maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

[libFuzzer] increase kFeatureSetSize to 2^21 and make InputCorpus scale to that size. This will potentially make libFuzzer more sensitive on targets with lots of signals 

llvm-svn: 298671
This commit is contained in:
Kostya Serebryany 2017-03-24 00:45:15 +00:00
parent f96f04d602
commit 382730ab23
2 changed files with 11 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
llvm/lib/Fuzzer/FuzzerCorpus.h
View File

@ -37,8 +37,8 @@ struct InputInfo {
}; };
class InputCorpus { class InputCorpus {
static const size_t kFeatureSetSize = 1 << 21;
public: public:
static const size_t kFeatureSetSize = 1 << 16;
InputCorpus(const std::string &OutputCorpus) : OutputCorpus(OutputCorpus) { InputCorpus(const std::string &OutputCorpus) : OutputCorpus(OutputCorpus) {
memset(InputSizesPerFeature, 0, sizeof(InputSizesPerFeature)); memset(InputSizesPerFeature, 0, sizeof(InputSizesPerFeature));
memset(SmallestElementPerFeature, 0, sizeof(SmallestElementPerFeature)); memset(SmallestElementPerFeature, 0, sizeof(SmallestElementPerFeature));
@ -68,7 +68,8 @@ class InputCorpus {
} }
bool empty() const { return Inputs.empty(); } bool empty() const { return Inputs.empty(); }
const Unit &operator[] (size_t Idx) const { return Inputs[Idx]->U; } const Unit &operator[] (size_t Idx) const { return Inputs[Idx]->U; }
void AddToCorpus(const Unit &U, size_t NumFeatures, bool MayDeleteFile = false) { void AddToCorpus(const Unit &U, size_t NumFeatures,
bool MayDeleteFile = false) {
assert(!U.empty()); assert(!U.empty());
uint8_t Hash[kSHA1NumBytes]; uint8_t Hash[kSHA1NumBytes];
if (FeatureDebug) if (FeatureDebug)
@ -82,7 +83,7 @@ class InputCorpus {
II.MayDeleteFile = MayDeleteFile; II.MayDeleteFile = MayDeleteFile;
memcpy(II.Sha1, Hash, kSHA1NumBytes); memcpy(II.Sha1, Hash, kSHA1NumBytes);
UpdateCorpusDistribution(); UpdateCorpusDistribution();
ValidateFeatureSet(); // ValidateFeatureSet();
} }
bool HasUnit(const Unit &U) { return Hashes.count(Hash(U)); } bool HasUnit(const Unit &U) { return Hashes.count(Hash(U)); }
@ -144,6 +145,8 @@ class InputCorpus {
II.NumFeatures--; II.NumFeatures--;
if (II.NumFeatures == 0) if (II.NumFeatures == 0)
DeleteInput(OldIdx); DeleteInput(OldIdx);
} else {
NumAddedFeatures++;
} }
if (FeatureDebug) if (FeatureDebug)
Printf("ADD FEATURE %zd sz %d\n", Idx, NewSize); Printf("ADD FEATURE %zd sz %d\n", Idx, NewSize);
@ -155,12 +158,7 @@ class InputCorpus {
return false; return false;
} }
size_t NumFeatures() const { size_t NumFeatures() const { return NumAddedFeatures; }
size_t Res = 0;
for (size_t i = 0; i < kFeatureSetSize; i++)
Res += GetFeature(i) != 0;
return Res;
}
void ResetFeatureSet() { void ResetFeatureSet() {
assert(Inputs.empty()); assert(Inputs.empty());
@ -213,6 +211,7 @@ private:
std::vector<InputInfo*> Inputs; std::vector<InputInfo*> Inputs;
bool CountingFeatures = false; bool CountingFeatures = false;
size_t NumAddedFeatures = 0;
uint32_t InputSizesPerFeature[kFeatureSetSize]; uint32_t InputSizesPerFeature[kFeatureSetSize];
uint32_t SmallestElementPerFeature[kFeatureSetSize]; uint32_t SmallestElementPerFeature[kFeatureSetSize];

6
llvm/lib/Fuzzer/test/FuzzerUnittest.cpp
View File

@ -586,15 +586,15 @@ TEST(FuzzerUtil, Base64) {
TEST(Corpus, Distribution) { TEST(Corpus, Distribution) {
Random Rand(0); Random Rand(0);
InputCorpus C(""); std::unique_ptr<InputCorpus> C(new InputCorpus(""));
size_t N = 10; size_t N = 10;
size_t TriesPerUnit = 1<<16; size_t TriesPerUnit = 1<<16;
for (size_t i = 0; i < N; i++) for (size_t i = 0; i < N; i++)
C.AddToCorpus(Unit{ static_cast<uint8_t>(i) }, 0); C->AddToCorpus(Unit{ static_cast<uint8_t>(i) }, 0);
std::vector<size_t> Hist(N); std::vector<size_t> Hist(N);
for (size_t i = 0; i < N * TriesPerUnit; i++) { for (size_t i = 0; i < N * TriesPerUnit; i++) {
Hist[C.ChooseUnitIdxToMutate(Rand)]++; Hist[C->ChooseUnitIdxToMutate(Rand)]++;
} }
for (size_t i = 0; i < N; i++) { for (size_t i = 0; i < N; i++) {
// A weak sanity check that every unit gets invoked. // A weak sanity check that every unit gets invoked.