diff options
author | Kostya Serebryany <kcc@google.com> | 2018-07-03 22:33:09 +0000 |
---|---|---|
committer | Kostya Serebryany <kcc@google.com> | 2018-07-03 22:33:09 +0000 |
commit | 3080d045631a8f6145db1cd757b5cf210585a2b3 (patch) | |
tree | b3b352b44b81ca054fee2b49ea48bf0511c84202 /lib | |
parent | 9aa2b629129147049ad614648ce7a2f7030e44a2 (diff) |
[libFuzzer] add one more value profile metric, under a flag (experimental)
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@336234 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib')
-rw-r--r-- | lib/fuzzer/FuzzerLoop.cpp | 2 | ||||
-rw-r--r-- | lib/fuzzer/FuzzerOptions.h | 2 | ||||
-rw-r--r-- | lib/fuzzer/FuzzerTracePC.cpp | 9 | ||||
-rw-r--r-- | lib/fuzzer/FuzzerTracePC.h | 6 |
4 files changed, 13 insertions, 6 deletions
diff --git a/lib/fuzzer/FuzzerLoop.cpp b/lib/fuzzer/FuzzerLoop.cpp index 346f90e6e..d412b584d 100644 --- a/lib/fuzzer/FuzzerLoop.cpp +++ b/lib/fuzzer/FuzzerLoop.cpp @@ -148,7 +148,7 @@ Fuzzer::Fuzzer(UserCallback CB, InputCorpus &Corpus, MutationDispatcher &MD, if (Options.DetectLeaks && EF->__sanitizer_install_malloc_and_free_hooks) EF->__sanitizer_install_malloc_and_free_hooks(MallocHook, FreeHook); TPC.SetUseCounters(Options.UseCounters); - TPC.SetUseValueProfile(Options.UseValueProfile); + TPC.SetUseValueProfileMask(Options.UseValueProfile); if (Options.Verbosity) TPC.PrintModuleInfo(); diff --git a/lib/fuzzer/FuzzerOptions.h b/lib/fuzzer/FuzzerOptions.h index 26487d9ed..ab90df82a 100644 --- a/lib/fuzzer/FuzzerOptions.h +++ b/lib/fuzzer/FuzzerOptions.h @@ -31,7 +31,7 @@ struct FuzzingOptions { bool UseCounters = false; bool UseMemmem = true; bool UseCmp = false; - bool UseValueProfile = false; + int UseValueProfile = false; bool Shrink = false; bool ReduceInputs = false; int ReloadIntervalSec = 1; diff --git a/lib/fuzzer/FuzzerTracePC.cpp b/lib/fuzzer/FuzzerTracePC.cpp index 540d88882..19c1eaf14 100644 --- a/lib/fuzzer/FuzzerTracePC.cpp +++ b/lib/fuzzer/FuzzerTracePC.cpp @@ -356,7 +356,14 @@ void TracePC::HandleCmp(uintptr_t PC, T Arg1, T Arg2) { TORC4.Insert(ArgXor, Arg1, Arg2); else if (sizeof(T) == 8) TORC8.Insert(ArgXor, Arg1, Arg2); - ValueProfileMap.AddValue(Idx); + // TODO: remove these flags and instead use all metrics at once. + if (UseValueProfileMask & 1) + ValueProfileMap.AddValue(Idx); + if (UseValueProfileMask & 2) + ValueProfileMap.AddValue( + PC * 64 + (Arg1 == Arg2 ? 0 : __builtin_clzll(Arg1 - Arg2) + 1)); + if (UseValueProfileMask & 4) // alternative way to use the hamming distance + ValueProfileMap.AddValue(PC * 64 + ArgDistance); } static size_t InternalStrnlen(const char *S, size_t MaxLen) { diff --git a/lib/fuzzer/FuzzerTracePC.h b/lib/fuzzer/FuzzerTracePC.h index c17626cf3..d397bedf8 100644 --- a/lib/fuzzer/FuzzerTracePC.h +++ b/lib/fuzzer/FuzzerTracePC.h @@ -80,7 +80,7 @@ class TracePC { template <class T> void HandleCmp(uintptr_t PC, T Arg1, T Arg2); size_t GetTotalPCCoverage(); void SetUseCounters(bool UC) { UseCounters = UC; } - void SetUseValueProfile(bool VP) { UseValueProfile = VP; } + void SetUseValueProfileMask(uint32_t VPMask) { UseValueProfileMask = VPMask; } void SetPrintNewPCs(bool P) { DoPrintNewPCs = P; } void SetPrintNewFuncs(size_t P) { NumPrintNewFuncs = P; } void UpdateObservedPCs(); @@ -137,7 +137,7 @@ class TracePC { private: bool UseCounters = false; - bool UseValueProfile = false; + uint32_t UseValueProfileMask = false; bool DoPrintNewPCs = false; size_t NumPrintNewFuncs = 0; @@ -260,7 +260,7 @@ void TracePC::CollectFeatures(Callback HandleFeature) const { Handle8bitCounter); FirstFeature += (ExtraCountersEnd() - ExtraCountersBegin()) * 8; - if (UseValueProfile) { + if (UseValueProfileMask) { ValueProfileMap.ForEach([&](size_t Idx) { HandleFeature(FirstFeature + Idx); }); |