[LibFuzzer] Improve comments on `CounterToFeature()` function.

This is based on discussion in https://reviews.llvm.org/D40376 .

The comments try to explain the reason for the current implementation
and note that it might change in the future, so clients should not
rely on this particular implementation.

Differential Revision: https://reviews.llvm.org/D40565

git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@319190 91177308-0d34-0410-b5e6-96231b3b80d8

1 files changed, 12 insertions, 1 deletions

diff --git a/lib/fuzzer/FuzzerTracePC.h b/lib/fuzzer/FuzzerTracePC.h
index b3c9b9861..9df3d817d 100644
--- a/lib/fuzzer/FuzzerTracePC.h
+++ b/lib/fuzzer/FuzzerTracePC.h
@@ -196,9 +196,20 @@ void ForEachNonZeroByte(const uint8_t *Begin, const uint8_t *End,
       Handle8bitCounter(FirstFeature, P - Begin, V);
 }
 
-// Given a non-zero Counters returns a number in [0,7].
+// Given a non-zero Counter returns a number in the range [0,7].
 template<class T>
 unsigned CounterToFeature(T Counter) {
+    // Returns a feature number by placing Counters into buckets as illustrated
+    // below.
+    //
+    // Counter bucket: [1] [2] [3] [4-7] [8-15] [16-31] [32-127] [128+]
+    // Feature number:  0   1   2    3     4       5       6       7
+    //
+    // This is a heuristic taken from AFL (see
+    // http://lcamtuf.coredump.cx/afl/technical_details.txt).
+    //
+    // This implementation may change in the future so clients should
+    // not rely on it.
     assert(Counter);
     unsigned Bit = 0;
     /**/ if (Counter >= 128) Bit = 7;