diff options
| -rw-r--r-- | compiler-rt/lib/fuzzer/FuzzerInternal.h | 2 | ||||
| -rw-r--r-- | compiler-rt/lib/fuzzer/FuzzerLoop.cpp | 12 | ||||
| -rw-r--r-- | compiler-rt/lib/fuzzer/FuzzerTracePC.h | 2 | ||||
| -rw-r--r-- | compiler-rt/lib/fuzzer/FuzzerUtil.h | 2 | ||||
| -rw-r--r-- | compiler-rt/test/fuzzer/trace-malloc-unbalanced.test | 4 |
5 files changed, 9 insertions, 13 deletions
diff --git a/compiler-rt/lib/fuzzer/FuzzerInternal.h b/compiler-rt/lib/fuzzer/FuzzerInternal.h index 5ae9e2b8f6f..2b2638f1f8f 100644 --- a/compiler-rt/lib/fuzzer/FuzzerInternal.h +++ b/compiler-rt/lib/fuzzer/FuzzerInternal.h @@ -124,8 +124,6 @@ private: size_t NumberOfNewUnitsAdded = 0; size_t LastCorpusUpdateRun = 0; - system_clock::time_point LastCorpusUpdateTime = system_clock::now(); - bool HasMoreMallocsThanFrees = false; size_t NumberOfLeakDetectionAttempts = 0; diff --git a/compiler-rt/lib/fuzzer/FuzzerLoop.cpp b/compiler-rt/lib/fuzzer/FuzzerLoop.cpp index 6ed48e08b43..5b451ca122d 100644 --- a/compiler-rt/lib/fuzzer/FuzzerLoop.cpp +++ b/compiler-rt/lib/fuzzer/FuzzerLoop.cpp @@ -567,7 +567,6 @@ void Fuzzer::ReportNewCoverage(InputInfo *II, const Unit &U) { NumberOfNewUnitsAdded++; CheckExitOnSrcPosOrItem(); // Check only after the unit is saved to corpus. LastCorpusUpdateRun = TotalNumberOfRuns; - LastCorpusUpdateTime = system_clock::now(); } // Tries detecting a memory leak on the particular input that we have just @@ -758,18 +757,15 @@ void Fuzzer::Loop(const Vector<std::string> &CorpusDirs) { // Update TmpMaxMutationLen if (Options.ExperimentalLenControl) { if (TmpMaxMutationLen < MaxMutationLen && - (TotalNumberOfRuns - LastCorpusUpdateRun > - Options.ExperimentalLenControl && - duration_cast<seconds>(Now - LastCorpusUpdateTime).count() >= 1)) { - LastCorpusUpdateRun = TotalNumberOfRuns; - LastCorpusUpdateTime = Now; + TotalNumberOfRuns - LastCorpusUpdateRun > + Options.ExperimentalLenControl * Log(TmpMaxMutationLen)) { TmpMaxMutationLen = - Min(MaxMutationLen, - TmpMaxMutationLen + Max(size_t(4), TmpMaxMutationLen / 8)); + Min(MaxMutationLen, TmpMaxMutationLen + Log(TmpMaxMutationLen)); if (TmpMaxMutationLen <= MaxMutationLen) Printf("#%zd\tTEMP_MAX_LEN: %zd (%zd %zd)\n", TotalNumberOfRuns, TmpMaxMutationLen, Options.ExperimentalLenControl, LastCorpusUpdateRun); + LastCorpusUpdateRun = TotalNumberOfRuns; } } else { TmpMaxMutationLen = MaxMutationLen; diff --git a/compiler-rt/lib/fuzzer/FuzzerTracePC.h b/compiler-rt/lib/fuzzer/FuzzerTracePC.h index 300e5db38d2..dc65cd72091 100644 --- a/compiler-rt/lib/fuzzer/FuzzerTracePC.h +++ b/compiler-rt/lib/fuzzer/FuzzerTracePC.h @@ -276,7 +276,7 @@ void TracePC::CollectFeatures(Callback HandleFeature) const { // Step function, grows similar to 8 * Log_2(A). auto StackDepthStepFunction = [](uint32_t A) -> uint32_t { - uint32_t Log2 = 32 - __builtin_clz(A) - 1; + uint32_t Log2 = Log(A); if (Log2 < 3) return A; Log2 -= 3; return (Log2 + 1) * 8 + ((A >> Log2) & 7); diff --git a/compiler-rt/lib/fuzzer/FuzzerUtil.h b/compiler-rt/lib/fuzzer/FuzzerUtil.h index 9a6227ea7da..f2ed028ce78 100644 --- a/compiler-rt/lib/fuzzer/FuzzerUtil.h +++ b/compiler-rt/lib/fuzzer/FuzzerUtil.h @@ -80,6 +80,8 @@ std::string SearchRegexCmd(const std::string &Regex); size_t SimpleFastHash(const uint8_t *Data, size_t Size); +inline uint32_t Log(uint32_t X) { return 32 - __builtin_clz(X) - 1; } + } // namespace fuzzer #endif // LLVM_FUZZER_UTIL_H diff --git a/compiler-rt/test/fuzzer/trace-malloc-unbalanced.test b/compiler-rt/test/fuzzer/trace-malloc-unbalanced.test index 53b83fb68c7..8be5fab0ca4 100644 --- a/compiler-rt/test/fuzzer/trace-malloc-unbalanced.test +++ b/compiler-rt/test/fuzzer/trace-malloc-unbalanced.test @@ -6,10 +6,10 @@ UNSUPPORTED: darwin RUN: %cpp_compiler %S/TraceMallocTest.cpp -o %t-TraceMallocTest -RUN: %t-TraceMallocTest -seed=1 -trace_malloc=1 -runs=100 2>&1 | \ +RUN: %t-TraceMallocTest -seed=1 -trace_malloc=1 -runs=200 2>&1 | \ RUN: %libfuzzer_src/scripts/unbalanced_allocs.py --skip=5 | FileCheck %s -RUN: %t-TraceMallocTest -seed=1 -trace_malloc=2 -runs=100 2>&1 | \ +RUN: %t-TraceMallocTest -seed=1 -trace_malloc=2 -runs=200 2>&1 | \ RUN: %libfuzzer_src/scripts/unbalanced_allocs.py --skip=5 | FileCheck %s --check-prefixes=CHECK,CHECK2 CHECK: MallocFreeTracer: START |
