[PATCH] D73776: Entropic: Boosting LibFuzzer Performance

[marcel via Phabricator via llvm-commits]

marcel marked 2 inline comments as done.
marcel added inline comments.


================
Comment at: compiler-rt/lib/fuzzer/FuzzerCorpus.h:36
   size_t NumSuccessfullMutations = 0;
+  size_t TotalFuzzTime = 0; // in microseconds
   bool MayDeleteFile = false;
----------------
kcc wrote:
> this is new in the patch, is it? 
> While I completely understand why we'd want to use execution time as a signal for weights, 
> it makes fuzzing process non-reproducible with a given seed, which I consider pretty bad. 
> If we used 32- or 64- bit edge counters we could have substituted them for time, but alas, we use 8-bit ones. 
> this is new in the patch, is it?
Yes. Been playing with a few smaller tweaks to boost LF performance.

> While I completely understand why we'd want to use execution time as a signal for weights,
> it makes fuzzing process non-reproducible with a given seed, which I consider pretty bad.
Do you mean LibFuzzer should be fully deterministic when you start it with the same seed corpus (e.g., by fixing *the* random seed)? Currently, even without this patch I've been observing quite some variance in the coverage achieved over time. Happy to take it out, though, if this messes with the LF design principles.


================
Comment at: compiler-rt/lib/fuzzer/FuzzerCorpus.h:70
+  void UpdateEnergy(size_t GlobalNumberOfFeatures) {
+    long double PreciseEnergy = 0.0L;
+    SumIncidence = 0;
----------------
kcc wrote:
> I'm still worried about long double due to portability. 
> Do you actually "know" that it's critical to use long double here? 
You are right. After fixing frequencies to `uint16_t`, this can definitely be a `double`.


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D73776/new/

https://reviews.llvm.org/D73776