[llvm] r249194 - [libFuzzer] remove experimental flag and functionality
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Fri Oct 2 15:00:33 PDT 2015
Author: kcc
Date: Fri Oct 2 17:00:32 2015
New Revision: 249194
URL: http://llvm.org/viewvc/llvm-project?rev=249194&view=rev
Log:
[libFuzzer] remove experimental flag and functionality
Modified:
llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
llvm/trunk/lib/Fuzzer/FuzzerFlags.def
llvm/trunk/lib/Fuzzer/FuzzerInternal.h
llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
llvm/trunk/lib/Fuzzer/test/fuzzer.test
Modified: llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp?rev=249194&r1=249193&r2=249194&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp Fri Oct 2 17:00:32 2015
@@ -255,7 +255,6 @@ int FuzzerDriver(const std::vector<std::
Options.ExitOnFirst = Flags.exit_on_first;
Options.UseCounters = Flags.use_counters;
Options.UseTraces = Flags.use_traces;
- Options.UseFullCoverageSet = Flags.use_full_coverage_set;
Options.PreferSmallDuringInitialShuffle =
Flags.prefer_small_during_initial_shuffle;
Options.Tokens = ReadTokensFile(Flags.deprecated_tokens);
Modified: llvm/trunk/lib/Fuzzer/FuzzerFlags.def
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerFlags.def?rev=249194&r1=249193&r2=249194&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerFlags.def (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerFlags.def Fri Oct 2 17:00:32 2015
@@ -37,10 +37,6 @@ FUZZER_FLAG_INT(
"Example: ./fuzzer -save_minimized_corpus=1 NEW_EMPTY_DIR OLD_CORPUS")
FUZZER_FLAG_INT(use_counters, 1, "Use coverage counters")
FUZZER_FLAG_INT(use_traces, 0, "Experimental: use instruction traces")
-FUZZER_FLAG_INT(use_full_coverage_set, 0,
- "Experimental: Maximize the number of different full"
- " coverage sets as opposed to maximizing the total coverage."
- " This is potentially MUCH slower, but may discover more paths.")
FUZZER_FLAG_INT(jobs, 0, "Number of jobs to run. If jobs >= 1 we spawn"
" this number of jobs in separate worker processes"
" with stdout/stderr redirected to fuzz-JOB.log.")
Modified: llvm/trunk/lib/Fuzzer/FuzzerInternal.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerInternal.h?rev=249194&r1=249193&r2=249194&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerInternal.h (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerInternal.h Fri Oct 2 17:00:32 2015
@@ -125,7 +125,6 @@ class Fuzzer {
size_t RunOne(const Unit &U);
void RunOneAndUpdateCorpus(Unit &U);
size_t RunOneMaximizeTotalCoverage(const Unit &U);
- size_t RunOneMaximizeFullCoverageSet(const Unit &U);
size_t RunOneMaximizeCoveragePairs(const Unit &U);
void WriteToOutputCorpus(const Unit &U);
void WriteUnitToFileWithPrefix(const Unit &U, const char *Prefix);
@@ -155,7 +154,6 @@ class Fuzzer {
std::vector<Unit> Corpus;
std::unordered_set<std::string> UnitHashesAddedToCorpus;
- std::unordered_set<uintptr_t> FullCoverageSets;
// For UseCounters
std::vector<uint8_t> CounterBitmap;
Modified: llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp?rev=249194&r1=249193&r2=249194&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp Fri Oct 2 17:00:32 2015
@@ -156,11 +156,7 @@ void Fuzzer::ShuffleAndMinimize() {
size_t Fuzzer::RunOne(const Unit &U) {
UnitStartTime = system_clock::now();
TotalNumberOfRuns++;
- size_t Res = 0;
- if (Options.UseFullCoverageSet)
- Res = RunOneMaximizeFullCoverageSet(U);
- else
- Res = RunOneMaximizeTotalCoverage(U);
+ size_t Res = RunOneMaximizeTotalCoverage(U);
auto UnitStopTime = system_clock::now();
auto TimeOfUnit =
duration_cast<seconds>(UnitStopTime - UnitStartTime).count();
@@ -183,14 +179,6 @@ void Fuzzer::RunOneAndUpdateCorpus(Unit
ReportNewCoverage(RunOne(U), U);
}
-static uintptr_t HashOfArrayOfPCs(uintptr_t *PCs, uintptr_t NumPCs) {
- uintptr_t Res = 0;
- for (uintptr_t i = 0; i < NumPCs; i++) {
- Res = (Res + PCs[i]) * 7;
- }
- return Res;
-}
-
Unit Fuzzer::SubstituteTokens(const Unit &U) const {
Unit Res;
for (auto Idx : U) {
@@ -214,22 +202,6 @@ void Fuzzer::ExecuteCallback(const Unit
}
}
-// Experimental.
-// Fuly reset the current coverage state, run a single unit,
-// compute a hash function from the full coverage set,
-// return non-zero if the hash value is new.
-// This produces tons of new units and as is it's only suitable for small tests,
-// e.g. test/FullCoverageSetTest.cpp. FIXME: make it scale.
-size_t Fuzzer::RunOneMaximizeFullCoverageSet(const Unit &U) {
- __sanitizer_reset_coverage();
- ExecuteCallback(U);
- uintptr_t *PCs;
- uintptr_t NumPCs =__sanitizer_get_coverage_guards(&PCs);
- if (FullCoverageSets.insert(HashOfArrayOfPCs(PCs, NumPCs)).second)
- return FullCoverageSets.size();
- return 0;
-}
-
size_t Fuzzer::RunOneMaximizeTotalCoverage(const Unit &U) {
size_t NumCounters = __sanitizer_get_number_of_counters();
if (Options.UseCounters) {
Modified: llvm/trunk/lib/Fuzzer/test/fuzzer.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/fuzzer.test?rev=249194&r1=249193&r2=249194&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/fuzzer.test (original)
+++ llvm/trunk/lib/Fuzzer/test/fuzzer.test Fri Oct 2 17:00:32 2015
@@ -17,9 +17,9 @@ TimeoutTest: Test unit written to timeou
RUN: not LLVMFuzzer-NullDerefTest 2>&1 | FileCheck %s --check-prefix=NullDerefTest
NullDerefTest: Test unit written to crash-
-RUN: not LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s
+#not LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s
-RUN: not LLVMFuzzer-FourIndependentBranchesTest -timeout=15 -seed=1 -use_full_coverage_set=1 2>&1 | FileCheck %s
+#not LLVMFuzzer-FourIndependentBranchesTest -timeout=15 -seed=1 -use_traces=1 2>&1 | FileCheck %s
RUN: not LLVMFuzzer-CounterTest -use_counters=1 -max_len=6 -seed=1 -timeout=15 2>&1 | FileCheck %s
More information about the llvm-commits
mailing list