[compiler-rt] 428beba - [libFuzzer] Fix value-profile-load test.
Dokyung Song via llvm-commits
llvm-commits at lists.llvm.org
Wed Aug 19 15:15:14 PDT 2020
Author: Dokyung Song
Date: 2020-08-19T22:14:43Z
New Revision: 428bebaf10e177db5e42206ca8f871f0bcbef058
URL: https://github.com/llvm/llvm-project/commit/428bebaf10e177db5e42206ca8f871f0bcbef058
DIFF: https://github.com/llvm/llvm-project/commit/428bebaf10e177db5e42206ca8f871f0bcbef058.diff
LOG: [libFuzzer] Fix value-profile-load test.
The behavior of the CrossOver mutator has changed with
bb54bcf84970c04c9748004f3a4cf59b0c1832a7. This seems to affect the
value-profile-load test on Darwin. This patch provides a wider margin for
determining success of the value-profile-load test, by testing the targeted
functionality (i.e., GEP index value profile) more directly and faster. To this
end, LoadTest.cpp now uses a narrower condition (Size != 8) for initial pruning
of inputs, effectively preventing libFuzzer from generating inputs longer than
necessary and spending time on mutating such long inputs in the corpus - a
functionality not meant to be tested by this specific test.
Previously, on x86/Linux, it required 6,597,751 execs with -use_value_profile=1
and 19,605,575 execs with -use_value_profile=0 to hit the crash. With this
patch, the test passes with 174,493 execs, providing a wider margin from the
given trials of 10,000,000. Note that, without the value profile (i.e.,
-use_value_profile=0), the test wouldn't pass as it still requires 19,605,575
execs to hit the crash.
Differential Revision: https://reviews.llvm.org/D86247
Added:
Modified:
compiler-rt/test/fuzzer/LoadTest.cpp
compiler-rt/test/fuzzer/value-profile-load.test
Removed:
################################################################################
diff --git a/compiler-rt/test/fuzzer/LoadTest.cpp b/compiler-rt/test/fuzzer/LoadTest.cpp
index 9cf101542cb4..906c6216c850 100644
--- a/compiler-rt/test/fuzzer/LoadTest.cpp
+++ b/compiler-rt/test/fuzzer/LoadTest.cpp
@@ -14,10 +14,10 @@ const int kArraySize = 1234567;
int array[kArraySize];
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
- if (Size < 8) return 0;
+ if (Size != 8)
+ return 0;
uint64_t a = 0;
memcpy(&a, Data, 8);
Sink = array[a % (kArraySize + 1)];
return 0;
}
-
diff --git a/compiler-rt/test/fuzzer/value-profile-load.test b/compiler-rt/test/fuzzer/value-profile-load.test
index 607b81cd527f..eb24d7b58ecf 100644
--- a/compiler-rt/test/fuzzer/value-profile-load.test
+++ b/compiler-rt/test/fuzzer/value-profile-load.test
@@ -1,3 +1,3 @@
CHECK: AddressSanitizer: global-buffer-overflow
RUN: %cpp_compiler %S/LoadTest.cpp -fsanitize-coverage=trace-gep -o %t-LoadTest
-RUN: not %run %t-LoadTest -seed=2 -use_cmp=0 -use_value_profile=1 -runs=20000000 2>&1 | FileCheck %s
+RUN: not %run %t-LoadTest -seed=2 -use_cmp=0 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s
More information about the llvm-commits
mailing list