  ExecuteCallback(U);<br>

+  ExecuteCallback(Data, Size);<br>

   bool Res = CheckCoverageAfterRun();<br>

<br>

   auto UnitStopTime = system_clock::now();<br>

@@ -241,29 +241,29 @@ bool Fuzzer::RunOne(const Unit &U) {<br>

       TimeOfUnit >= Options.ReportSlowUnits) {<br>

     TimeOfLongestUnitInSeconds = TimeOfUnit;<br>

     Printf("Slowest unit: %zd s:\n", TimeOfLongestUnitInSeconds);<br>

-    WriteUnitToFileWithPrefix(U, "slow-unit-");<br>

+    WriteUnitToFileWithPrefix({Data, Data + Size}, "slow-unit-");<br>

   }<br>

   return Res;<br>

 }<br>

<br>

-void Fuzzer::RunOneAndUpdateCorpus(Unit &U) {<br>

+void Fuzzer::RunOneAndUpdateCorpus(uint8_t *Data, size_t Size) {<br>

   if (TotalNumberOfRuns >= Options.MaxNumberOfRuns)<br>

     return;<br>

   if (Options.OnlyASCII)<br>

-    ToASCII(U);<br>

-  if (RunOne(U))<br>

-    ReportNewCoverage(U);<br>

+    ToASCII(Data, Size);<br>

+  if (RunOne(Data, Size))<br>

+    ReportNewCoverage({Data, Data + Size});<br>

 }<br>

<br>

-void Fuzzer::ExecuteCallback(const Unit &U) {<br>

+void Fuzzer::ExecuteCallback(const uint8_t *Data, size_t Size) {<br>

   // We copy the contents of Unit into a separate heap buffer<br>

   // so that we reliably find buffer overflows in it.<br>

-  std::unique_ptr<uint8_t[]> Data(new uint8_t[U.size()]);<br>

-  memcpy(Data.get(), U.data(), U.size());<br>

-  AssignTaintLabels(Data.get(), U.size());<br>

-  CurrentUnitData = Data.get();<br>

-  CurrentUnitSize = U.size();<br>

-  int Res = CB(Data.get(), U.size());<br>

+  std::unique_ptr<uint8_t[]> DataCopy(new uint8_t[Size]);<br>

+  memcpy(DataCopy.get(), Data, Size);<br>

+  AssignTaintLabels(DataCopy.get(), Size);<br>

+  CurrentUnitData = DataCopy.get();<br>

+  CurrentUnitSize = Size;<br>

+  int Res = CB(DataCopy.get(), Size);<br>

   (void)Res;<br>

   assert(Res == 0);<br>

   CurrentUnitData = nullptr;<br>

@@ -411,24 +411,25 @@ void Fuzzer::Merge(const std::vector<std<br>

 void Fuzzer::MutateAndTestOne() {<br>

   MD.StartMutationSequence();<br>

<br>

-  auto U = ChooseUnitToMutate();<br>

+  auto &U = ChooseUnitToMutate();<br>

+  MutateInPlaceHere.resize(Options.MaxLen);<br>

+  memcpy(MutateInPlaceHere.data(), U.data(), U.size());<br>

+  size_t Size = U.size();<br>

<br>

   for (int i = 0; i < Options.MutateDepth; i++) {<br>

-    size_t Size = U.size();<br>

-    U.resize(Options.MaxLen);<br>

     size_t NewSize = 0;<br>

     if (LLVMFuzzerCustomMutator)<br>

-      NewSize = LLVMFuzzerCustomMutator(U.data(), Size, U.size(),<br>

-                                        MD.GetRand().Rand());<br>

+      NewSize = LLVMFuzzerCustomMutator(MutateInPlaceHere.data(), Size,<br>

+                                        Options.MaxLen, MD.GetRand().Rand());<br>

     else<br>

-      NewSize = MD.Mutate(U.data(), Size, U.size());<br>

+      NewSize = MD.Mutate(MutateInPlaceHere.data(), Size, Options.MaxLen);<br>

     assert(NewSize > 0 && "Mutator returned empty unit");<br>

     assert(NewSize <= (size_t)Options.MaxLen &&<br>

            "Mutator return overisized unit");<br>

-    U.resize(NewSize);<br>

+    Size = NewSize;<br>

     if (i == 0)<br>

       StartTraceRecording();<br>

-    RunOneAndUpdateCorpus(U);<br>

+    RunOneAndUpdateCorpus(MutateInPlaceHere.data(), Size);<br>

     StopTraceRecording();<br>

   }<br>

 }<br>

<br>

Modified: llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp<br>

URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp?rev=260829&r1=260828&r2=260829&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp?rev=260829&r1=260828&r2=260829&view=diff</a><br>

==============================================================================<br>

--- llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp (original)<br>

+++ llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp Sat Feb 13 11:56:51 2016<br>

@@ -176,7 +176,8 @@ size_t MutationDispatcher::Mutate_CrossO<br>

   size_t Idx = Rand(Corpus->size());<br>

   const Unit &Other = (*Corpus)[Idx];<br>

   if (Other.empty()) return 0;<br>

-  Unit U(MaxSize);<br>

+  MutateInPlaceHere.resize(MaxSize);<br>

+  auto &U = MutateInPlaceHere;<br>

   size_t NewSize =<br>

       CrossOver(Data, Size, Other.data(), Other.size(), U.data(), U.size());<br>

   assert(NewSize > 0 && "CrossOver returned empty unit");<br>

<br>

Modified: llvm/trunk/lib/Fuzzer/FuzzerUtil.cpp<br>

URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerUtil.cpp?rev=260829&r1=260828&r2=260829&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerUtil.cpp?rev=260829&r1=260828&r2=260829&view=diff</a><br>

==============================================================================<br>

--- llvm/trunk/lib/Fuzzer/FuzzerUtil.cpp (original)<br>

+++ llvm/trunk/lib/Fuzzer/FuzzerUtil.cpp Sat Feb 13 11:56:51 2016<br>

@@ -93,9 +93,10 @@ int ExecuteCommand(const std::string &Co<br>

   return system(Command.c_str());<br>

 }<br>

<br>

-bool ToASCII(Unit &U) {<br>

+bool ToASCII(uint8_t *Data, size_t Size) {<br>

   bool Changed = false;<br>

-  for (auto &X : U) {<br>

+  for (size_t i = 0; i < Size; i++) {<br>

+    uint8_t &X = Data[i];<br>

     auto NewX = X;<br>

     NewX &= 127;<br>

     if (!isspace(NewX) && !isprint(NewX))<br>

<br>

<br>

_______________________________________________<br>

llvm-commits mailing list<br>

<a href="mailto:llvm-commits@lists.llvm.org" target="_blank">llvm-commits@lists.llvm.org</a><br>

<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits</a><br>

</blockquote></div></div></div><br></div></div>

</blockquote></div><br></div></div>