[llvm-dev] libFuzzer vs. unrolling
George Karpenkov via llvm-dev
llvm-dev at lists.llvm.org
Wed Oct 3 16:10:10 PDT 2018
Hi,
We still get intermittent failures on libfuzzer/shrink.test every now and then.
I could not get a reproducible example.
Have you seen a similar issue?
George
> On Aug 8, 2018, at 4:04 PM, George Karpenkov <ekarpenkov at apple.com> wrote:
>
> Hi,
>
> After https://reviews.llvm.org/D48800 landed, shrink.test stopped passing for us on x86_64h architecture (x86_64 + some haswell extensions).
> After looking further into this today, I have noticed that optimizations on haswell are more likely to do unrolling (since it can do more advanced vectorization).
> The main loop (inside the callback) in shrink.test gets unrolled thrice, and stays the same on x86_64.
>
> I see how unrolling could mess with coverage, as conceptually the same location in the code becomes e.g. three after unrolling,
> and fuzzer should prefer exploring different portions of the program to going around the loop.
> Should we then disable unrolling when OPT_FOR_FUZZING is enabled in the spirit of https://reviews.llvm.org/D44232 ?
> Or just increase the limit on shrink.test?
>
> Regards,
> George
More information about the llvm-dev
mailing list