diff options
| -rw-r--r-- | compiler-rt/lib/fuzzer/FuzzerLoop.cpp | 2 | ||||
| -rw-r--r-- | compiler-rt/lib/fuzzer/FuzzerOptions.h | 2 | ||||
| -rw-r--r-- | compiler-rt/lib/fuzzer/FuzzerTracePC.cpp | 9 | ||||
| -rw-r--r-- | compiler-rt/lib/fuzzer/FuzzerTracePC.h | 6 | ||||
| -rw-r--r-- | compiler-rt/test/fuzzer/ShrinkValueProfileTest.cpp | 2 | ||||
| -rw-r--r-- | compiler-rt/test/fuzzer/three-bytes.test | 8 |
6 files changed, 22 insertions, 7 deletions
diff --git a/compiler-rt/lib/fuzzer/FuzzerLoop.cpp b/compiler-rt/lib/fuzzer/FuzzerLoop.cpp index 346f90e6ed9..d412b584ded 100644 --- a/compiler-rt/lib/fuzzer/FuzzerLoop.cpp +++ b/compiler-rt/lib/fuzzer/FuzzerLoop.cpp @@ -148,7 +148,7 @@ Fuzzer::Fuzzer(UserCallback CB, InputCorpus &Corpus, MutationDispatcher &MD, if (Options.DetectLeaks && EF->__sanitizer_install_malloc_and_free_hooks) EF->__sanitizer_install_malloc_and_free_hooks(MallocHook, FreeHook); TPC.SetUseCounters(Options.UseCounters); - TPC.SetUseValueProfile(Options.UseValueProfile); + TPC.SetUseValueProfileMask(Options.UseValueProfile); if (Options.Verbosity) TPC.PrintModuleInfo(); diff --git a/compiler-rt/lib/fuzzer/FuzzerOptions.h b/compiler-rt/lib/fuzzer/FuzzerOptions.h index 26487d9edb7..ab90df82a63 100644 --- a/compiler-rt/lib/fuzzer/FuzzerOptions.h +++ b/compiler-rt/lib/fuzzer/FuzzerOptions.h @@ -31,7 +31,7 @@ struct FuzzingOptions { bool UseCounters = false; bool UseMemmem = true; bool UseCmp = false; - bool UseValueProfile = false; + int UseValueProfile = false; bool Shrink = false; bool ReduceInputs = false; int ReloadIntervalSec = 1; diff --git a/compiler-rt/lib/fuzzer/FuzzerTracePC.cpp b/compiler-rt/lib/fuzzer/FuzzerTracePC.cpp index 540d8888248..19c1eaf144c 100644 --- a/compiler-rt/lib/fuzzer/FuzzerTracePC.cpp +++ b/compiler-rt/lib/fuzzer/FuzzerTracePC.cpp @@ -356,7 +356,14 @@ void TracePC::HandleCmp(uintptr_t PC, T Arg1, T Arg2) { TORC4.Insert(ArgXor, Arg1, Arg2); else if (sizeof(T) == 8) TORC8.Insert(ArgXor, Arg1, Arg2); - ValueProfileMap.AddValue(Idx); + // TODO: remove these flags and instead use all metrics at once. + if (UseValueProfileMask & 1) + ValueProfileMap.AddValue(Idx); + if (UseValueProfileMask & 2) + ValueProfileMap.AddValue( + PC * 64 + (Arg1 == Arg2 ? 0 : __builtin_clzll(Arg1 - Arg2) + 1)); + if (UseValueProfileMask & 4) // alternative way to use the hamming distance + ValueProfileMap.AddValue(PC * 64 + ArgDistance); } static size_t InternalStrnlen(const char *S, size_t MaxLen) { diff --git a/compiler-rt/lib/fuzzer/FuzzerTracePC.h b/compiler-rt/lib/fuzzer/FuzzerTracePC.h index c17626cf378..d397bedf8b5 100644 --- a/compiler-rt/lib/fuzzer/FuzzerTracePC.h +++ b/compiler-rt/lib/fuzzer/FuzzerTracePC.h @@ -80,7 +80,7 @@ class TracePC { template <class T> void HandleCmp(uintptr_t PC, T Arg1, T Arg2); size_t GetTotalPCCoverage(); void SetUseCounters(bool UC) { UseCounters = UC; } - void SetUseValueProfile(bool VP) { UseValueProfile = VP; } + void SetUseValueProfileMask(uint32_t VPMask) { UseValueProfileMask = VPMask; } void SetPrintNewPCs(bool P) { DoPrintNewPCs = P; } void SetPrintNewFuncs(size_t P) { NumPrintNewFuncs = P; } void UpdateObservedPCs(); @@ -137,7 +137,7 @@ class TracePC { private: bool UseCounters = false; - bool UseValueProfile = false; + uint32_t UseValueProfileMask = false; bool DoPrintNewPCs = false; size_t NumPrintNewFuncs = 0; @@ -260,7 +260,7 @@ void TracePC::CollectFeatures(Callback HandleFeature) const { Handle8bitCounter); FirstFeature += (ExtraCountersEnd() - ExtraCountersBegin()) * 8; - if (UseValueProfile) { + if (UseValueProfileMask) { ValueProfileMap.ForEach([&](size_t Idx) { HandleFeature(FirstFeature + Idx); }); diff --git a/compiler-rt/test/fuzzer/ShrinkValueProfileTest.cpp b/compiler-rt/test/fuzzer/ShrinkValueProfileTest.cpp index 86e4e3cb0d9..dddf493da69 100644 --- a/compiler-rt/test/fuzzer/ShrinkValueProfileTest.cpp +++ b/compiler-rt/test/fuzzer/ShrinkValueProfileTest.cpp @@ -1,7 +1,7 @@ // This file is distributed under the University of Illinois Open Source // License. See LICENSE.TXT for details. -// Test that we can find the minimal item in the corpus (3 bytes: "FUZ"). +// Test that we can find the minimal item in the corpus (4 bytes: "FUZZ"). #include <cstddef> #include <cstdint> #include <cstdio> diff --git a/compiler-rt/test/fuzzer/three-bytes.test b/compiler-rt/test/fuzzer/three-bytes.test new file mode 100644 index 00000000000..8026bc67522 --- /dev/null +++ b/compiler-rt/test/fuzzer/three-bytes.test @@ -0,0 +1,8 @@ +Tests -use_value_profile=2 (alternative VP metric). +RUN: %cpp_compiler %S/ThreeBytes.cpp -o %t + +RUN: %run %t -seed=1 -runs=100000 +RUN: %run %t -seed=1 -runs=100000 -use_value_profile=1 +RUN: not %run %t -seed=1 -runs=100000 -use_value_profile=2 2>&1 | FileCheck %s + +CHECK: Test unit written |
