r233459 - Make the clang-fuzzer use the CompilerInstance directly.

Kostya Serebryany kcc at google.com
Sat Mar 28 14:14:19 PDT 2015 

On Fri, Mar 27, 2015 at 6:26 PM, Sean Silva <chisophugis at gmail.com> wrote:

>
>
> On Fri, Mar 27, 2015 at 5:42 PM, Manuel Klimek <klimek at google.com> wrote:
>
>> Author: klimek
>> Date: Fri Mar 27 19:42:36 2015
>> New Revision: 233459
>>
>> URL: http://llvm.org/viewvc/llvm-project?rev=233459&view=rev
>> Log:
>> Make the clang-fuzzer use the CompilerInstance directly.
>>
>> Going through the driver is too slow.
>>
>
> Interesting. How much was the overhead? (clang wasn't forking, was it?)
>
> Before this patch the fuzzer did  50 execs/s, did lots of IO, and killed
my machine in ~ 10 minutes.
After this patch the fuzzer gives 400 execs/s  and my machine survived the
night.
400 execs/s is still a bit too slow for effective fuzzing.


> -- Sean Silva
>
>
>>
>> Modified:
>>     cfe/trunk/include/clang/Tooling/Tooling.h
>>     cfe/trunk/lib/Tooling/Tooling.cpp
>>     cfe/trunk/tools/clang-fuzzer/ClangFuzzer.cpp
>>
>> Modified: cfe/trunk/include/clang/Tooling/Tooling.h
>> URL:
>> http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Tooling/Tooling.h?rev=233459&r1=233458&r2=233459&view=diff
>>
>> ==============================================================================
>> --- cfe/trunk/include/clang/Tooling/Tooling.h (original)
>> +++ cfe/trunk/include/clang/Tooling/Tooling.h Fri Mar 27 19:42:36 2015
>> @@ -40,6 +40,7 @@
>>  #include "clang/Tooling/CompilationDatabase.h"
>>  #include "llvm/ADT/StringMap.h"
>>  #include "llvm/ADT/Twine.h"
>> +#include "llvm/Option/Option.h"
>>  #include <memory>
>>  #include <string>
>>  #include <vector>
>> @@ -383,6 +384,11 @@ inline std::unique_ptr<FrontendActionFac
>>  /// \param File Either an absolute or relative path.
>>  std::string getAbsolutePath(StringRef File);
>>
>> +/// \brief Creates a \c CompilerInvocation.
>> +clang::CompilerInvocation *newInvocation(
>> +    clang::DiagnosticsEngine *Diagnostics,
>> +    const llvm::opt::ArgStringList &CC1Args);
>> +
>>  } // end namespace tooling
>>  } // end namespace clang
>>
>>
>> Modified: cfe/trunk/lib/Tooling/Tooling.cpp
>> URL:
>> http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Tooling/Tooling.cpp?rev=233459&r1=233458&r2=233459&view=diff
>>
>> ==============================================================================
>> --- cfe/trunk/lib/Tooling/Tooling.cpp (original)
>> +++ cfe/trunk/lib/Tooling/Tooling.cpp Fri Mar 27 19:42:36 2015
>> @@ -90,7 +90,7 @@ static const llvm::opt::ArgStringList *g
>>  }
>>
>>  /// \brief Returns a clang build invocation initialized from the CC1
>> flags.
>> -static clang::CompilerInvocation *newInvocation(
>> +clang::CompilerInvocation *newInvocation(
>>      clang::DiagnosticsEngine *Diagnostics,
>>      const llvm::opt::ArgStringList &CC1Args) {
>>    assert(!CC1Args.empty() && "Must at least contain the program name!");
>>
>> Modified: cfe/trunk/tools/clang-fuzzer/ClangFuzzer.cpp
>> URL:
>> http://llvm.org/viewvc/llvm-project/cfe/trunk/tools/clang-fuzzer/ClangFuzzer.cpp?rev=233459&r1=233458&r2=233459&view=diff
>>
>> ==============================================================================
>> --- cfe/trunk/tools/clang-fuzzer/ClangFuzzer.cpp (original)
>> +++ cfe/trunk/tools/clang-fuzzer/ClangFuzzer.cpp Fri Mar 27 19:42:36 2015
>> @@ -16,17 +16,28 @@
>>  #include "clang/Tooling/Tooling.h"
>>  #include "clang/Frontend/FrontendActions.h"
>>  #include "clang/Frontend/CompilerInstance.h"
>> +#include "llvm/Option/Option.h"
>>
>>  using namespace clang;
>>
>>  extern "C" void TestOneInput(uint8_t *data, size_t size) {
>>    std::string s((const char *)data, size);
>> +  llvm::opt::ArgStringList CC1Args;
>> +  CC1Args.push_back("-cc1");
>> +  CC1Args.push_back("test.cc");
>>    llvm::IntrusiveRefCntPtr<FileManager> Files(
>>        new FileManager(FileSystemOptions()));
>> -  tooling::ToolInvocation Invocation({"clang", "-c", "test.cc"},
>> -                                     new clang::SyntaxOnlyAction,
>> Files.get());
>>    IgnoringDiagConsumer Diags;
>> -  Invocation.setDiagnosticConsumer(&Diags);
>> -  Invocation.mapVirtualFile("test.cc", s);
>> -  Invocation.run();
>> +  IntrusiveRefCntPtr<DiagnosticOptions> DiagOpts = new
>> DiagnosticOptions();
>> +  DiagnosticsEngine Diagnostics(
>> +      IntrusiveRefCntPtr<clang::DiagnosticIDs>(new DiagnosticIDs()),
>> &*DiagOpts,
>> +      &Diags, false);
>> +  std::unique_ptr<clang::CompilerInvocation> Invocation(
>> +      tooling::newInvocation(&Diagnostics, CC1Args));
>> +  std::unique_ptr<llvm::MemoryBuffer> Input =
>> +      llvm::MemoryBuffer::getMemBuffer(s);
>> +  Invocation->getPreprocessorOpts().addRemappedFile("test.cc",
>> Input.release());
>> +  std::unique_ptr<tooling::ToolAction> action(
>> +      tooling::newFrontendActionFactory<clang::SyntaxOnlyAction>());
>> +  action->runInvocation(Invocation.release(), Files.get(), &Diags);
>>  }
>>
>>
>> _______________________________________________
>> cfe-commits mailing list
>> cfe-commits at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
>>
>
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20150328/14cb72a0/attachment.html>

More information about the cfe-commits mailing list