[PATCH] D127339: Add graph centrality based seed scheduler: K-Scheduler (IEEE S&P22).

Fri Jun 10 21:24:57 PDT 2022

Dongdongshe created this revision.
Herald added a subscriber: Enna1.
Herald added a project: All.
Dongdongshe updated this revision to Diff 436096.
Dongdongshe added a comment.
Dongdongshe edited the summary of this revision.
Dongdongshe added reviewers: morehouse, dokyung.song.
Dongdongshe published this revision for review.
Herald added projects: Sanitizers, LLVM.
Herald added subscribers: llvm-commits, Sanitizers.

Add a graph centrality-based seed scheduler (K-Scheduler, IEEE S&P22 <https://reviews.llvm.org/P22>) for LibFuzzer to improve fuzzing performance.

K-Scheduler: a novel seed scheduler for LibFuzzer which can greatly improve LibFuzzer performance over the default seed scheduler entropic.
IEEE S&P 2022 paper link: https://arxiv.org/abs/2203.12064
Github repo: https://github.com/Dongdongshe/K-Scheduler
Intuition behind: Good seeds can reach more number of unvisited nodes and bad seeds can reach fewer number of unvisited nodes.
General idea: We approximate the potential code coverage gain (i.e., the number of reachable and unvisited nodes) for each seed through the graph centrality scores. Then, we prioritize the seed with higher potential code coverage gain.
One minute video explanation: https://www.youtube.com/watch?v=VVZZpQiIsm4
Our original implementation is on llvm-11.0.1. We port K-Scheduler to llvm-14.0.0 and evaluate it on 8 programs. The results show consistent improvement as llvm-11.0.1.
Please check our evaluation result plot over 24 hours for 10 runs and corresponding reproduction package (including binaries and seed corpus) at https://github.com/Dongdongshe/K-Scheduler_llvm14_Benchmark

Dongdongshe added a comment.

K-Scheduler is a novel seed scheduler for LibFuzzer which can greatly improve LibFuzzer performance over the default seed scheduler entropic.
IEEE S&P 2022 paper link: https://arxiv.org/abs/2203.12064
Github repo: https://github.com/Dongdongshe/K-Scheduler
Intuition behind: Good seeds can reach more number of unvisited nodes and bad seeds can reach fewer number of unvisited nodes.
General idea: We approximate the potential code coverage gain (i.e., the number of reachable and unvisited nodes) for each seed using graph centrality scores. Then, we prioritize the seed with higher potential code coverage gain.
One minute video explanation: https://www.youtube.com/watch?v=VVZZpQiIsm4
Our original implementation is on llvm-11.0.1. We port K-Scheduler to llvm-14.0.0 and evaluate it on 8 programs. The results show consistent improvement as llvm-11.0.1.
Please check our evaluation result plot over 24 hours for 10 runs and corresponding reproduction package (including binaries and seed corpus) at https://github.com/Dongdongshe/K-Scheduler_llvm14_Benchmark

Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D127339

Files:
  compiler-rt/lib/fuzzer/FuzzerCorpus.h
  compiler-rt/lib/fuzzer/FuzzerDriver.cpp
  compiler-rt/lib/fuzzer/FuzzerFlags.def
  compiler-rt/lib/fuzzer/FuzzerLoop.cpp
  compiler-rt/lib/fuzzer/FuzzerMerge.cpp
  compiler-rt/lib/fuzzer/FuzzerOptions.h
  compiler-rt/lib/fuzzer/FuzzerTracePC.cpp
  compiler-rt/lib/fuzzer/FuzzerTracePC.h
  compiler-rt/lib/fuzzer/tests/FuzzerUnittest.cpp
  llvm/docs/ReleaseNotes.rst

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D127339.436096.patch
Type: text/x-patch
Size: 45818 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20220611/b0864b2d/attachment.bin>