From 464deacf054ac64f7952a8da7ddb1fda8651e053 Mon Sep 17 00:00:00 2001 From: Kostya Serebryany Date: Fri, 22 May 2015 22:47:03 +0000 Subject: [PATCH] [lib/Fuzzer] remove -use_coverage_pairs=1, an experimental feature that is unlikely to ever scale git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238063 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/Fuzzer/FuzzerDriver.cpp | 1 - lib/Fuzzer/FuzzerFlags.def | 2 -- lib/Fuzzer/FuzzerInternal.h | 2 -- lib/Fuzzer/FuzzerLoop.cpp | 24 ------------------------ lib/Fuzzer/test/fuzzer.test | 2 +- 5 files changed, 1 insertion(+), 30 deletions(-) diff --git a/lib/Fuzzer/FuzzerDriver.cpp b/lib/Fuzzer/FuzzerDriver.cpp index 780b615d714..7de2a36f815 100644 --- a/lib/Fuzzer/FuzzerDriver.cpp +++ b/lib/Fuzzer/FuzzerDriver.cpp @@ -237,7 +237,6 @@ int FuzzerDriver(int argc, char **argv, UserSuppliedFuzzer &USF) { Options.UseCounters = Flags.use_counters; Options.UseTraces = Flags.use_traces; Options.UseFullCoverageSet = Flags.use_full_coverage_set; - Options.UseCoveragePairs = Flags.use_coverage_pairs; Options.PreferSmallDuringInitialShuffle = Flags.prefer_small_during_initial_shuffle; Options.Tokens = ReadTokensFile(Flags.tokens); diff --git a/lib/Fuzzer/FuzzerFlags.def b/lib/Fuzzer/FuzzerFlags.def index c6fa388b728..d50cd3d6563 100644 --- a/lib/Fuzzer/FuzzerFlags.def +++ b/lib/Fuzzer/FuzzerFlags.def @@ -41,8 +41,6 @@ FUZZER_FLAG_INT(use_full_coverage_set, 0, "Experimental: Maximize the number of different full" " coverage sets as opposed to maximizing the total coverage." " This is potentially MUCH slower, but may discover more paths.") -FUZZER_FLAG_INT(use_coverage_pairs, 0, - "Experimental: Maximize the number of different coverage pairs.") FUZZER_FLAG_INT(jobs, 0, "Number of jobs to run. If jobs >= 1 we spawn" " this number of jobs in separate worker processes" " with stdout/stderr redirected to fuzz-JOB.log.") diff --git a/lib/Fuzzer/FuzzerInternal.h b/lib/Fuzzer/FuzzerInternal.h index b25449b2c5f..338ce2562a3 100644 --- a/lib/Fuzzer/FuzzerInternal.h +++ b/lib/Fuzzer/FuzzerInternal.h @@ -64,7 +64,6 @@ class Fuzzer { bool UseCounters = false; bool UseTraces = false; bool UseFullCoverageSet = false; - bool UseCoveragePairs = false; bool Reload = true; int PreferSmallDuringInitialShuffle = -1; size_t MaxNumberOfRuns = ULONG_MAX; @@ -135,7 +134,6 @@ class Fuzzer { std::vector Corpus; std::unordered_set UnitHashesAddedToCorpus; std::unordered_set FullCoverageSets; - std::unordered_set CoveragePairs; // For UseCounters std::vector CounterBitmap; diff --git a/lib/Fuzzer/FuzzerLoop.cpp b/lib/Fuzzer/FuzzerLoop.cpp index 2e4da1da91b..d028f193eef 100644 --- a/lib/Fuzzer/FuzzerLoop.cpp +++ b/lib/Fuzzer/FuzzerLoop.cpp @@ -161,8 +161,6 @@ size_t Fuzzer::RunOne(const Unit &U) { size_t Res = 0; if (Options.UseFullCoverageSet) Res = RunOneMaximizeFullCoverageSet(U); - else if (Options.UseCoveragePairs) - Res = RunOneMaximizeCoveragePairs(U); else Res = RunOneMaximizeTotalCoverage(U); auto UnitStopTime = system_clock::now(); @@ -214,28 +212,6 @@ void Fuzzer::ExecuteCallback(const Unit &U) { } } -// Experimental. Does not yet scale. -// Fuly reset the current coverage state, run a single unit, -// collect all coverage pairs and return non-zero if a new pair is observed. -size_t Fuzzer::RunOneMaximizeCoveragePairs(const Unit &U) { - __sanitizer_reset_coverage(); - ExecuteCallback(U); - uintptr_t *PCs; - uintptr_t NumPCs = __sanitizer_get_coverage_guards(&PCs); - bool HasNewPairs = false; - for (uintptr_t i = 0; i < NumPCs; i++) { - if (!PCs[i]) continue; - for (uintptr_t j = 0; j < NumPCs; j++) { - if (!PCs[j]) continue; - uint64_t Pair = (i << 32) | j; - HasNewPairs |= CoveragePairs.insert(Pair).second; - } - } - if (HasNewPairs) - return CoveragePairs.size(); - return 0; -} - // Experimental. // Fuly reset the current coverage state, run a single unit, // compute a hash function from the full coverage set, diff --git a/lib/Fuzzer/test/fuzzer.test b/lib/Fuzzer/test/fuzzer.test index f27be80a192..b8e672f0fec 100644 --- a/lib/Fuzzer/test/fuzzer.test +++ b/lib/Fuzzer/test/fuzzer.test @@ -15,7 +15,7 @@ NullDerefTest: CRASHED; file written to crash- RUN: not ./LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s -RUN: not ./LLVMFuzzer-FourIndependentBranchesTest -timeout=15 -seed=1 -use_coverage_pairs=1 2>&1 | FileCheck %s +RUN: not ./LLVMFuzzer-FourIndependentBranchesTest -timeout=15 -seed=1 -use_full_coverage_set=1 2>&1 | FileCheck %s RUN: not ./LLVMFuzzer-CounterTest -use_counters=1 -max_len=6 -seed=1 -timeout=15 2>&1 | FileCheck %s