From 382730ab23aa7d14bd66c90d9a31ddc22d496f56 Mon Sep 17 00:00:00 2001 From: Kostya Serebryany Date: Fri, 24 Mar 2017 00:45:15 +0000 Subject: [PATCH] [libFuzzer] increase kFeatureSetSize to 2^21 and make InputCorpus scale to that size. This will potentially make libFuzzer more sensitive on targets with lots of signals llvm-svn: 298671 --- llvm/lib/Fuzzer/FuzzerCorpus.h | 17 ++++++++--------- llvm/lib/Fuzzer/test/FuzzerUnittest.cpp | 6 +++--- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/llvm/lib/Fuzzer/FuzzerCorpus.h b/llvm/lib/Fuzzer/FuzzerCorpus.h index 8c2f7039280f..b6cbf3638c62 100644 --- a/llvm/lib/Fuzzer/FuzzerCorpus.h +++ b/llvm/lib/Fuzzer/FuzzerCorpus.h @@ -37,8 +37,8 @@ struct InputInfo { }; class InputCorpus { + static const size_t kFeatureSetSize = 1 << 21; public: - static const size_t kFeatureSetSize = 1 << 16; InputCorpus(const std::string &OutputCorpus) : OutputCorpus(OutputCorpus) { memset(InputSizesPerFeature, 0, sizeof(InputSizesPerFeature)); memset(SmallestElementPerFeature, 0, sizeof(SmallestElementPerFeature)); @@ -68,7 +68,8 @@ class InputCorpus { } bool empty() const { return Inputs.empty(); } const Unit &operator[] (size_t Idx) const { return Inputs[Idx]->U; } - void AddToCorpus(const Unit &U, size_t NumFeatures, bool MayDeleteFile = false) { + void AddToCorpus(const Unit &U, size_t NumFeatures, + bool MayDeleteFile = false) { assert(!U.empty()); uint8_t Hash[kSHA1NumBytes]; if (FeatureDebug) @@ -82,7 +83,7 @@ class InputCorpus { II.MayDeleteFile = MayDeleteFile; memcpy(II.Sha1, Hash, kSHA1NumBytes); UpdateCorpusDistribution(); - ValidateFeatureSet(); + // ValidateFeatureSet(); } bool HasUnit(const Unit &U) { return Hashes.count(Hash(U)); } @@ -144,6 +145,8 @@ class InputCorpus { II.NumFeatures--; if (II.NumFeatures == 0) DeleteInput(OldIdx); + } else { + NumAddedFeatures++; } if (FeatureDebug) Printf("ADD FEATURE %zd sz %d\n", Idx, NewSize); @@ -155,12 +158,7 @@ class InputCorpus { return false; } - size_t NumFeatures() const { - size_t Res = 0; - for (size_t i = 0; i < kFeatureSetSize; i++) - Res += GetFeature(i) != 0; - return Res; - } + size_t NumFeatures() const { return NumAddedFeatures; } void ResetFeatureSet() { assert(Inputs.empty()); @@ -213,6 +211,7 @@ private: std::vector Inputs; bool CountingFeatures = false; + size_t NumAddedFeatures = 0; uint32_t InputSizesPerFeature[kFeatureSetSize]; uint32_t SmallestElementPerFeature[kFeatureSetSize]; diff --git a/llvm/lib/Fuzzer/test/FuzzerUnittest.cpp b/llvm/lib/Fuzzer/test/FuzzerUnittest.cpp index 5705396f451e..78ea874f2ce2 100644 --- a/llvm/lib/Fuzzer/test/FuzzerUnittest.cpp +++ b/llvm/lib/Fuzzer/test/FuzzerUnittest.cpp @@ -586,15 +586,15 @@ TEST(FuzzerUtil, Base64) { TEST(Corpus, Distribution) { Random Rand(0); - InputCorpus C(""); + std::unique_ptr C(new InputCorpus("")); size_t N = 10; size_t TriesPerUnit = 1<<16; for (size_t i = 0; i < N; i++) - C.AddToCorpus(Unit{ static_cast(i) }, 0); + C->AddToCorpus(Unit{ static_cast(i) }, 0); std::vector Hist(N); for (size_t i = 0; i < N * TriesPerUnit; i++) { - Hist[C.ChooseUnitIdxToMutate(Rand)]++; + Hist[C->ChooseUnitIdxToMutate(Rand)]++; } for (size_t i = 0; i < N; i++) { // A weak sanity check that every unit gets invoked.