[libFuzzer] use the indirect caller-callee counter as an independent search heuristic

llvm-svn: 251078
author: Kostya Serebryany <kcc@google.com> 2015-10-22 23:55:39 +0000
committer: Kostya Serebryany <kcc@google.com> 2015-10-22 23:55:39 +0000
commit: 2e9fca9f88c9354215a248de300e26df117ea7d6 (patch)
tree: 0a15c46fe0e0e8ccc9d88d092d2cee18afb3bb35 /llvm/lib/Fuzzer/FuzzerLoop.cpp
parent: 7b04acd28de5b3bbfbf04458d59aa489cb8a6f9d (diff)
download: bcm5719-llvm-2e9fca9f88c9354215a248de300e26df117ea7d6.tar.gz
bcm5719-llvm-2e9fca9f88c9354215a248de300e26df117ea7d6.zip
1 files changed, 14 insertions, 1 deletions
diff --git a/llvm/lib/Fuzzer/FuzzerLoop.cpp b/llvm/lib/Fuzzer/FuzzerLoop.cpp
index 6ac8997df78..4f0d9988131 100644
--- a/llvm/lib/Fuzzer/FuzzerLoop.cpp
+++ b/llvm/lib/Fuzzer/FuzzerLoop.cpp
@@ -92,6 +92,8 @@ void Fuzzer::PrintStats(const char *Where, const char *End) {
     Printf(" cov: %zd", LastRecordedBlockCoverage);
   if (auto TB = TotalBits())
     Printf(" bits: %zd", TB);
+  if (LastRecordedCallerCalleeCoverage)
+    Printf(" indir: %zd", LastRecordedCallerCalleeCoverage);
   Printf(" units: %zd exec/s: %zd", Corpus.size(), ExecPerSec);
   if (TotalNumberOfExecutedTraceBasedMutations)
     Printf(" tbm: %zd", TotalNumberOfExecutedTraceBasedMutations);
@@ -202,6 +204,13 @@ size_t Fuzzer::RecordBlockCoverage() {
   return LastRecordedBlockCoverage = __sanitizer_get_total_unique_coverage();
 }
 
+size_t Fuzzer::RecordCallerCalleeCoverage() {
+  if (!Options.UseIndirCalls)
+    return 0;
+  return LastRecordedCallerCalleeCoverage =
+             __sanitizer_get_total_unique_caller_callee_pairs();
+}
+
 void Fuzzer::PrepareCoverageBeforeRun() {
   if (Options.UseCounters) {
     size_t NumCounters = __sanitizer_get_number_of_counters();
@@ -209,16 +218,20 @@ void Fuzzer::PrepareCoverageBeforeRun() {
     __sanitizer_update_counter_bitset_and_clear_counters(0);
   }
   RecordBlockCoverage();
+  RecordCallerCalleeCoverage();
 }
 
 bool Fuzzer::CheckCoverageAfterRun() {
   size_t OldCoverage = LastRecordedBlockCoverage;
   size_t NewCoverage = RecordBlockCoverage();
+  size_t OldCallerCalleeCoverage = LastRecordedCallerCalleeCoverage;
+  size_t NewCallerCalleeCoverage = RecordCallerCalleeCoverage();
   size_t NumNewBits = 0;
   if (Options.UseCounters)
     NumNewBits = __sanitizer_update_counter_bitset_and_clear_counters(
         CounterBitmap.data());
-  return NewCoverage > OldCoverage || NumNewBits;
+  return NewCoverage > OldCoverage ||
+         NewCallerCalleeCoverage > OldCallerCalleeCoverage || NumNewBits;
 }
 
 void Fuzzer::WriteToOutputCorpus(const Unit &U) {
author	Kostya Serebryany <kcc@google.com>	2015-10-22 23:55:39 +0000
committer	Kostya Serebryany <kcc@google.com>	2015-10-22 23:55:39 +0000
commit	2e9fca9f88c9354215a248de300e26df117ea7d6 (patch)
tree	0a15c46fe0e0e8ccc9d88d092d2cee18afb3bb35 /llvm/lib/Fuzzer/FuzzerLoop.cpp
parent	7b04acd28de5b3bbfbf04458d59aa489cb8a6f9d (diff)
download	bcm5719-llvm-2e9fca9f88c9354215a248de300e26df117ea7d6.tar.gz bcm5719-llvm-2e9fca9f88c9354215a248de300e26df117ea7d6.zip