[llvm] r290043 - Revert "[libFuzzer] add an experimental flag -experimental_len_control=1 that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code"
Daniel Jasper via llvm-commits
llvm-commits at lists.llvm.org
Sat Dec 17 04:27:50 PST 2016
Author: djasper
Date: Sat Dec 17 06:27:49 2016
New Revision: 290043
URL: http://llvm.org/viewvc/llvm-project?rev=290043&view=rev
Log:
Revert "[libFuzzer] add an experimental flag -experimental_len_control=1 that sets max_len to 1M and tries to increases the actual max sizes of mutations very gradually. Also remove a bit of dead code"
This reverts commit r289998.
See comment:
https://reviews.llvm.org/rL289998
Modified:
llvm/trunk/lib/Fuzzer/FuzzerCorpus.h
llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
llvm/trunk/lib/Fuzzer/FuzzerFlags.def
llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp
llvm/trunk/lib/Fuzzer/FuzzerOptions.h
Modified: llvm/trunk/lib/Fuzzer/FuzzerCorpus.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerCorpus.h?rev=290043&r1=290042&r2=290043&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerCorpus.h (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerCorpus.h Sat Dec 17 06:27:49 2016
@@ -59,12 +59,6 @@ class InputCorpus {
Res += !II->U.empty();
return Res;
}
- size_t MaxInputSize() const {
- size_t Res = 0;
- for (auto II : Inputs)
- Res = std::max(Res, II->U.size());
- return Res;
- }
bool empty() const { return Inputs.empty(); }
const Unit &operator[] (size_t Idx) const { return Inputs[Idx]->U; }
void AddToCorpus(const Unit &U, size_t NumFeatures, bool MayDeleteFile = false) {
Modified: llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp?rev=290043&r1=290042&r2=290043&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp Sat Dec 17 06:27:49 2016
@@ -390,9 +390,6 @@ int FuzzerDriver(int *argc, char ***argv
FuzzingOptions Options;
Options.Verbosity = Flags.verbosity;
Options.MaxLen = Flags.max_len;
- Options.ExperimentalLenControl = Flags.experimental_len_control;
- if (Flags.experimental_len_control && Flags.max_len == 64)
- Options.MaxLen = 1 << 20;
Options.UnitTimeoutSec = Flags.timeout;
Options.ErrorExitCode = Flags.error_exitcode;
Options.TimeoutExitCode = Flags.timeout_exitcode;
Modified: llvm/trunk/lib/Fuzzer/FuzzerFlags.def
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerFlags.def?rev=290043&r1=290042&r2=290043&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerFlags.def (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerFlags.def Sat Dec 17 06:27:49 2016
@@ -17,7 +17,6 @@ FUZZER_FLAG_INT(runs, -1,
FUZZER_FLAG_INT(max_len, 0, "Maximum length of the test input. "
"If 0, libFuzzer tries to guess a good value based on the corpus "
"and reports it. ")
-FUZZER_FLAG_INT(experimental_len_control, 0, "experimental flag")
FUZZER_FLAG_INT(cross_over, 1, "If 1, cross over inputs.")
FUZZER_FLAG_INT(mutate_depth, 5,
"Apply this number of consecutive mutations to each input.")
Modified: llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp?rev=290043&r1=290042&r2=290043&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp Sat Dec 17 06:27:49 2016
@@ -700,19 +700,6 @@ void Fuzzer::TryDetectingAMemoryLeak(con
}
}
-static size_t ComputeMutationLen(size_t MaxInputSize, size_t MaxMutationLen,
- Random &Rand) {
- assert(MaxInputSize <= MaxMutationLen);
- if (MaxInputSize == MaxMutationLen) return MaxMutationLen;
- size_t Result = MaxInputSize;
- size_t R = Rand.Rand();
- if ((R % (1U << 7)) == 0)
- Result++;
- if ((R % (1U << 15)) == 0)
- Result += 10 + Result / 2;
- return Min(Result, MaxMutationLen);
-}
-
void Fuzzer::MutateAndTestOne() {
MD.StartMutationSequence();
@@ -726,19 +713,13 @@ void Fuzzer::MutateAndTestOne() {
assert(MaxMutationLen > 0);
- size_t CurrentMaxMutationLen =
- Options.ExperimentalLenControl
- ? ComputeMutationLen(Corpus.MaxInputSize(), MaxMutationLen,
- MD.GetRand())
- : MaxMutationLen;
-
for (int i = 0; i < Options.MutateDepth; i++) {
if (TotalNumberOfRuns >= Options.MaxNumberOfRuns)
break;
size_t NewSize = 0;
- NewSize = MD.Mutate(CurrentUnitData, Size, CurrentMaxMutationLen);
+ NewSize = MD.Mutate(CurrentUnitData, Size, MaxMutationLen);
assert(NewSize > 0 && "Mutator returned empty unit");
- assert(NewSize <= CurrentMaxMutationLen && "Mutator return overisized unit");
+ assert(NewSize <= MaxMutationLen && "Mutator return overisized unit");
Size = NewSize;
if (i == 0)
StartTraceRecording();
Modified: llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp?rev=290043&r1=290042&r2=290043&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp Sat Dec 17 06:27:49 2016
@@ -485,6 +485,13 @@ size_t MutationDispatcher::MutateImpl(ui
size_t MaxSize,
const std::vector<Mutator> &Mutators) {
assert(MaxSize > 0);
+ if (Size == 0) {
+ for (size_t i = 0; i < MaxSize; i++)
+ Data[i] = RandCh(Rand);
+ if (Options.OnlyASCII)
+ ToASCII(Data, MaxSize);
+ return MaxSize;
+ }
assert(Size > 0);
// Some mutations may fail (e.g. can't insert more bytes if Size == MaxSize),
// in which case they will return 0.
Modified: llvm/trunk/lib/Fuzzer/FuzzerOptions.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerOptions.h?rev=290043&r1=290042&r2=290043&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerOptions.h (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerOptions.h Sat Dec 17 06:27:49 2016
@@ -19,7 +19,6 @@ namespace fuzzer {
struct FuzzingOptions {
int Verbosity = 1;
size_t MaxLen = 0;
- bool ExperimentalLenControl = false;
int UnitTimeoutSec = 300;
int TimeoutExitCode = 77;
int ErrorExitCode = 77;
More information about the llvm-commits
mailing list