[llvm-dev] libFuzzer vs. unrolling
George Karpenkov via llvm-dev
llvm-dev at lists.llvm.org
Wed Aug 8 16:04:15 PDT 2018
Hi,
After https://reviews.llvm.org/D48800 landed, shrink.test stopped passing for us on x86_64h architecture (x86_64 + some haswell extensions).
After looking further into this today, I have noticed that optimizations on haswell are more likely to do unrolling (since it can do more advanced vectorization).
The main loop (inside the callback) in shrink.test gets unrolled thrice, and stays the same on x86_64.
I see how unrolling could mess with coverage, as conceptually the same location in the code becomes e.g. three after unrolling,
and fuzzer should prefer exploring different portions of the program to going around the loop.
Should we then disable unrolling when OPT_FOR_FUZZING is enabled in the spirit of https://reviews.llvm.org/D44232 ?
Or just increase the limit on shrink.test?
Regards,
George
More information about the llvm-dev
mailing list