[compiler-rt] 428beba - [libFuzzer] Fix value-profile-load test.

Dokyung Song via llvm-commits llvm-commits at lists.llvm.org
Wed Aug 19 15:15:14 PDT 2020 

Author: Dokyung Song
Date: 2020-08-19T22:14:43Z
New Revision: 428bebaf10e177db5e42206ca8f871f0bcbef058

URL: https://github.com/llvm/llvm-project/commit/428bebaf10e177db5e42206ca8f871f0bcbef058
DIFF: https://github.com/llvm/llvm-project/commit/428bebaf10e177db5e42206ca8f871f0bcbef058.diff

LOG: [libFuzzer] Fix value-profile-load test.

The behavior of the CrossOver mutator has changed with
bb54bcf84970c04c9748004f3a4cf59b0c1832a7. This seems to affect the
value-profile-load test on Darwin. This patch provides a wider margin for
determining success of the value-profile-load test, by testing the targeted
functionality (i.e., GEP index value profile) more directly and faster. To this
end, LoadTest.cpp now uses a narrower condition (Size != 8) for initial pruning
of inputs, effectively preventing libFuzzer from generating inputs longer than
necessary and spending time on mutating such long inputs in the corpus - a
functionality not meant to be tested by this specific test.

Previously, on x86/Linux, it required 6,597,751 execs with -use_value_profile=1
and 19,605,575 execs with -use_value_profile=0 to hit the crash. With this
patch, the test passes with 174,493 execs, providing a wider margin from the
given trials of 10,000,000. Note that, without the value profile (i.e.,
-use_value_profile=0), the test wouldn't pass as it still requires 19,605,575
execs to hit the crash.

Differential Revision: https://reviews.llvm.org/D86247

Added: 
    

Modified: 
    compiler-rt/test/fuzzer/LoadTest.cpp
    compiler-rt/test/fuzzer/value-profile-load.test

Removed: 
    


################################################################################
diff  --git a/compiler-rt/test/fuzzer/LoadTest.cpp b/compiler-rt/test/fuzzer/LoadTest.cpp
index 9cf101542cb4..906c6216c850 100644
--- a/compiler-rt/test/fuzzer/LoadTest.cpp
+++ b/compiler-rt/test/fuzzer/LoadTest.cpp
@@ -14,10 +14,10 @@ const int kArraySize = 1234567;
 int array[kArraySize];
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
-  if (Size < 8) return 0;
+  if (Size != 8)
+    return 0;
   uint64_t a = 0;
   memcpy(&a, Data, 8);
   Sink = array[a % (kArraySize + 1)];
   return 0;
 }
-

diff  --git a/compiler-rt/test/fuzzer/value-profile-load.test b/compiler-rt/test/fuzzer/value-profile-load.test
index 607b81cd527f..eb24d7b58ecf 100644
--- a/compiler-rt/test/fuzzer/value-profile-load.test
+++ b/compiler-rt/test/fuzzer/value-profile-load.test
@@ -1,3 +1,3 @@
 CHECK: AddressSanitizer: global-buffer-overflow
 RUN: %cpp_compiler %S/LoadTest.cpp -fsanitize-coverage=trace-gep -o %t-LoadTest
-RUN: not %run %t-LoadTest -seed=2 -use_cmp=0 -use_value_profile=1 -runs=20000000 2>&1 | FileCheck %s
+RUN: not %run %t-LoadTest -seed=2 -use_cmp=0 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s

More information about the llvm-commits mailing list