[lib/Fuzzer] remove -use_coverage_pairs=1, an experimental feature that is unlikely to ever scale

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238063 91177308-0d34-0410-b5e6-96231b3b80d8

lib/Fuzzer/FuzzerDriver.cpp

@@ -237,7 +237,6 @@ int FuzzerDriver(int argc, char **argv, UserSuppliedFuzzer &USF) {
   Options.UseCounters = Flags.use_counters;
   Options.UseTraces = Flags.use_traces;
   Options.UseFullCoverageSet = Flags.use_full_coverage_set;
-  Options.UseCoveragePairs = Flags.use_coverage_pairs;
   Options.PreferSmallDuringInitialShuffle =
       Flags.prefer_small_during_initial_shuffle;
   Options.Tokens = ReadTokensFile(Flags.tokens);

lib/Fuzzer/FuzzerFlags.def

@@ -41,8 +41,6 @@ FUZZER_FLAG_INT(use_full_coverage_set, 0,
             "Experimental: Maximize the number of different full"
             " coverage sets as opposed to maximizing the total coverage."
             " This is potentially MUCH slower, but may discover more paths.")
-FUZZER_FLAG_INT(use_coverage_pairs, 0,
-            "Experimental: Maximize the number of different coverage pairs.")
 FUZZER_FLAG_INT(jobs, 0, "Number of jobs to run. If jobs >= 1 we spawn"
                           " this number of jobs in separate worker processes"
                           " with stdout/stderr redirected to fuzz-JOB.log.")

lib/Fuzzer/FuzzerInternal.h

@@ -64,7 +64,6 @@ class Fuzzer {
     bool UseCounters = false;
     bool UseTraces = false;
     bool UseFullCoverageSet  = false;
-    bool UseCoveragePairs = false;
     bool Reload = true;
     int PreferSmallDuringInitialShuffle = -1;
     size_t MaxNumberOfRuns = ULONG_MAX;
@@ -135,7 +134,6 @@ class Fuzzer {
   std::vector<Unit> Corpus;
   std::unordered_set<std::string> UnitHashesAddedToCorpus;
   std::unordered_set<uintptr_t> FullCoverageSets;
-  std::unordered_set<uint64_t>  CoveragePairs;
 
   // For UseCounters
   std::vector<uint8_t> CounterBitmap;

lib/Fuzzer/FuzzerLoop.cpp

@@ -161,8 +161,6 @@ size_t Fuzzer::RunOne(const Unit &U) {
   size_t Res = 0;
   if (Options.UseFullCoverageSet)
     Res = RunOneMaximizeFullCoverageSet(U);
-  else if (Options.UseCoveragePairs)
-    Res = RunOneMaximizeCoveragePairs(U);
   else
     Res = RunOneMaximizeTotalCoverage(U);
   auto UnitStopTime = system_clock::now();
@@ -214,28 +212,6 @@ void Fuzzer::ExecuteCallback(const Unit &U) {
   }
 }
 
-// Experimental. Does not yet scale.
-// Fuly reset the current coverage state, run a single unit,
-// collect all coverage pairs and return non-zero if a new pair is observed.
-size_t Fuzzer::RunOneMaximizeCoveragePairs(const Unit &U) {
-  __sanitizer_reset_coverage();
-  ExecuteCallback(U);
-  uintptr_t *PCs;
-  uintptr_t NumPCs = __sanitizer_get_coverage_guards(&PCs);
-  bool HasNewPairs = false;
-  for (uintptr_t i = 0; i < NumPCs; i++) {
-    if (!PCs[i]) continue;
-    for (uintptr_t j = 0; j < NumPCs; j++) {
-      if (!PCs[j]) continue;
-      uint64_t Pair = (i << 32) | j;
-      HasNewPairs |= CoveragePairs.insert(Pair).second;
-    }
-  }
-  if (HasNewPairs)
-    return CoveragePairs.size();
-  return 0;
-}
-
 // Experimental.
 // Fuly reset the current coverage state, run a single unit,
 // compute a hash function from the full coverage set,

lib/Fuzzer/test/fuzzer.test

@@ -15,7 +15,7 @@ NullDerefTest: CRASHED; file written to crash-
 
 RUN: not ./LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s
 
-RUN: not ./LLVMFuzzer-FourIndependentBranchesTest -timeout=15 -seed=1 -use_coverage_pairs=1 2>&1 | FileCheck %s
+RUN: not ./LLVMFuzzer-FourIndependentBranchesTest -timeout=15 -seed=1 -use_full_coverage_set=1 2>&1 | FileCheck %s
 
 RUN: not ./LLVMFuzzer-CounterTest -use_counters=1 -max_len=6 -seed=1 -timeout=15 2>&1 | FileCheck %s