[llvm-dev] libFuzzer vs. unrolling
George Karpenkov via llvm-dev
llvm-dev at lists.llvm.org
Thu Nov 1 13:54:35 PDT 2018
Actually now I see a similar issue, where the loop vectorization optimization stops
counters.test from passing on ARM64. I think we should disable some optimizations using OPT_FOR_FUZZING.
> On Oct 3, 2018, at 4:10 PM, George Karpenkov <ekarpenkov at apple.com> wrote:
>
> Hi,
>
> We still get intermittent failures on libfuzzer/shrink.test every now and then.
> I could not get a reproducible example.
> Have you seen a similar issue?
>
> George
>
>> On Aug 8, 2018, at 4:04 PM, George Karpenkov <ekarpenkov at apple.com> wrote:
>>
>> Hi,
>>
>> After https://reviews.llvm.org/D48800 landed, shrink.test stopped passing for us on x86_64h architecture (x86_64 + some haswell extensions).
>> After looking further into this today, I have noticed that optimizations on haswell are more likely to do unrolling (since it can do more advanced vectorization).
>> The main loop (inside the callback) in shrink.test gets unrolled thrice, and stays the same on x86_64.
>>
>> I see how unrolling could mess with coverage, as conceptually the same location in the code becomes e.g. three after unrolling,
>> and fuzzer should prefer exploring different portions of the program to going around the loop.
>> Should we then disable unrolling when OPT_FOR_FUZZING is enabled in the spirit of https://reviews.llvm.org/D44232 ?
>> Or just increase the limit on shrink.test?
>>
>> Regards,
>> George
>
More information about the llvm-dev
mailing list