[compiler-rt] f3c2e0b - [libFuzzer] Enable entropic by default.

Matt Morehouse via llvm-commits llvm-commits at lists.llvm.org
Wed Sep 16 10:45:10 PDT 2020 

Author: Matt Morehouse
Date: 2020-09-16T10:44:34-07:00
New Revision: f3c2e0bcee64b0905addaefe9cd0c9ad4d20ac6f

URL: https://github.com/llvm/llvm-project/commit/f3c2e0bcee64b0905addaefe9cd0c9ad4d20ac6f
DIFF: https://github.com/llvm/llvm-project/commit/f3c2e0bcee64b0905addaefe9cd0c9ad4d20ac6f.diff

LOG: [libFuzzer] Enable entropic by default.

Entropic has performed at least on par with vanilla scheduling on
Clusterfuzz, and has shown a slight coverage improvement on FuzzBench:
https://www.fuzzbench.com/reports/2020-08-31/index.html

Reviewed By: Dor1s

Differential Revision: https://reviews.llvm.org/D87476

Added: 
    

Modified: 
    compiler-rt/lib/fuzzer/FuzzerDriver.cpp
    compiler-rt/lib/fuzzer/FuzzerFlags.def
    compiler-rt/lib/fuzzer/FuzzerOptions.h
    compiler-rt/test/fuzzer/cross_over_uniform_dist.test
    compiler-rt/test/fuzzer/keep-seed.test

Removed: 
    


################################################################################
diff  --git a/compiler-rt/lib/fuzzer/FuzzerDriver.cpp b/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
index 57df1238c398..83ef642ceeb6 100644
--- a/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
+++ b/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
@@ -767,16 +767,12 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {
   Options.EntropicNumberOfRarestFeatures =
       (size_t)Flags.entropic_number_of_rarest_features;
   Options.EntropicScalePerExecTime = Flags.entropic_scale_per_exec_time;
-  if (Options.Entropic) {
-    if (!Options.FocusFunction.empty()) {
-      Printf("ERROR: The parameters `--entropic` and `--focus_function` cannot "
-             "be used together.\n");
-      exit(1);
-    }
+  if (!Options.FocusFunction.empty())
+    Options.Entropic = false; // FocusFunction overrides entropic scheduling.
+  if (Options.Entropic)
     Printf("INFO: Running with entropic power schedule (0x%X, %d).\n",
            Options.EntropicFeatureFrequencyThreshold,
            Options.EntropicNumberOfRarestFeatures);
-  }
   struct EntropicOptions Entropic;
   Entropic.Enabled = Options.Entropic;
   Entropic.FeatureFrequencyThreshold =

diff  --git a/compiler-rt/lib/fuzzer/FuzzerFlags.def b/compiler-rt/lib/fuzzer/FuzzerFlags.def
index c9a787e03833..4d4841b17ae4 100644
--- a/compiler-rt/lib/fuzzer/FuzzerFlags.def
+++ b/compiler-rt/lib/fuzzer/FuzzerFlags.def
@@ -171,8 +171,9 @@ FUZZER_FLAG_INT(ignore_remaining_args, 0, "If 1, ignore all arguments passed "
 FUZZER_FLAG_STRING(focus_function, "Experimental. "
      "Fuzzing will focus on inputs that trigger calls to this function. "
      "If -focus_function=auto and -data_flow_trace is used, libFuzzer "
-     "will choose the focus functions automatically.")
-FUZZER_FLAG_INT(entropic, 0, "Experimental. Enables entropic power schedule.")
+     "will choose the focus functions automatically. Disables -entropic when "
+     "specified.")
+FUZZER_FLAG_INT(entropic, 1, "Enables entropic power schedule.")
 FUZZER_FLAG_INT(entropic_feature_frequency_threshold, 0xFF, "Experimental. If "
      "entropic is enabled, all features which are observed less often than "
      "the specified value are considered as rare.")

diff  --git a/compiler-rt/lib/fuzzer/FuzzerOptions.h b/compiler-rt/lib/fuzzer/FuzzerOptions.h
index 706e1c64c706..20b810b2867f 100644
--- a/compiler-rt/lib/fuzzer/FuzzerOptions.h
+++ b/compiler-rt/lib/fuzzer/FuzzerOptions.h
@@ -46,7 +46,7 @@ struct FuzzingOptions {
   size_t MaxNumberOfRuns = -1L;
   int ReportSlowUnits = 10;
   bool OnlyASCII = false;
-  bool Entropic = false;
+  bool Entropic = true;
   size_t EntropicFeatureFrequencyThreshold = 0xFF;
   size_t EntropicNumberOfRarestFeatures = 100;
   bool EntropicScalePerExecTime = false;

diff  --git a/compiler-rt/test/fuzzer/cross_over_uniform_dist.test b/compiler-rt/test/fuzzer/cross_over_uniform_dist.test
index 0dff5fd628f3..b5ae7e465923 100644
--- a/compiler-rt/test/fuzzer/cross_over_uniform_dist.test
+++ b/compiler-rt/test/fuzzer/cross_over_uniform_dist.test
@@ -6,11 +6,11 @@ RUN: mkdir %t-corpus
 RUN: echo -n "@SELECT" > %t-corpus/A
 RUN: echo -n "@FROM WHERE" > %t-corpus/B
 
-RUN: not %run %t-CrossOverUniformDistTest -keep_seed=1 -cross_over_uniform_dist=1 -seed=1 -runs=2000000 %t-corpus 2>&1 | FileCheck %s
+RUN: not %run %t-CrossOverUniformDistTest -keep_seed=1 -cross_over_uniform_dist=1 -seed=1 -runs=5000000 %t-corpus 2>&1 | FileCheck %s
 CHECK: BINGO
 
 RUN: rm -rf %t-corpus
 RUN: mkdir %t-corpus
 RUN: echo -n "@SELECT" > %t-corpus/A
 RUN: echo -n "@FROM WHERE" > %t-corpus/B
-RUN: %run %t-CrossOverUniformDistTest -keep_seed=1 -seed=1 -runs=2000000 %t-corpus 2>&1
+RUN: %run %t-CrossOverUniformDistTest -keep_seed=1 -seed=1 -runs=5000000 %t-corpus 2>&1

diff  --git a/compiler-rt/test/fuzzer/keep-seed.test b/compiler-rt/test/fuzzer/keep-seed.test
index 29212ac7c177..a21cf46e8fe5 100644
--- a/compiler-rt/test/fuzzer/keep-seed.test
+++ b/compiler-rt/test/fuzzer/keep-seed.test
@@ -5,7 +5,7 @@ RUN: rm -rf %t-corpus
 RUN: mkdir %t-corpus
 RUN: echo -n SELECTxFROMxWHERE > %t-corpus/valid-fragments
 
-RUN: not %run %t-KeepSeedTest -keep_seed=1 -seed=1 -runs=2000000 %t-corpus 2>&1 | FileCheck %s
+RUN: not %run %t-KeepSeedTest -keep_seed=1 -seed=1 -runs=3000000 %t-corpus 2>&1 | FileCheck %s
 CHECK: BINGO
 
 RUN: rm -rf %t-corpus-baseline
@@ -13,5 +13,5 @@ RUN: mkdir %t-corpus-baseline
 RUN: echo -n SELECTxFROMxWHERE > %t-corpus-baseline/valid-fragments
 
 # The following checks whether without -keep_seed=1 libFuzzer does not find the
-# crashing input "SELECT FROM WHERE" even with 2x more runs.
+# crashing input "SELECT FROM WHERE" even with more runs.
 RUN: %run %t-KeepSeedTest -seed=1 -runs=4000000 %t-corpus-baseline -print_final_stats=1

More information about the llvm-commits mailing list