[llvm] r298671 - [libFuzzer] increase kFeatureSetSize to 2^21 and make InputCorpus scale to that size. This will potentially make libFuzzer more sensitive on targets with lots of signals
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Thu Mar 23 17:45:15 PDT 2017
Author: kcc
Date: Thu Mar 23 19:45:15 2017
New Revision: 298671
URL: http://llvm.org/viewvc/llvm-project?rev=298671&view=rev
Log:
[libFuzzer] increase kFeatureSetSize to 2^21 and make InputCorpus scale to that size. This will potentially make libFuzzer more sensitive on targets with lots of signals
Modified:
llvm/trunk/lib/Fuzzer/FuzzerCorpus.h
llvm/trunk/lib/Fuzzer/test/FuzzerUnittest.cpp
Modified: llvm/trunk/lib/Fuzzer/FuzzerCorpus.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerCorpus.h?rev=298671&r1=298670&r2=298671&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerCorpus.h (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerCorpus.h Thu Mar 23 19:45:15 2017
@@ -37,8 +37,8 @@ struct InputInfo {
};
class InputCorpus {
+ static const size_t kFeatureSetSize = 1 << 21;
public:
- static const size_t kFeatureSetSize = 1 << 16;
InputCorpus(const std::string &OutputCorpus) : OutputCorpus(OutputCorpus) {
memset(InputSizesPerFeature, 0, sizeof(InputSizesPerFeature));
memset(SmallestElementPerFeature, 0, sizeof(SmallestElementPerFeature));
@@ -68,7 +68,8 @@ class InputCorpus {
}
bool empty() const { return Inputs.empty(); }
const Unit &operator[] (size_t Idx) const { return Inputs[Idx]->U; }
- void AddToCorpus(const Unit &U, size_t NumFeatures, bool MayDeleteFile = false) {
+ void AddToCorpus(const Unit &U, size_t NumFeatures,
+ bool MayDeleteFile = false) {
assert(!U.empty());
uint8_t Hash[kSHA1NumBytes];
if (FeatureDebug)
@@ -82,7 +83,7 @@ class InputCorpus {
II.MayDeleteFile = MayDeleteFile;
memcpy(II.Sha1, Hash, kSHA1NumBytes);
UpdateCorpusDistribution();
- ValidateFeatureSet();
+ // ValidateFeatureSet();
}
bool HasUnit(const Unit &U) { return Hashes.count(Hash(U)); }
@@ -144,6 +145,8 @@ class InputCorpus {
II.NumFeatures--;
if (II.NumFeatures == 0)
DeleteInput(OldIdx);
+ } else {
+ NumAddedFeatures++;
}
if (FeatureDebug)
Printf("ADD FEATURE %zd sz %d\n", Idx, NewSize);
@@ -155,12 +158,7 @@ class InputCorpus {
return false;
}
- size_t NumFeatures() const {
- size_t Res = 0;
- for (size_t i = 0; i < kFeatureSetSize; i++)
- Res += GetFeature(i) != 0;
- return Res;
- }
+ size_t NumFeatures() const { return NumAddedFeatures; }
void ResetFeatureSet() {
assert(Inputs.empty());
@@ -213,6 +211,7 @@ private:
std::vector<InputInfo*> Inputs;
bool CountingFeatures = false;
+ size_t NumAddedFeatures = 0;
uint32_t InputSizesPerFeature[kFeatureSetSize];
uint32_t SmallestElementPerFeature[kFeatureSetSize];
Modified: llvm/trunk/lib/Fuzzer/test/FuzzerUnittest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/FuzzerUnittest.cpp?rev=298671&r1=298670&r2=298671&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/FuzzerUnittest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/FuzzerUnittest.cpp Thu Mar 23 19:45:15 2017
@@ -586,15 +586,15 @@ TEST(FuzzerUtil, Base64) {
TEST(Corpus, Distribution) {
Random Rand(0);
- InputCorpus C("");
+ std::unique_ptr<InputCorpus> C(new InputCorpus(""));
size_t N = 10;
size_t TriesPerUnit = 1<<16;
for (size_t i = 0; i < N; i++)
- C.AddToCorpus(Unit{ static_cast<uint8_t>(i) }, 0);
+ C->AddToCorpus(Unit{ static_cast<uint8_t>(i) }, 0);
std::vector<size_t> Hist(N);
for (size_t i = 0; i < N * TriesPerUnit; i++) {
- Hist[C.ChooseUnitIdxToMutate(Rand)]++;
+ Hist[C->ChooseUnitIdxToMutate(Rand)]++;
}
for (size_t i = 0; i < N; i++) {
// A weak sanity check that every unit gets invoked.
More information about the llvm-commits
mailing list