[compiler-rt] r373403 - [libFuzzer] Remove lazy counters.
Matt Morehouse via llvm-commits
llvm-commits at lists.llvm.org
Tue Oct 1 15:49:07 PDT 2019
Author: morehouse
Date: Tue Oct 1 15:49:06 2019
New Revision: 373403
URL: http://llvm.org/viewvc/llvm-project?rev=373403&view=rev
Log:
[libFuzzer] Remove lazy counters.
Summary: Lazy counters haven't improved performance for large fuzz targets.
Reviewers: kcc
Reviewed By: kcc
Subscribers: llvm-commits
Tags: #llvm
Differential Revision: https://reviews.llvm.org/D67476
Modified:
compiler-rt/trunk/lib/fuzzer/FuzzerDriver.cpp
compiler-rt/trunk/lib/fuzzer/FuzzerFlags.def
compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp
compiler-rt/trunk/lib/fuzzer/FuzzerOptions.h
compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.cpp
compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.h
compiler-rt/trunk/lib/fuzzer/FuzzerUtil.h
compiler-rt/trunk/lib/fuzzer/FuzzerUtilFuchsia.cpp
compiler-rt/trunk/lib/fuzzer/FuzzerUtilPosix.cpp
compiler-rt/trunk/lib/fuzzer/FuzzerUtilWindows.cpp
compiler-rt/trunk/test/fuzzer/large.test
Modified: compiler-rt/trunk/lib/fuzzer/FuzzerDriver.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerDriver.cpp?rev=373403&r1=373402&r2=373403&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerDriver.cpp (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerDriver.cpp Tue Oct 1 15:49:06 2019
@@ -708,7 +708,6 @@ int FuzzerDriver(int *argc, char ***argv
Options.FeaturesDir = Flags.features_dir;
if (Flags.collect_data_flow)
Options.CollectDataFlow = Flags.collect_data_flow;
- Options.LazyCounters = Flags.lazy_counters;
if (Flags.stop_file)
Options.StopFile = Flags.stop_file;
Modified: compiler-rt/trunk/lib/fuzzer/FuzzerFlags.def
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerFlags.def?rev=373403&r1=373402&r2=373403&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerFlags.def (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerFlags.def Tue Oct 1 15:49:06 2019
@@ -123,9 +123,6 @@ FUZZER_FLAG_INT(handle_term, 1, "If 1, t
FUZZER_FLAG_INT(handle_xfsz, 1, "If 1, try to intercept SIGXFSZ.")
FUZZER_FLAG_INT(handle_usr1, 1, "If 1, try to intercept SIGUSR1.")
FUZZER_FLAG_INT(handle_usr2, 1, "If 1, try to intercept SIGUSR2.")
-FUZZER_FLAG_INT(lazy_counters, 0, "If 1, a performance optimization is"
- "enabled for the 8bit inline counters. "
- "Requires that libFuzzer successfully installs its SEGV handler")
FUZZER_FLAG_INT(close_fd_mask, 0, "If 1, close stdout at startup; "
"if 2, close stderr; if 3, close both. "
"Be careful, this will also close e.g. stderr of asan.")
Modified: compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp?rev=373403&r1=373402&r2=373403&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp Tue Oct 1 15:49:06 2019
@@ -742,10 +742,6 @@ void Fuzzer::ReadAndExecuteSeedCorpora(V
uint8_t dummy = 0;
ExecuteCallback(&dummy, 0);
- // Protect lazy counters here, after the once-init code has been executed.
- if (Options.LazyCounters)
- TPC.ProtectLazyCounters();
-
if (CorporaFiles.empty()) {
Printf("INFO: A corpus is not provided, starting from an empty corpus\n");
Unit U({'\n'}); // Valid ASCII input.
Modified: compiler-rt/trunk/lib/fuzzer/FuzzerOptions.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerOptions.h?rev=373403&r1=373402&r2=373403&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerOptions.h (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerOptions.h Tue Oct 1 15:49:06 2019
@@ -75,7 +75,6 @@ struct FuzzingOptions {
bool HandleXfsz = false;
bool HandleUsr1 = false;
bool HandleUsr2 = false;
- bool LazyCounters = false;
};
} // namespace fuzzer
Modified: compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.cpp?rev=373403&r1=373402&r2=373403&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.cpp (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.cpp Tue Oct 1 15:49:06 2019
@@ -67,45 +67,6 @@ void TracePC::HandleInline8bitCountersIn
NumInline8bitCounters += M.Size();
}
-// Mark all full page counter regions as PROT_NONE and set Enabled=false.
-// The first time the instrumented code hits such a protected/disabled
-// counter region we should catch a SEGV and call UnprotectLazyCounters,
-// which will mark the page as PROT_READ|PROT_WRITE and set Enabled=true.
-//
-// Whenever other functions iterate over the counters they should ignore
-// regions with Enabled=false.
-void TracePC::ProtectLazyCounters() {
- size_t NumPagesProtected = 0;
- IterateCounterRegions([&](Module::Region &R) {
- if (!R.OneFullPage) return;
- if (Mprotect(R.Start, R.Stop - R.Start, false)) {
- R.Enabled = false;
- NumPagesProtected++;
- }
- });
- if (NumPagesProtected)
- Printf("INFO: %zd pages of counters where protected;"
- " libFuzzer's SEGV handler must be installed\n",
- NumPagesProtected);
-}
-
-bool TracePC::UnprotectLazyCounters(void *CounterPtr) {
- // Printf("UnprotectLazyCounters: %p\n", CounterPtr);
- if (!CounterPtr)
- return false;
- bool Done = false;
- uint8_t *Addr = reinterpret_cast<uint8_t *>(CounterPtr);
- IterateCounterRegions([&](Module::Region &R) {
- if (!R.OneFullPage || R.Enabled || Done) return;
- if (Addr >= R.Start && Addr < R.Stop)
- if (Mprotect(R.Start, R.Stop - R.Start, true)) {
- R.Enabled = true;
- Done = true;
- }
- });
- return Done;
-}
-
void TracePC::HandlePCsInit(const uintptr_t *Start, const uintptr_t *Stop) {
const PCTableEntry *B = reinterpret_cast<const PCTableEntry *>(Start);
const PCTableEntry *E = reinterpret_cast<const PCTableEntry *>(Stop);
Modified: compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.h?rev=373403&r1=373402&r2=373403&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.h (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.h Tue Oct 1 15:49:06 2019
@@ -119,9 +119,6 @@ class TracePC {
void SetFocusFunction(const std::string &FuncName);
bool ObservedFocusFunction();
- void ProtectLazyCounters();
- bool UnprotectLazyCounters(void *CounterPtr);
-
struct PCTableEntry {
uintptr_t PC, PCFlags;
};
Modified: compiler-rt/trunk/lib/fuzzer/FuzzerUtil.h
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerUtil.h?rev=373403&r1=373402&r2=373403&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerUtil.h (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerUtil.h Tue Oct 1 15:49:06 2019
@@ -52,8 +52,6 @@ void SetSignalHandler(const FuzzingOptio
void SleepSeconds(int Seconds);
-bool Mprotect(void *Ptr, size_t Size, bool AllowReadWrite);
-
unsigned long GetPid();
size_t GetPeakRSSMb();
Modified: compiler-rt/trunk/lib/fuzzer/FuzzerUtilFuchsia.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerUtilFuchsia.cpp?rev=373403&r1=373402&r2=373403&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerUtilFuchsia.cpp (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerUtilFuchsia.cpp Tue Oct 1 15:49:06 2019
@@ -305,10 +305,6 @@ void CrashHandler(zx_handle_t *Event) {
} // namespace
-bool Mprotect(void *Ptr, size_t Size, bool AllowReadWrite) {
- return false; // UNIMPLEMENTED
-}
-
// Platform specific functions.
void SetSignalHandler(const FuzzingOptions &Options) {
// Make sure information from libFuzzer and the sanitizers are easy to
Modified: compiler-rt/trunk/lib/fuzzer/FuzzerUtilPosix.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerUtilPosix.cpp?rev=373403&r1=373402&r2=373403&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerUtilPosix.cpp (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerUtilPosix.cpp Tue Oct 1 15:49:06 2019
@@ -37,7 +37,6 @@ static void (*upstream_segv_handler)(int
static void SegvHandler(int sig, siginfo_t *si, void *ucontext) {
assert(si->si_signo == SIGSEGV);
- if (TPC.UnprotectLazyCounters(si->si_addr)) return;
if (upstream_segv_handler)
return upstream_segv_handler(sig, si, ucontext);
Fuzzer::StaticCrashSignalCallback();
@@ -98,11 +97,6 @@ void SetTimer(int Seconds) {
SetSigaction(SIGALRM, AlarmHandler);
}
-bool Mprotect(void *Ptr, size_t Size, bool AllowReadWrite) {
- return 0 == mprotect(Ptr, Size,
- AllowReadWrite ? (PROT_READ | PROT_WRITE) : PROT_NONE);
-}
-
void SetSignalHandler(const FuzzingOptions& Options) {
if (Options.UnitTimeoutSec > 0)
SetTimer(Options.UnitTimeoutSec / 2 + 1);
Modified: compiler-rt/trunk/lib/fuzzer/FuzzerUtilWindows.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerUtilWindows.cpp?rev=373403&r1=373402&r2=373403&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerUtilWindows.cpp (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerUtilWindows.cpp Tue Oct 1 15:49:06 2019
@@ -111,10 +111,6 @@ static TimerQ Timer;
static void CrashHandler(int) { Fuzzer::StaticCrashSignalCallback(); }
-bool Mprotect(void *Ptr, size_t Size, bool AllowReadWrite) {
- return false; // UNIMPLEMENTED
-}
-
void SetSignalHandler(const FuzzingOptions& Options) {
HandlerOpt = &Options;
Modified: compiler-rt/trunk/test/fuzzer/large.test
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/fuzzer/large.test?rev=373403&r1=373402&r2=373403&view=diff
==============================================================================
--- compiler-rt/trunk/test/fuzzer/large.test (original)
+++ compiler-rt/trunk/test/fuzzer/large.test Tue Oct 1 15:49:06 2019
@@ -1,7 +1,4 @@
-REQUIRES: linux
RUN: %cpp_compiler %S/LargeTest.cpp -o %t-LargeTest
RUN: %run %t-LargeTest -runs=10000
-RUN: %env_asan_opts=handle_segv=0 %run %t-LargeTest -runs=10000 -lazy_counters=1 2>&1 | FileCheck %s
-RUN: %run %t-LargeTest -runs=10000 -lazy_counters=1 2>&1 | FileCheck %s
CHECK: pages of counters where protected; libFuzzer's SEGV handler must be installed
More information about the llvm-commits
mailing list