diff options
| author | Kostya Serebryany <kcc@google.com> | 2015-05-22 22:47:03 +0000 |
|---|---|---|
| committer | Kostya Serebryany <kcc@google.com> | 2015-05-22 22:47:03 +0000 |
| commit | f3c7cb464e5e616a58f0b27e8969dd42efe4520c (patch) | |
| tree | 02f088f79869f5162c01c43c7a7cd89abf41f235 /llvm/lib | |
| parent | 926b9bdffcc14a0e7225e9feb6da8918c0bf3ec5 (diff) | |
| download | bcm5719-llvm-f3c7cb464e5e616a58f0b27e8969dd42efe4520c.tar.gz bcm5719-llvm-f3c7cb464e5e616a58f0b27e8969dd42efe4520c.zip | |
[lib/Fuzzer] remove -use_coverage_pairs=1, an experimental feature that is unlikely to ever scale
llvm-svn: 238063
Diffstat (limited to 'llvm/lib')
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerDriver.cpp | 1 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerFlags.def | 2 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerInternal.h | 2 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerLoop.cpp | 24 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/test/fuzzer.test | 2 |
5 files changed, 1 insertions, 30 deletions
diff --git a/llvm/lib/Fuzzer/FuzzerDriver.cpp b/llvm/lib/Fuzzer/FuzzerDriver.cpp index 780b615d714..7de2a36f815 100644 --- a/llvm/lib/Fuzzer/FuzzerDriver.cpp +++ b/llvm/lib/Fuzzer/FuzzerDriver.cpp @@ -237,7 +237,6 @@ int FuzzerDriver(int argc, char **argv, UserSuppliedFuzzer &USF) { Options.UseCounters = Flags.use_counters; Options.UseTraces = Flags.use_traces; Options.UseFullCoverageSet = Flags.use_full_coverage_set; - Options.UseCoveragePairs = Flags.use_coverage_pairs; Options.PreferSmallDuringInitialShuffle = Flags.prefer_small_during_initial_shuffle; Options.Tokens = ReadTokensFile(Flags.tokens); diff --git a/llvm/lib/Fuzzer/FuzzerFlags.def b/llvm/lib/Fuzzer/FuzzerFlags.def index c6fa388b728..d50cd3d6563 100644 --- a/llvm/lib/Fuzzer/FuzzerFlags.def +++ b/llvm/lib/Fuzzer/FuzzerFlags.def @@ -41,8 +41,6 @@ FUZZER_FLAG_INT(use_full_coverage_set, 0, "Experimental: Maximize the number of different full" " coverage sets as opposed to maximizing the total coverage." " This is potentially MUCH slower, but may discover more paths.") -FUZZER_FLAG_INT(use_coverage_pairs, 0, - "Experimental: Maximize the number of different coverage pairs.") FUZZER_FLAG_INT(jobs, 0, "Number of jobs to run. If jobs >= 1 we spawn" " this number of jobs in separate worker processes" " with stdout/stderr redirected to fuzz-JOB.log.") diff --git a/llvm/lib/Fuzzer/FuzzerInternal.h b/llvm/lib/Fuzzer/FuzzerInternal.h index b25449b2c5f..338ce2562a3 100644 --- a/llvm/lib/Fuzzer/FuzzerInternal.h +++ b/llvm/lib/Fuzzer/FuzzerInternal.h @@ -64,7 +64,6 @@ class Fuzzer { bool UseCounters = false; bool UseTraces = false; bool UseFullCoverageSet = false; - bool UseCoveragePairs = false; bool Reload = true; int PreferSmallDuringInitialShuffle = -1; size_t MaxNumberOfRuns = ULONG_MAX; @@ -135,7 +134,6 @@ class Fuzzer { std::vector<Unit> Corpus; std::unordered_set<std::string> UnitHashesAddedToCorpus; std::unordered_set<uintptr_t> FullCoverageSets; - std::unordered_set<uint64_t> CoveragePairs; // For UseCounters std::vector<uint8_t> CounterBitmap; diff --git a/llvm/lib/Fuzzer/FuzzerLoop.cpp b/llvm/lib/Fuzzer/FuzzerLoop.cpp index 2e4da1da91b..d028f193eef 100644 --- a/llvm/lib/Fuzzer/FuzzerLoop.cpp +++ b/llvm/lib/Fuzzer/FuzzerLoop.cpp @@ -161,8 +161,6 @@ size_t Fuzzer::RunOne(const Unit &U) { size_t Res = 0; if (Options.UseFullCoverageSet) Res = RunOneMaximizeFullCoverageSet(U); - else if (Options.UseCoveragePairs) - Res = RunOneMaximizeCoveragePairs(U); else Res = RunOneMaximizeTotalCoverage(U); auto UnitStopTime = system_clock::now(); @@ -214,28 +212,6 @@ void Fuzzer::ExecuteCallback(const Unit &U) { } } -// Experimental. Does not yet scale. -// Fuly reset the current coverage state, run a single unit, -// collect all coverage pairs and return non-zero if a new pair is observed. -size_t Fuzzer::RunOneMaximizeCoveragePairs(const Unit &U) { - __sanitizer_reset_coverage(); - ExecuteCallback(U); - uintptr_t *PCs; - uintptr_t NumPCs = __sanitizer_get_coverage_guards(&PCs); - bool HasNewPairs = false; - for (uintptr_t i = 0; i < NumPCs; i++) { - if (!PCs[i]) continue; - for (uintptr_t j = 0; j < NumPCs; j++) { - if (!PCs[j]) continue; - uint64_t Pair = (i << 32) | j; - HasNewPairs |= CoveragePairs.insert(Pair).second; - } - } - if (HasNewPairs) - return CoveragePairs.size(); - return 0; -} - // Experimental. // Fuly reset the current coverage state, run a single unit, // compute a hash function from the full coverage set, diff --git a/llvm/lib/Fuzzer/test/fuzzer.test b/llvm/lib/Fuzzer/test/fuzzer.test index f27be80a192..b8e672f0fec 100644 --- a/llvm/lib/Fuzzer/test/fuzzer.test +++ b/llvm/lib/Fuzzer/test/fuzzer.test @@ -15,7 +15,7 @@ NullDerefTest: CRASHED; file written to crash- RUN: not ./LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s -RUN: not ./LLVMFuzzer-FourIndependentBranchesTest -timeout=15 -seed=1 -use_coverage_pairs=1 2>&1 | FileCheck %s +RUN: not ./LLVMFuzzer-FourIndependentBranchesTest -timeout=15 -seed=1 -use_full_coverage_set=1 2>&1 | FileCheck %s RUN: not ./LLVMFuzzer-CounterTest -use_counters=1 -max_len=6 -seed=1 -timeout=15 2>&1 | FileCheck %s |
