[compiler-rt] r320531 - [libFuzzer] change the strategy for -experimental_len_control to grow max_len slower
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Tue Dec 12 15:11:29 PST 2017
Author: kcc
Date: Tue Dec 12 15:11:28 2017
New Revision: 320531
URL: http://llvm.org/viewvc/llvm-project?rev=320531&view=rev
Log:
[libFuzzer] change the strategy for -experimental_len_control to grow max_len slower
Modified:
compiler-rt/trunk/lib/fuzzer/FuzzerInternal.h
compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp
compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.h
compiler-rt/trunk/lib/fuzzer/FuzzerUtil.h
compiler-rt/trunk/test/fuzzer/trace-malloc-unbalanced.test
Modified: compiler-rt/trunk/lib/fuzzer/FuzzerInternal.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerInternal.h?rev=320531&r1=320530&r2=320531&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerInternal.h (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerInternal.h Tue Dec 12 15:11:28 2017
@@ -124,8 +124,6 @@ private:
size_t NumberOfNewUnitsAdded = 0;
size_t LastCorpusUpdateRun = 0;
- system_clock::time_point LastCorpusUpdateTime = system_clock::now();
-
bool HasMoreMallocsThanFrees = false;
size_t NumberOfLeakDetectionAttempts = 0;
Modified: compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp?rev=320531&r1=320530&r2=320531&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp Tue Dec 12 15:11:28 2017
@@ -567,7 +567,6 @@ void Fuzzer::ReportNewCoverage(InputInfo
NumberOfNewUnitsAdded++;
CheckExitOnSrcPosOrItem(); // Check only after the unit is saved to corpus.
LastCorpusUpdateRun = TotalNumberOfRuns;
- LastCorpusUpdateTime = system_clock::now();
}
// Tries detecting a memory leak on the particular input that we have just
@@ -758,18 +757,15 @@ void Fuzzer::Loop(const Vector<std::stri
// Update TmpMaxMutationLen
if (Options.ExperimentalLenControl) {
if (TmpMaxMutationLen < MaxMutationLen &&
- (TotalNumberOfRuns - LastCorpusUpdateRun >
- Options.ExperimentalLenControl &&
- duration_cast<seconds>(Now - LastCorpusUpdateTime).count() >= 1)) {
- LastCorpusUpdateRun = TotalNumberOfRuns;
- LastCorpusUpdateTime = Now;
+ TotalNumberOfRuns - LastCorpusUpdateRun >
+ Options.ExperimentalLenControl * Log(TmpMaxMutationLen)) {
TmpMaxMutationLen =
- Min(MaxMutationLen,
- TmpMaxMutationLen + Max(size_t(4), TmpMaxMutationLen / 8));
+ Min(MaxMutationLen, TmpMaxMutationLen + Log(TmpMaxMutationLen));
if (TmpMaxMutationLen <= MaxMutationLen)
Printf("#%zd\tTEMP_MAX_LEN: %zd (%zd %zd)\n", TotalNumberOfRuns,
TmpMaxMutationLen, Options.ExperimentalLenControl,
LastCorpusUpdateRun);
+ LastCorpusUpdateRun = TotalNumberOfRuns;
}
} else {
TmpMaxMutationLen = MaxMutationLen;
Modified: compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.h?rev=320531&r1=320530&r2=320531&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.h (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.h Tue Dec 12 15:11:28 2017
@@ -276,7 +276,7 @@ void TracePC::CollectFeatures(Callback H
// Step function, grows similar to 8 * Log_2(A).
auto StackDepthStepFunction = [](uint32_t A) -> uint32_t {
- uint32_t Log2 = 32 - __builtin_clz(A) - 1;
+ uint32_t Log2 = Log(A);
if (Log2 < 3) return A;
Log2 -= 3;
return (Log2 + 1) * 8 + ((A >> Log2) & 7);
Modified: compiler-rt/trunk/lib/fuzzer/FuzzerUtil.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerUtil.h?rev=320531&r1=320530&r2=320531&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerUtil.h (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerUtil.h Tue Dec 12 15:11:28 2017
@@ -80,6 +80,8 @@ std::string SearchRegexCmd(const std::st
size_t SimpleFastHash(const uint8_t *Data, size_t Size);
+inline uint32_t Log(uint32_t X) { return 32 - __builtin_clz(X) - 1; }
+
} // namespace fuzzer
#endif // LLVM_FUZZER_UTIL_H
Modified: compiler-rt/trunk/test/fuzzer/trace-malloc-unbalanced.test
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/fuzzer/trace-malloc-unbalanced.test?rev=320531&r1=320530&r2=320531&view=diff
==============================================================================
--- compiler-rt/trunk/test/fuzzer/trace-malloc-unbalanced.test (original)
+++ compiler-rt/trunk/test/fuzzer/trace-malloc-unbalanced.test Tue Dec 12 15:11:28 2017
@@ -6,10 +6,10 @@ UNSUPPORTED: darwin
RUN: %cpp_compiler %S/TraceMallocTest.cpp -o %t-TraceMallocTest
-RUN: %t-TraceMallocTest -seed=1 -trace_malloc=1 -runs=100 2>&1 | \
+RUN: %t-TraceMallocTest -seed=1 -trace_malloc=1 -runs=200 2>&1 | \
RUN: %libfuzzer_src/scripts/unbalanced_allocs.py --skip=5 | FileCheck %s
-RUN: %t-TraceMallocTest -seed=1 -trace_malloc=2 -runs=100 2>&1 | \
+RUN: %t-TraceMallocTest -seed=1 -trace_malloc=2 -runs=200 2>&1 | \
RUN: %libfuzzer_src/scripts/unbalanced_allocs.py --skip=5 | FileCheck %s --check-prefixes=CHECK,CHECK2
CHECK: MallocFreeTracer: START
More information about the llvm-commits
mailing list