[llvm] r260829 - [libFuzzer] remove std::vector operations from hot paths, NFC
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Tue Feb 16 16:14:42 PST 2016
On Tue, Feb 16, 2016 at 4:13 PM, David Blaikie <dblaikie at gmail.com> wrote:
>
>
> On Sat, Feb 13, 2016 at 9:56 AM, Kostya Serebryany via llvm-commits <
> llvm-commits at lists.llvm.org> wrote:
>
>> Author: kcc
>> Date: Sat Feb 13 11:56:51 2016
>> New Revision: 260829
>>
>> URL: http://llvm.org/viewvc/llvm-project?rev=260829&view=rev
>> Log:
>> [libFuzzer] remove std::vector operations from hot paths, NFC
>>
>> Modified:
>> llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
>> llvm/trunk/lib/Fuzzer/FuzzerInternal.h
>> llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
>> llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp
>> llvm/trunk/lib/Fuzzer/FuzzerUtil.cpp
>>
>> Modified: llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
>> URL:
>> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp?rev=260829&r1=260828&r2=260829&view=diff
>>
>> ==============================================================================
>> --- llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp (original)
>> +++ llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp Sat Feb 13 11:56:51 2016
>> @@ -229,7 +229,7 @@ int RunOneTest(Fuzzer *F, const char *In
>> Unit U = FileToVector(InputFilePath);
>> Unit PreciseSizedU(U);
>> assert(PreciseSizedU.size() == PreciseSizedU.capacity());
>> - F->ExecuteCallback(PreciseSizedU);
>> + F->ExecuteCallback(PreciseSizedU.data(), PreciseSizedU.size());
>>
>
> Could this be ArrayRef instead - then the call site wouldn't need to
> change?
>
This code can not use any of the nice LLVM infrastructure, it has to stay
independent.
>
>
>> return 0;
>> }
>>
>>
>> Modified: llvm/trunk/lib/Fuzzer/FuzzerInternal.h
>> URL:
>> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerInternal.h?rev=260829&r1=260828&r2=260829&view=diff
>>
>> ==============================================================================
>> --- llvm/trunk/lib/Fuzzer/FuzzerInternal.h (original)
>> +++ llvm/trunk/lib/Fuzzer/FuzzerInternal.h Sat Feb 13 11:56:51 2016
>> @@ -93,7 +93,7 @@ void ComputeSHA1(const uint8_t *Data, si
>>
>> // Changes U to contain only ASCII (isprint+isspace) characters.
>> // Returns true iff U has been changed.
>> -bool ToASCII(Unit &U);
>> +bool ToASCII(uint8_t *Data, size_t Size);
>> bool IsASCII(const Unit &U);
>>
>> int NumberOfCpuCores();
>> @@ -251,6 +251,7 @@ private:
>> std::vector<Mutator> CurrentMutatorSequence;
>> std::vector<DictionaryEntry *> CurrentDictionaryEntrySequence;
>> const std::vector<Unit> *Corpus = nullptr;
>> + std::vector<uint8_t> MutateInPlaceHere;
>>
>> static Mutator Mutators[];
>> };
>> @@ -318,7 +319,7 @@ public:
>>
>> static void StaticAlarmCallback();
>>
>> - void ExecuteCallback(const Unit &U);
>> + void ExecuteCallback(const uint8_t *Data, size_t Size);
>>
>> // Merge Corpora[1:] into Corpora[0].
>> void Merge(const std::vector<std::string> &Corpora);
>> @@ -328,8 +329,9 @@ private:
>> void AlarmCallback();
>> void MutateAndTestOne();
>> void ReportNewCoverage(const Unit &U);
>> - bool RunOne(const Unit &U);
>> - void RunOneAndUpdateCorpus(Unit &U);
>> + bool RunOne(const uint8_t *Data, size_t Size);
>> + bool RunOne(const Unit &U) { return RunOne(U.data(), U.size()); }
>> + void RunOneAndUpdateCorpus(uint8_t *Data, size_t Size);
>> void WriteToOutputCorpus(const Unit &U);
>> void WriteUnitToFileWithPrefix(const Unit &U, const char *Prefix);
>> void PrintStats(const char *Where, const char *End = "\n");
>> @@ -376,6 +378,8 @@ private:
>> return Res;
>> }
>>
>> + std::vector<uint8_t> MutateInPlaceHere;
>> +
>> std::piecewise_constant_distribution<double> CorpusDistribution;
>> UserCallback CB;
>> MutationDispatcher &MD;
>>
>> Modified: llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
>> URL:
>> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp?rev=260829&r1=260828&r2=260829&view=diff
>>
>> ==============================================================================
>> --- llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp (original)
>> +++ llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp Sat Feb 13 11:56:51 2016
>> @@ -208,7 +208,7 @@ void Fuzzer::ShuffleAndMinimize() {
>> size_t Last = std::min(First + Options.MaxLen, C.size());
>> U.insert(U.begin(), C.begin() + First, C.begin() + Last);
>> if (Options.OnlyASCII)
>> - ToASCII(U);
>> + ToASCII(U.data(), U.size());
>> if (RunOne(U)) {
>> NewCorpus.push_back(U);
>> if (Options.Verbosity >= 2)
>> @@ -223,12 +223,12 @@ void Fuzzer::ShuffleAndMinimize() {
>> PrintStats("INITED");
>> }
>>
>> -bool Fuzzer::RunOne(const Unit &U) {
>> +bool Fuzzer::RunOne(const uint8_t *Data, size_t Size) {
>> UnitStartTime = system_clock::now();
>> TotalNumberOfRuns++;
>>
>> PrepareCoverageBeforeRun();
>> - ExecuteCallback(U);
>> + ExecuteCallback(Data, Size);
>> bool Res = CheckCoverageAfterRun();
>>
>> auto UnitStopTime = system_clock::now();
>> @@ -241,29 +241,29 @@ bool Fuzzer::RunOne(const Unit &U) {
>> TimeOfUnit >= Options.ReportSlowUnits) {
>> TimeOfLongestUnitInSeconds = TimeOfUnit;
>> Printf("Slowest unit: %zd s:\n", TimeOfLongestUnitInSeconds);
>> - WriteUnitToFileWithPrefix(U, "slow-unit-");
>> + WriteUnitToFileWithPrefix({Data, Data + Size}, "slow-unit-");
>> }
>> return Res;
>> }
>>
>> -void Fuzzer::RunOneAndUpdateCorpus(Unit &U) {
>> +void Fuzzer::RunOneAndUpdateCorpus(uint8_t *Data, size_t Size) {
>> if (TotalNumberOfRuns >= Options.MaxNumberOfRuns)
>> return;
>> if (Options.OnlyASCII)
>> - ToASCII(U);
>> - if (RunOne(U))
>> - ReportNewCoverage(U);
>> + ToASCII(Data, Size);
>> + if (RunOne(Data, Size))
>> + ReportNewCoverage({Data, Data + Size});
>> }
>>
>> -void Fuzzer::ExecuteCallback(const Unit &U) {
>> +void Fuzzer::ExecuteCallback(const uint8_t *Data, size_t Size) {
>> // We copy the contents of Unit into a separate heap buffer
>> // so that we reliably find buffer overflows in it.
>> - std::unique_ptr<uint8_t[]> Data(new uint8_t[U.size()]);
>> - memcpy(Data.get(), U.data(), U.size());
>> - AssignTaintLabels(Data.get(), U.size());
>> - CurrentUnitData = Data.get();
>> - CurrentUnitSize = U.size();
>> - int Res = CB(Data.get(), U.size());
>> + std::unique_ptr<uint8_t[]> DataCopy(new uint8_t[Size]);
>> + memcpy(DataCopy.get(), Data, Size);
>> + AssignTaintLabels(DataCopy.get(), Size);
>> + CurrentUnitData = DataCopy.get();
>> + CurrentUnitSize = Size;
>> + int Res = CB(DataCopy.get(), Size);
>> (void)Res;
>> assert(Res == 0);
>> CurrentUnitData = nullptr;
>> @@ -411,24 +411,25 @@ void Fuzzer::Merge(const std::vector<std
>> void Fuzzer::MutateAndTestOne() {
>> MD.StartMutationSequence();
>>
>> - auto U = ChooseUnitToMutate();
>> + auto &U = ChooseUnitToMutate();
>> + MutateInPlaceHere.resize(Options.MaxLen);
>> + memcpy(MutateInPlaceHere.data(), U.data(), U.size());
>> + size_t Size = U.size();
>>
>> for (int i = 0; i < Options.MutateDepth; i++) {
>> - size_t Size = U.size();
>> - U.resize(Options.MaxLen);
>> size_t NewSize = 0;
>> if (LLVMFuzzerCustomMutator)
>> - NewSize = LLVMFuzzerCustomMutator(U.data(), Size, U.size(),
>> - MD.GetRand().Rand());
>> + NewSize = LLVMFuzzerCustomMutator(MutateInPlaceHere.data(), Size,
>> + Options.MaxLen,
>> MD.GetRand().Rand());
>> else
>> - NewSize = MD.Mutate(U.data(), Size, U.size());
>> + NewSize = MD.Mutate(MutateInPlaceHere.data(), Size,
>> Options.MaxLen);
>> assert(NewSize > 0 && "Mutator returned empty unit");
>> assert(NewSize <= (size_t)Options.MaxLen &&
>> "Mutator return overisized unit");
>> - U.resize(NewSize);
>> + Size = NewSize;
>> if (i == 0)
>> StartTraceRecording();
>> - RunOneAndUpdateCorpus(U);
>> + RunOneAndUpdateCorpus(MutateInPlaceHere.data(), Size);
>> StopTraceRecording();
>> }
>> }
>>
>> Modified: llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp
>> URL:
>> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp?rev=260829&r1=260828&r2=260829&view=diff
>>
>> ==============================================================================
>> --- llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp (original)
>> +++ llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp Sat Feb 13 11:56:51 2016
>> @@ -176,7 +176,8 @@ size_t MutationDispatcher::Mutate_CrossO
>> size_t Idx = Rand(Corpus->size());
>> const Unit &Other = (*Corpus)[Idx];
>> if (Other.empty()) return 0;
>> - Unit U(MaxSize);
>> + MutateInPlaceHere.resize(MaxSize);
>> + auto &U = MutateInPlaceHere;
>> size_t NewSize =
>> CrossOver(Data, Size, Other.data(), Other.size(), U.data(),
>> U.size());
>> assert(NewSize > 0 && "CrossOver returned empty unit");
>>
>> Modified: llvm/trunk/lib/Fuzzer/FuzzerUtil.cpp
>> URL:
>> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerUtil.cpp?rev=260829&r1=260828&r2=260829&view=diff
>>
>> ==============================================================================
>> --- llvm/trunk/lib/Fuzzer/FuzzerUtil.cpp (original)
>> +++ llvm/trunk/lib/Fuzzer/FuzzerUtil.cpp Sat Feb 13 11:56:51 2016
>> @@ -93,9 +93,10 @@ int ExecuteCommand(const std::string &Co
>> return system(Command.c_str());
>> }
>>
>> -bool ToASCII(Unit &U) {
>> +bool ToASCII(uint8_t *Data, size_t Size) {
>> bool Changed = false;
>> - for (auto &X : U) {
>> + for (size_t i = 0; i < Size; i++) {
>> + uint8_t &X = Data[i];
>> auto NewX = X;
>> NewX &= 127;
>> if (!isspace(NewX) && !isprint(NewX))
>>
>>
>> _______________________________________________
>> llvm-commits mailing list
>> llvm-commits at lists.llvm.org
>> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20160216/e6506df4/attachment.html>
More information about the llvm-commits
mailing list