diff options
| author | Max Moroz <mmoroz@chromium.org> | 2018-08-29 21:53:15 +0000 |
|---|---|---|
| committer | Max Moroz <mmoroz@chromium.org> | 2018-08-29 21:53:15 +0000 |
| commit | 8c95b48ba273b28e22912191bfc25e8a2144377f (patch) | |
| tree | c7dca0f27cf5a2bdd6a1b75dcf722f5e35022f20 /compiler-rt/lib/fuzzer/FuzzerLoop.cpp | |
| parent | 594b5410a616059ff18a2d8955a737322274c59c (diff) | |
| download | bcm5719-llvm-8c95b48ba273b28e22912191bfc25e8a2144377f.tar.gz bcm5719-llvm-8c95b48ba273b28e22912191bfc25e8a2144377f.zip | |
[libFuzzer] Remove mutation stats and weighted mutation selection.
Summary:
This was an experimental feature. After evaluating it with:
1) https://github.com/google/fuzzer-test-suite/tree/master/engine-comparison
2) enabling on real world fuzz targets running at ClusterFuzz and OSS-Fuzz
The following conclusions were made:
1) With fuzz targets that have reached a code coverage plateau, the feature does
not improve libFuzzer's ability to discover new coverage and may actually
negatively impact it.
2) With fuzz targets that have not yet reached a code coverage plateau, the
feature might speed up new units discovery in some cases, but it is quite
rare and hard to confirm with a high level on confidence.
Revert of https://reviews.llvm.org/D48054 and https://reviews.llvm.org/D49621.
Reviewers: metzman, morehouse
Reviewed By: metzman, morehouse
Subscribers: delcypher, #sanitizers, llvm-commits, kcc
Differential Revision: https://reviews.llvm.org/D51455
llvm-svn: 340976
Diffstat (limited to 'compiler-rt/lib/fuzzer/FuzzerLoop.cpp')
| -rw-r--r-- | compiler-rt/lib/fuzzer/FuzzerLoop.cpp | 5 |
1 files changed, 0 insertions, 5 deletions
diff --git a/compiler-rt/lib/fuzzer/FuzzerLoop.cpp b/compiler-rt/lib/fuzzer/FuzzerLoop.cpp index c7b13d1e507..7b98f55ae46 100644 --- a/compiler-rt/lib/fuzzer/FuzzerLoop.cpp +++ b/compiler-rt/lib/fuzzer/FuzzerLoop.cpp @@ -38,7 +38,6 @@ namespace fuzzer { static const size_t kMaxUnitSizeToPrint = 256; -static const size_t kUpdateMutationWeightRuns = 10000; thread_local bool Fuzzer::IsMyThread; @@ -361,7 +360,6 @@ void Fuzzer::PrintFinalStats() { TPC.DumpCoverage(); if (Options.PrintCorpusStats) Corpus.PrintStats(); - if (Options.PrintMutationStats) MD.PrintMutationStats(); if (!Options.PrintFinalStats) return; size_t ExecPerSec = execPerSec(); @@ -550,9 +548,6 @@ static bool LooseMemeq(const uint8_t *A, const uint8_t *B, size_t Size) { void Fuzzer::ExecuteCallback(const uint8_t *Data, size_t Size) { TPC.RecordInitialStack(); - if (Options.UseWeightedMutations && - TotalNumberOfRuns % kUpdateMutationWeightRuns == 0) - MD.UpdateDistribution(); TotalNumberOfRuns++; assert(InFuzzingThread()); if (SMR.IsClient()) |
