[libFuzzer] Remove lazy counters.

Summary: Lazy counters haven't improved performance for large fuzz targets. Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits Tags: #llvm Differential Revision: https://reviews.llvm.org/D67476 llvm-svn: 373403
2019-10-01 22:49:06 +00:00 · 2019-10-01 22:49:06 +00:00 · 1c8e05110c
parent 9b36c1cf27
commit 1c8e05110c
11 changed files with 0 additions and 70 deletions
--- a/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
+++ b/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
@ -708,7 +708,6 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {
    Options.FeaturesDir = Flags.features_dir;
  if (Flags.collect_data_flow)
    Options.CollectDataFlow = Flags.collect_data_flow;
-  Options.LazyCounters = Flags.lazy_counters;
  if (Flags.stop_file)
    Options.StopFile = Flags.stop_file;

--- a/compiler-rt/lib/fuzzer/FuzzerFlags.def
+++ b/compiler-rt/lib/fuzzer/FuzzerFlags.def
@ -123,9 +123,6 @@ FUZZER_FLAG_INT(handle_term, 1, "If 1, try to intercept SIGTERM.")
 FUZZER_FLAG_INT(handle_xfsz, 1, "If 1, try to intercept SIGXFSZ.")
 FUZZER_FLAG_INT(handle_usr1, 1, "If 1, try to intercept SIGUSR1.")
 FUZZER_FLAG_INT(handle_usr2, 1, "If 1, try to intercept SIGUSR2.")
-FUZZER_FLAG_INT(lazy_counters, 0, "If 1, a performance optimization is"
-    "enabled for the 8bit inline counters. "
-    "Requires that libFuzzer successfully installs its SEGV handler")
 FUZZER_FLAG_INT(close_fd_mask, 0, "If 1, close stdout at startup; "
    "if 2, close stderr; if 3, close both. "
    "Be careful, this will also close e.g. stderr of asan.")
--- a/compiler-rt/lib/fuzzer/FuzzerLoop.cpp
+++ b/compiler-rt/lib/fuzzer/FuzzerLoop.cpp
@ -742,10 +742,6 @@ void Fuzzer::ReadAndExecuteSeedCorpora(Vector<SizedFile> &CorporaFiles) {
  uint8_t dummy = 0;
  ExecuteCallback(&dummy, 0);

-  // Protect lazy counters here, after the once-init code has been executed.
-  if (Options.LazyCounters)
-    TPC.ProtectLazyCounters();
-
  if (CorporaFiles.empty()) {
    Printf("INFO: A corpus is not provided, starting from an empty corpus\n");
    Unit U({'\n'}); // Valid ASCII input.
--- a/compiler-rt/lib/fuzzer/FuzzerOptions.h
+++ b/compiler-rt/lib/fuzzer/FuzzerOptions.h
@ -75,7 +75,6 @@ struct FuzzingOptions {
  bool HandleXfsz = false;
  bool HandleUsr1 = false;
  bool HandleUsr2 = false;
-  bool LazyCounters = false;
 };

 }  // namespace fuzzer
--- a/compiler-rt/lib/fuzzer/FuzzerTracePC.cpp
+++ b/compiler-rt/lib/fuzzer/FuzzerTracePC.cpp
@ -67,45 +67,6 @@ void TracePC::HandleInline8bitCountersInit(uint8_t *Start, uint8_t *Stop) {
  NumInline8bitCounters += M.Size();
 }

-// Mark all full page counter regions as PROT_NONE and set Enabled=false.
-// The first time the instrumented code hits such a protected/disabled
-// counter region we should catch a SEGV and call UnprotectLazyCounters,
-// which will mark the page as PROT_READ|PROT_WRITE and set Enabled=true.
-//
-// Whenever other functions iterate over the counters they should ignore
-// regions with Enabled=false.
-void TracePC::ProtectLazyCounters() {
-  size_t NumPagesProtected = 0;
-  IterateCounterRegions([&](Module::Region &R) {
-    if (!R.OneFullPage) return;
-    if (Mprotect(R.Start, R.Stop - R.Start, false)) {
-      R.Enabled = false;
-      NumPagesProtected++;
-    }
-  });
-  if (NumPagesProtected)
-    Printf("INFO: %zd pages of counters where protected;"
-           " libFuzzer's SEGV handler must be installed\n",
-           NumPagesProtected);
-}
-
-bool TracePC::UnprotectLazyCounters(void *CounterPtr) {
-  // Printf("UnprotectLazyCounters: %p\n", CounterPtr);
-  if (!CounterPtr)
-    return false;
-  bool Done = false;
-  uint8_t *Addr = reinterpret_cast<uint8_t *>(CounterPtr);
-  IterateCounterRegions([&](Module::Region &R) {
-    if (!R.OneFullPage || R.Enabled || Done) return;
-    if (Addr >= R.Start && Addr < R.Stop)
-      if (Mprotect(R.Start, R.Stop - R.Start, true)) {
-        R.Enabled = true;
-        Done = true;
-      }
-  });
-  return Done;
-}
-
 void TracePC::HandlePCsInit(const uintptr_t *Start, const uintptr_t *Stop) {
  const PCTableEntry *B = reinterpret_cast<const PCTableEntry *>(Start);
  const PCTableEntry *E = reinterpret_cast<const PCTableEntry *>(Stop);
--- a/compiler-rt/lib/fuzzer/FuzzerTracePC.h
+++ b/compiler-rt/lib/fuzzer/FuzzerTracePC.h
@ -119,9 +119,6 @@ class TracePC {
  void SetFocusFunction(const std::string &FuncName);
  bool ObservedFocusFunction();

-  void ProtectLazyCounters();
-  bool UnprotectLazyCounters(void *CounterPtr);
-
  struct PCTableEntry {
    uintptr_t PC, PCFlags;
  };
--- a/compiler-rt/lib/fuzzer/FuzzerUtil.h
+++ b/compiler-rt/lib/fuzzer/FuzzerUtil.h
@ -52,8 +52,6 @@ void SetSignalHandler(const FuzzingOptions& Options);

 void SleepSeconds(int Seconds);

-bool Mprotect(void *Ptr, size_t Size, bool AllowReadWrite);
-
 unsigned long GetPid();

 size_t GetPeakRSSMb();
--- a/compiler-rt/lib/fuzzer/FuzzerUtilFuchsia.cpp
+++ b/compiler-rt/lib/fuzzer/FuzzerUtilFuchsia.cpp
@ -305,10 +305,6 @@ void CrashHandler(zx_handle_t *Event) {

 } // namespace

-bool Mprotect(void *Ptr, size_t Size, bool AllowReadWrite) {
-  return false;  // UNIMPLEMENTED
-}
-
 // Platform specific functions.
 void SetSignalHandler(const FuzzingOptions &Options) {
  // Make sure information from libFuzzer and the sanitizers are easy to
--- a/compiler-rt/lib/fuzzer/FuzzerUtilPosix.cpp
+++ b/compiler-rt/lib/fuzzer/FuzzerUtilPosix.cpp
@ -37,7 +37,6 @@ static void (*upstream_segv_handler)(int, siginfo_t *, void *);

 static void SegvHandler(int sig, siginfo_t *si, void *ucontext) {
  assert(si->si_signo == SIGSEGV);
-  if (TPC.UnprotectLazyCounters(si->si_addr)) return;
  if (upstream_segv_handler)
    return upstream_segv_handler(sig, si, ucontext);
  Fuzzer::StaticCrashSignalCallback();
@ -98,11 +97,6 @@ void SetTimer(int Seconds) {
  SetSigaction(SIGALRM, AlarmHandler);
 }

-bool Mprotect(void *Ptr, size_t Size, bool AllowReadWrite) {
-  return 0 == mprotect(Ptr, Size,
-                       AllowReadWrite ? (PROT_READ | PROT_WRITE) : PROT_NONE);
-}
-
 void SetSignalHandler(const FuzzingOptions& Options) {
  if (Options.UnitTimeoutSec > 0)
    SetTimer(Options.UnitTimeoutSec / 2 + 1);
--- a/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
+++ b/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
@ -111,10 +111,6 @@ static TimerQ Timer;

 static void CrashHandler(int) { Fuzzer::StaticCrashSignalCallback(); }

-bool Mprotect(void *Ptr, size_t Size, bool AllowReadWrite) {
-  return false;  // UNIMPLEMENTED
-}
-
 void SetSignalHandler(const FuzzingOptions& Options) {
  HandlerOpt = &Options;

--- a/compiler-rt/test/fuzzer/large.test
+++ b/compiler-rt/test/fuzzer/large.test
@ -1,7 +1,4 @@
-REQUIRES: linux
 RUN: %cpp_compiler %S/LargeTest.cpp -o %t-LargeTest
 RUN: %run %t-LargeTest -runs=10000
-RUN: %env_asan_opts=handle_segv=0 %run %t-LargeTest -runs=10000 -lazy_counters=1 2>&1 | FileCheck %s
-RUN:                              %run %t-LargeTest -runs=10000 -lazy_counters=1 2>&1 | FileCheck %s

 CHECK: pages of counters where protected; libFuzzer's SEGV handler must be installed