[compiler-rt] 9e7b730 - [libFuzzer] Update InputInfo.TimeOfUnit when replacing it in the corpus.
Matt Morehouse via llvm-commits
llvm-commits at lists.llvm.org
Wed Oct 20 06:53:22 PDT 2021
Author: PZ Read
Date: 2021-10-20T06:52:57-07:00
New Revision: 9e7b7303f1d3556756d7c4db8fa02969c8f11c58
URL: https://github.com/llvm/llvm-project/commit/9e7b7303f1d3556756d7c4db8fa02969c8f11c58
DIFF: https://github.com/llvm/llvm-project/commit/9e7b7303f1d3556756d7c4db8fa02969c8f11c58.diff
LOG: [libFuzzer] Update InputInfo.TimeOfUnit when replacing it in the corpus.
Previously, when the fuzzing loop replaced an input in the corpus, it didn't update the execution time of the input. Therefore, some schedulers (e.g. Entropic) would adjust weights based on the incorrect execution time.
This patch updates the execution time of the input when replacing it.
Reviewed By: morehouse
Differential Revision: https://reviews.llvm.org/D111479
Added:
Modified:
compiler-rt/lib/fuzzer/FuzzerCorpus.h
compiler-rt/lib/fuzzer/FuzzerLoop.cpp
compiler-rt/lib/fuzzer/tests/FuzzerUnittest.cpp
Removed:
################################################################################
diff --git a/compiler-rt/lib/fuzzer/FuzzerCorpus.h b/compiler-rt/lib/fuzzer/FuzzerCorpus.h
index d2d58691b7d5..e01891e18fe3 100644
--- a/compiler-rt/lib/fuzzer/FuzzerCorpus.h
+++ b/compiler-rt/lib/fuzzer/FuzzerCorpus.h
@@ -284,7 +284,8 @@ class InputCorpus {
}
}
- void Replace(InputInfo *II, const Unit &U) {
+ void Replace(InputInfo *II, const Unit &U,
+ std::chrono::microseconds TimeOfUnit) {
assert(II->U.size() > U.size());
Hashes.erase(Sha1ToString(II->Sha1));
DeleteFile(*II);
@@ -292,6 +293,7 @@ class InputCorpus {
Hashes.insert(Sha1ToString(II->Sha1));
II->U = U;
II->Reduced = true;
+ II->TimeOfUnit = TimeOfUnit;
DistributionNeedsUpdate = true;
}
diff --git a/compiler-rt/lib/fuzzer/FuzzerLoop.cpp b/compiler-rt/lib/fuzzer/FuzzerLoop.cpp
index 4ac8ce282ccc..3205942f6d84 100644
--- a/compiler-rt/lib/fuzzer/FuzzerLoop.cpp
+++ b/compiler-rt/lib/fuzzer/FuzzerLoop.cpp
@@ -548,7 +548,7 @@ bool Fuzzer::RunOne(const uint8_t *Data, size_t Size, bool MayDeleteFile,
FoundUniqFeaturesOfII == II->UniqFeatureSet.size() &&
II->U.size() > Size) {
auto OldFeaturesFile = Sha1ToString(II->Sha1);
- Corpus.Replace(II, {Data, Data + Size});
+ Corpus.Replace(II, {Data, Data + Size}, TimeOfUnit);
RenameFeatureSetFile(Options.FeaturesDir, OldFeaturesFile,
Sha1ToString(II->Sha1));
return true;
diff --git a/compiler-rt/lib/fuzzer/tests/FuzzerUnittest.cpp b/compiler-rt/lib/fuzzer/tests/FuzzerUnittest.cpp
index accbaaa472af..1251a4e518ed 100644
--- a/compiler-rt/lib/fuzzer/tests/FuzzerUnittest.cpp
+++ b/compiler-rt/lib/fuzzer/tests/FuzzerUnittest.cpp
@@ -652,6 +652,39 @@ TEST(Corpus, Distribution) {
}
}
+TEST(Corpus, Replace) {
+ DataFlowTrace DFT;
+ struct EntropicOptions Entropic = {false, 0xFF, 100, false};
+ std::unique_ptr<InputCorpus> C(
+ new InputCorpus(/*OutputCorpus*/ "", Entropic));
+ InputInfo *FirstII =
+ C->AddToCorpus(Unit{0x01, 0x00}, /*NumFeatures*/ 1,
+ /*MayDeleteFile*/ false, /*HasFocusFunction*/ false,
+ /*ForceAddToCorpus*/ false,
+ /*TimeOfUnit*/ std::chrono::microseconds(1234),
+ /*FeatureSet*/ {}, DFT,
+ /*BaseII*/ nullptr);
+ InputInfo *SecondII =
+ C->AddToCorpus(Unit{0x02}, /*NumFeatures*/ 1,
+ /*MayDeleteFile*/ false, /*HasFocusFunction*/ false,
+ /*ForceAddToCorpus*/ false,
+ /*TimeOfUnit*/ std::chrono::microseconds(5678),
+ /*FeatureSet*/ {}, DFT,
+ /*BaseII*/ nullptr);
+ Unit ReplacedU = Unit{0x03};
+
+ C->Replace(FirstII, ReplacedU,
+ /*TimeOfUnit*/ std::chrono::microseconds(321));
+
+ EXPECT_EQ(FirstII->U, Unit{0x03});
+ EXPECT_EQ(FirstII->Reduced, true);
+ EXPECT_EQ(FirstII->TimeOfUnit, std::chrono::microseconds(321));
+ std::vector<uint8_t> ExpectedSha1(kSHA1NumBytes);
+ ComputeSHA1(ReplacedU.data(), ReplacedU.size(), ExpectedSha1.data());
+ std::vector<uint8_t> IISha1(FirstII->Sha1, FirstII->Sha1 + kSHA1NumBytes);
+ EXPECT_EQ(IISha1, ExpectedSha1);
+}
+
template <typename T>
void EQ(const std::vector<T> &A, const std::vector<T> &B) {
EXPECT_EQ(A, B);
More information about the llvm-commits
mailing list