From 428bebaf10e177db5e42206ca8f871f0bcbef058 Mon Sep 17 00:00:00 2001
From: Dokyung Song <dokyungs@google.com>
Date: Wed, 19 Aug 2020 20:21:05 +0000
Subject: [PATCH] [libFuzzer] Fix value-profile-load test.

The behavior of the CrossOver mutator has changed with
bb54bcf84970c04c9748004f3a4cf59b0c1832a7. This seems to affect the
value-profile-load test on Darwin. This patch provides a wider margin for
determining success of the value-profile-load test, by testing the targeted
functionality (i.e., GEP index value profile) more directly and faster. To this
end, LoadTest.cpp now uses a narrower condition (Size != 8) for initial pruning
of inputs, effectively preventing libFuzzer from generating inputs longer than
necessary and spending time on mutating such long inputs in the corpus - a
functionality not meant to be tested by this specific test.

Previously, on x86/Linux, it required 6,597,751 execs with -use_value_profile=1
and 19,605,575 execs with -use_value_profile=0 to hit the crash. With this
patch, the test passes with 174,493 execs, providing a wider margin from the
given trials of 10,000,000. Note that, without the value profile (i.e.,
-use_value_profile=0), the test wouldn't pass as it still requires 19,605,575
execs to hit the crash.

Differential Revision: https://reviews.llvm.org/D86247
---
 compiler-rt/test/fuzzer/LoadTest.cpp            | 4 ++--
 compiler-rt/test/fuzzer/value-profile-load.test | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/compiler-rt/test/fuzzer/LoadTest.cpp b/compiler-rt/test/fuzzer/LoadTest.cpp
index 9cf1015..906c621 100644
--- a/compiler-rt/test/fuzzer/LoadTest.cpp
+++ b/compiler-rt/test/fuzzer/LoadTest.cpp
@@ -14,10 +14,10 @@ const int kArraySize = 1234567;
 int array[kArraySize];
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
-  if (Size < 8) return 0;
+  if (Size != 8)
+    return 0;
   uint64_t a = 0;
   memcpy(&a, Data, 8);
   Sink = array[a % (kArraySize + 1)];
   return 0;
 }
-
diff --git a/compiler-rt/test/fuzzer/value-profile-load.test b/compiler-rt/test/fuzzer/value-profile-load.test
index 607b81c..eb24d7b 100644
--- a/compiler-rt/test/fuzzer/value-profile-load.test
+++ b/compiler-rt/test/fuzzer/value-profile-load.test
@@ -1,3 +1,3 @@
 CHECK: AddressSanitizer: global-buffer-overflow
 RUN: %cpp_compiler %S/LoadTest.cpp -fsanitize-coverage=trace-gep -o %t-LoadTest
-RUN: not %run %t-LoadTest -seed=2 -use_cmp=0 -use_value_profile=1 -runs=20000000 2>&1 | FileCheck %s
+RUN: not %run %t-LoadTest -seed=2 -use_cmp=0 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s
-- 
2.7.4