[libFuzzer] remove an experimental flag -use_feature_frequency

git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@334146 91177308-0d34-0410-b5e6-96231b3b80d8
author: Kostya Serebryany <kcc@google.com> 2018-06-06 23:24:41 +0000
committer: Kostya Serebryany <kcc@google.com> 2018-06-06 23:24:41 +0000
commit: a9cc8ed2df816611876cd51f6e273b427fb6c38c (patch)
tree: 8b40371bc10026b92198c44a040a294ec56627ad /lib/fuzzer
parent: 4099396c4c843a8bcc685a51665c2acc85490c66 (diff)
5 files changed, 1 insertions, 30 deletions
diff --git a/lib/fuzzer/FuzzerCorpus.h b/lib/fuzzer/FuzzerCorpus.h
index d09702b3a..b4ba64b4b 100644
--- a/lib/fuzzer/FuzzerCorpus.h
+++ b/lib/fuzzer/FuzzerCorpus.h
@@ -37,7 +37,6 @@ struct InputInfo {
   bool Reduced = false;
   bool HasFocusFunction = false;
   Vector<uint32_t> UniqFeatureSet;
-  float FeatureFrequencyScore = 1.0;
 };
 
 class InputCorpus {
@@ -46,7 +45,6 @@ class InputCorpus {
   InputCorpus(const std::string &OutputCorpus) : OutputCorpus(OutputCorpus) {
     memset(InputSizesPerFeature, 0, sizeof(InputSizesPerFeature));
     memset(SmallestElementPerFeature, 0, sizeof(SmallestElementPerFeature));
-    memset(FeatureFrequency, 0, sizeof(FeatureFrequency));
   }
   ~InputCorpus() {
     for (auto II : Inputs)
@@ -222,20 +220,6 @@ class InputCorpus {
     return false;
   }
 
-  void UpdateFeatureFrequency(size_t Idx) {
-    FeatureFrequency[Idx % kFeatureSetSize]++;
-  }
-  float GetFeatureFrequency(size_t Idx) const {
-    return FeatureFrequency[Idx % kFeatureSetSize];
-  }
-  void UpdateFeatureFrequencyScore(InputInfo *II) {
-    const float kMin = 0.01, kMax = 100.;
-    II->FeatureFrequencyScore = kMin;
-    for (auto Idx : II->UniqFeatureSet)
-      II->FeatureFrequencyScore += 1. / (GetFeatureFrequency(Idx) + 1.);
-    II->FeatureFrequencyScore = Min(II->FeatureFrequencyScore, kMax);
-  }
-
   size_t NumFeatures() const { return NumAddedFeatures; }
   size_t NumFeatureUpdates() const { return NumUpdatedFeatures; }
 
@@ -273,15 +257,11 @@ private:
     std::iota(Intervals.begin(), Intervals.end(), 0);
     for (size_t i = 0; i < N; i++)
       Weights[i] = Inputs[i]->NumFeatures
-                       ? (i + 1) * Inputs[i]->FeatureFrequencyScore
-                       * (Inputs[i]->HasFocusFunction ? 1000 : 1)
+                       ? (i + 1) * (Inputs[i]->HasFocusFunction ? 1000 : 1)
                        : 0.;
     if (FeatureDebug) {
       for (size_t i = 0; i < N; i++)
         Printf("%zd ", Inputs[i]->NumFeatures);
-      Printf("NUM\n");
-      for (size_t i = 0; i < N; i++)
-        Printf("%f ", Inputs[i]->FeatureFrequencyScore);
       Printf("SCORE\n");
       for (size_t i = 0; i < N; i++)
         Printf("%f ", Weights[i]);
@@ -302,7 +282,6 @@ private:
   size_t NumUpdatedFeatures = 0;
   uint32_t InputSizesPerFeature[kFeatureSetSize];
   uint32_t SmallestElementPerFeature[kFeatureSetSize];
-  float FeatureFrequency[kFeatureSetSize];
 
   std::string OutputCorpus;
 };
diff --git a/lib/fuzzer/FuzzerDriver.cpp b/lib/fuzzer/FuzzerDriver.cpp
index d7b957349..c2f8583b7 100644
--- a/lib/fuzzer/FuzzerDriver.cpp
+++ b/lib/fuzzer/FuzzerDriver.cpp
@@ -616,7 +616,6 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {
   Options.PrintCorpusStats = Flags.print_corpus_stats;
   Options.PrintCoverage = Flags.print_coverage;
   Options.DumpCoverage = Flags.dump_coverage;
-  Options.UseFeatureFrequency = Flags.use_feature_frequency;
   if (Flags.exit_on_src_pos)
     Options.ExitOnSrcPos = Flags.exit_on_src_pos;
   if (Flags.exit_on_item)
diff --git a/lib/fuzzer/FuzzerFlags.def b/lib/fuzzer/FuzzerFlags.def
index 5be6d2641..aaa172716 100644
--- a/lib/fuzzer/FuzzerFlags.def
+++ b/lib/fuzzer/FuzzerFlags.def
@@ -152,6 +152,4 @@ FUZZER_DEPRECATED_FLAG(run_equivalence_server)
 FUZZER_DEPRECATED_FLAG(use_equivalence_server)
 FUZZER_FLAG_INT(analyze_dict, 0, "Experimental")
 FUZZER_DEPRECATED_FLAG(use_clang_coverage)
-FUZZER_FLAG_INT(use_feature_frequency, 0, "Experimental/internal")
-
 FUZZER_FLAG_STRING(data_flow_trace, "Experimental: use the data flow trace")
diff --git a/lib/fuzzer/FuzzerLoop.cpp b/lib/fuzzer/FuzzerLoop.cpp
index 27bd5ee65..a195d21d3 100644
--- a/lib/fuzzer/FuzzerLoop.cpp
+++ b/lib/fuzzer/FuzzerLoop.cpp
@@ -454,8 +454,6 @@ bool Fuzzer::RunOne(const uint8_t *Data, size_t Size, bool MayDeleteFile,
   size_t FoundUniqFeaturesOfII = 0;
   size_t NumUpdatesBefore = Corpus.NumFeatureUpdates();
   TPC.CollectFeatures([&](size_t Feature) {
-    if (Options.UseFeatureFrequency)
-      Corpus.UpdateFeatureFrequency(Feature);
     if (Corpus.AddFeature(Feature, Size, Options.Shrink))
       UniqFeatureSetTmp.push_back(Feature);
     if (Options.ReduceInputs && II)
@@ -630,8 +628,6 @@ void Fuzzer::MutateAndTestOne() {
   MD.StartMutationSequence();
 
   auto &II = Corpus.ChooseUnitToMutate(MD.GetRand());
-  if (Options.UseFeatureFrequency)
-    Corpus.UpdateFeatureFrequencyScore(&II);
   const auto &U = II.U;
   memcpy(BaseSha1, II.Sha1, sizeof(BaseSha1));
   assert(CurrentUnitData);
diff --git a/lib/fuzzer/FuzzerOptions.h b/lib/fuzzer/FuzzerOptions.h
index 7a52d3624..26487d9ed 100644
--- a/lib/fuzzer/FuzzerOptions.h
+++ b/lib/fuzzer/FuzzerOptions.h
@@ -57,7 +57,6 @@ struct FuzzingOptions {
   bool DumpCoverage = false;
   bool DetectLeaks = true;
   int PurgeAllocatorIntervalSec = 1;
-  int UseFeatureFrequency = false;
   int  TraceMalloc = 0;
   bool HandleAbrt = false;
   bool HandleBus = false;
author	Kostya Serebryany <kcc@google.com>	2018-06-06 23:24:41 +0000
committer	Kostya Serebryany <kcc@google.com>	2018-06-06 23:24:41 +0000
commit	a9cc8ed2df816611876cd51f6e273b427fb6c38c (patch)
tree	8b40371bc10026b92198c44a040a294ec56627ad /lib/fuzzer
parent	4099396c4c843a8bcc685a51665c2acc85490c66 (diff)