diff options
author | Kostya Serebryany <kcc@google.com> | 2017-12-12 23:11:28 +0000 |
---|---|---|
committer | Kostya Serebryany <kcc@google.com> | 2017-12-12 23:11:28 +0000 |
commit | e4c546028442192e48480ff2d3d9e29ecc62774d (patch) | |
tree | b1a48dfc35675aff67861a4d3c1bbb39d7505723 | |
parent | 8106beb37dc9b0d632c3596895bda21ef8108e7d (diff) |
[libFuzzer] change the strategy for -experimental_len_control to grow max_len slower
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@320531 91177308-0d34-0410-b5e6-96231b3b80d8
-rw-r--r-- | lib/fuzzer/FuzzerInternal.h | 2 | ||||
-rw-r--r-- | lib/fuzzer/FuzzerLoop.cpp | 12 | ||||
-rw-r--r-- | lib/fuzzer/FuzzerTracePC.h | 2 | ||||
-rw-r--r-- | lib/fuzzer/FuzzerUtil.h | 2 | ||||
-rw-r--r-- | test/fuzzer/trace-malloc-unbalanced.test | 4 |
5 files changed, 9 insertions, 13 deletions
diff --git a/lib/fuzzer/FuzzerInternal.h b/lib/fuzzer/FuzzerInternal.h index 5ae9e2b8f..2b2638f1f 100644 --- a/lib/fuzzer/FuzzerInternal.h +++ b/lib/fuzzer/FuzzerInternal.h @@ -124,8 +124,6 @@ private: size_t NumberOfNewUnitsAdded = 0; size_t LastCorpusUpdateRun = 0; - system_clock::time_point LastCorpusUpdateTime = system_clock::now(); - bool HasMoreMallocsThanFrees = false; size_t NumberOfLeakDetectionAttempts = 0; diff --git a/lib/fuzzer/FuzzerLoop.cpp b/lib/fuzzer/FuzzerLoop.cpp index 6ed48e08b..5b451ca12 100644 --- a/lib/fuzzer/FuzzerLoop.cpp +++ b/lib/fuzzer/FuzzerLoop.cpp @@ -567,7 +567,6 @@ void Fuzzer::ReportNewCoverage(InputInfo *II, const Unit &U) { NumberOfNewUnitsAdded++; CheckExitOnSrcPosOrItem(); // Check only after the unit is saved to corpus. LastCorpusUpdateRun = TotalNumberOfRuns; - LastCorpusUpdateTime = system_clock::now(); } // Tries detecting a memory leak on the particular input that we have just @@ -758,18 +757,15 @@ void Fuzzer::Loop(const Vector<std::string> &CorpusDirs) { // Update TmpMaxMutationLen if (Options.ExperimentalLenControl) { if (TmpMaxMutationLen < MaxMutationLen && - (TotalNumberOfRuns - LastCorpusUpdateRun > - Options.ExperimentalLenControl && - duration_cast<seconds>(Now - LastCorpusUpdateTime).count() >= 1)) { - LastCorpusUpdateRun = TotalNumberOfRuns; - LastCorpusUpdateTime = Now; + TotalNumberOfRuns - LastCorpusUpdateRun > + Options.ExperimentalLenControl * Log(TmpMaxMutationLen)) { TmpMaxMutationLen = - Min(MaxMutationLen, - TmpMaxMutationLen + Max(size_t(4), TmpMaxMutationLen / 8)); + Min(MaxMutationLen, TmpMaxMutationLen + Log(TmpMaxMutationLen)); if (TmpMaxMutationLen <= MaxMutationLen) Printf("#%zd\tTEMP_MAX_LEN: %zd (%zd %zd)\n", TotalNumberOfRuns, TmpMaxMutationLen, Options.ExperimentalLenControl, LastCorpusUpdateRun); + LastCorpusUpdateRun = TotalNumberOfRuns; } } else { TmpMaxMutationLen = MaxMutationLen; diff --git a/lib/fuzzer/FuzzerTracePC.h b/lib/fuzzer/FuzzerTracePC.h index 300e5db38..dc65cd720 100644 --- a/lib/fuzzer/FuzzerTracePC.h +++ b/lib/fuzzer/FuzzerTracePC.h @@ -276,7 +276,7 @@ void TracePC::CollectFeatures(Callback HandleFeature) const { // Step function, grows similar to 8 * Log_2(A). auto StackDepthStepFunction = [](uint32_t A) -> uint32_t { - uint32_t Log2 = 32 - __builtin_clz(A) - 1; + uint32_t Log2 = Log(A); if (Log2 < 3) return A; Log2 -= 3; return (Log2 + 1) * 8 + ((A >> Log2) & 7); diff --git a/lib/fuzzer/FuzzerUtil.h b/lib/fuzzer/FuzzerUtil.h index 9a6227ea7..f2ed028ce 100644 --- a/lib/fuzzer/FuzzerUtil.h +++ b/lib/fuzzer/FuzzerUtil.h @@ -80,6 +80,8 @@ std::string SearchRegexCmd(const std::string &Regex); size_t SimpleFastHash(const uint8_t *Data, size_t Size); +inline uint32_t Log(uint32_t X) { return 32 - __builtin_clz(X) - 1; } + } // namespace fuzzer #endif // LLVM_FUZZER_UTIL_H diff --git a/test/fuzzer/trace-malloc-unbalanced.test b/test/fuzzer/trace-malloc-unbalanced.test index 53b83fb68..8be5fab0c 100644 --- a/test/fuzzer/trace-malloc-unbalanced.test +++ b/test/fuzzer/trace-malloc-unbalanced.test @@ -6,10 +6,10 @@ UNSUPPORTED: darwin RUN: %cpp_compiler %S/TraceMallocTest.cpp -o %t-TraceMallocTest -RUN: %t-TraceMallocTest -seed=1 -trace_malloc=1 -runs=100 2>&1 | \ +RUN: %t-TraceMallocTest -seed=1 -trace_malloc=1 -runs=200 2>&1 | \ RUN: %libfuzzer_src/scripts/unbalanced_allocs.py --skip=5 | FileCheck %s -RUN: %t-TraceMallocTest -seed=1 -trace_malloc=2 -runs=100 2>&1 | \ +RUN: %t-TraceMallocTest -seed=1 -trace_malloc=2 -runs=200 2>&1 | \ RUN: %libfuzzer_src/scripts/unbalanced_allocs.py --skip=5 | FileCheck %s --check-prefixes=CHECK,CHECK2 CHECK: MallocFreeTracer: START |