From 59bf1e8b368c70f086cdb9a1df34ef9a0c72e062 Mon Sep 17 00:00:00 2001 From: Kostya Serebryany Date: Thu, 10 May 2018 20:12:15 +0000 Subject: [PATCH] [libFuzzer] remove the experimental support for clang coverage instrumentation. This mode has not been used and our experiments with https://github.com/google/fuzzer-test-suite show that this signal is weaker than the SanitizerCoverage llvm-svn: 332034 --- compiler-rt/lib/fuzzer/CMakeLists.txt | 1 - compiler-rt/lib/fuzzer/FuzzerClangCounters.cpp | 49 ---------------------- compiler-rt/lib/fuzzer/FuzzerDefs.h | 4 -- compiler-rt/lib/fuzzer/FuzzerDriver.cpp | 1 - compiler-rt/lib/fuzzer/FuzzerFlags.def | 2 +- compiler-rt/lib/fuzzer/FuzzerLoop.cpp | 1 - compiler-rt/lib/fuzzer/FuzzerOptions.h | 1 - compiler-rt/lib/fuzzer/FuzzerTracePC.cpp | 10 ----- compiler-rt/lib/fuzzer/FuzzerTracePC.h | 16 ------- .../test/fuzzer/fprofile-instr-generate.test | 7 ---- 10 files changed, 1 insertion(+), 91 deletions(-) delete mode 100644 compiler-rt/lib/fuzzer/FuzzerClangCounters.cpp delete mode 100644 compiler-rt/test/fuzzer/fprofile-instr-generate.test diff --git a/compiler-rt/lib/fuzzer/CMakeLists.txt b/compiler-rt/lib/fuzzer/CMakeLists.txt index d5118de..7e696de 100644 --- a/compiler-rt/lib/fuzzer/CMakeLists.txt +++ b/compiler-rt/lib/fuzzer/CMakeLists.txt @@ -1,5 +1,4 @@ set(LIBFUZZER_SOURCES - FuzzerClangCounters.cpp FuzzerCrossOver.cpp FuzzerDriver.cpp FuzzerExtFunctionsDlsym.cpp diff --git a/compiler-rt/lib/fuzzer/FuzzerClangCounters.cpp b/compiler-rt/lib/fuzzer/FuzzerClangCounters.cpp deleted file mode 100644 index f69e922..0000000 --- a/compiler-rt/lib/fuzzer/FuzzerClangCounters.cpp +++ /dev/null @@ -1,49 +0,0 @@ -//===- FuzzerExtraCounters.cpp - Extra coverage counters ------------------===// -// -// The LLVM Compiler Infrastructure -// -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. -// -//===----------------------------------------------------------------------===// -// Coverage counters from Clang's SourceBasedCodeCoverage. -//===----------------------------------------------------------------------===// - -// Support for SourceBasedCodeCoverage is experimental: -// * Works only for the main binary, not DSOs yet. -// * Works only on Linux. -// * Does not implement print_pcs/print_coverage yet. -// * Is not fully evaluated for performance and sensitivity. -// We expect large performance drop due to 64-bit counters, -// and *maybe* better sensitivity due to more fine-grained counters. -// Preliminary comparison on a single benchmark (RE2) shows -// a bit worse sensitivity though. - -#include "FuzzerDefs.h" - -#if LIBFUZZER_LINUX -__attribute__((weak)) extern uint64_t __start___llvm_prf_cnts; -__attribute__((weak)) extern uint64_t __stop___llvm_prf_cnts; -namespace fuzzer { -uint64_t *ClangCountersBegin() { return &__start___llvm_prf_cnts; } -uint64_t *ClangCountersEnd() { return &__stop___llvm_prf_cnts; } -} // namespace fuzzer -#else -// TODO: Implement on Mac (if the data shows it's worth it). -//__attribute__((visibility("hidden"))) -//extern uint64_t CountersStart __asm("section$start$__DATA$__llvm_prf_cnts"); -//__attribute__((visibility("hidden"))) -//extern uint64_t CountersEnd __asm("section$end$__DATA$__llvm_prf_cnts"); -namespace fuzzer { -uint64_t *ClangCountersBegin() { return nullptr; } -uint64_t *ClangCountersEnd() { return nullptr; } -} // namespace fuzzer -#endif - -namespace fuzzer { -ATTRIBUTE_NO_SANITIZE_ALL -void ClearClangCounters() { // hand-written memset, don't asan-ify. - for (auto P = ClangCountersBegin(); P < ClangCountersEnd(); P++) - *P = 0; -} -} diff --git a/compiler-rt/lib/fuzzer/FuzzerDefs.h b/compiler-rt/lib/fuzzer/FuzzerDefs.h index 02e25f6..dde1b4b 100644 --- a/compiler-rt/lib/fuzzer/FuzzerDefs.h +++ b/compiler-rt/lib/fuzzer/FuzzerDefs.h @@ -186,10 +186,6 @@ uint8_t *ExtraCountersBegin(); uint8_t *ExtraCountersEnd(); void ClearExtraCounters(); -uint64_t *ClangCountersBegin(); -uint64_t *ClangCountersEnd(); -void ClearClangCounters(); - } // namespace fuzzer #endif // LLVM_FUZZER_DEFS_H diff --git a/compiler-rt/lib/fuzzer/FuzzerDriver.cpp b/compiler-rt/lib/fuzzer/FuzzerDriver.cpp index e7d02d8..3ee8c26 100644 --- a/compiler-rt/lib/fuzzer/FuzzerDriver.cpp +++ b/compiler-rt/lib/fuzzer/FuzzerDriver.cpp @@ -616,7 +616,6 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) { Options.PrintCorpusStats = Flags.print_corpus_stats; Options.PrintCoverage = Flags.print_coverage; Options.DumpCoverage = Flags.dump_coverage; - Options.UseClangCoverage = Flags.use_clang_coverage; Options.UseFeatureFrequency = Flags.use_feature_frequency; if (Flags.exit_on_src_pos) Options.ExitOnSrcPos = Flags.exit_on_src_pos; diff --git a/compiler-rt/lib/fuzzer/FuzzerFlags.def b/compiler-rt/lib/fuzzer/FuzzerFlags.def index 9956f44..5905d0d 100644 --- a/compiler-rt/lib/fuzzer/FuzzerFlags.def +++ b/compiler-rt/lib/fuzzer/FuzzerFlags.def @@ -149,5 +149,5 @@ FUZZER_FLAG_INT(ignore_remaining_args, 0, "If 1, ignore all arguments passed " FUZZER_FLAG_STRING(run_equivalence_server, "Experimental") FUZZER_FLAG_STRING(use_equivalence_server, "Experimental") FUZZER_FLAG_INT(analyze_dict, 0, "Experimental") -FUZZER_FLAG_INT(use_clang_coverage, 0, "Experimental") +FUZZER_DEPRECATED_FLAG(use_clang_coverage) FUZZER_FLAG_INT(use_feature_frequency, 0, "Experimental/internal") diff --git a/compiler-rt/lib/fuzzer/FuzzerLoop.cpp b/compiler-rt/lib/fuzzer/FuzzerLoop.cpp index 1915563..41acb5a 100644 --- a/compiler-rt/lib/fuzzer/FuzzerLoop.cpp +++ b/compiler-rt/lib/fuzzer/FuzzerLoop.cpp @@ -149,7 +149,6 @@ Fuzzer::Fuzzer(UserCallback CB, InputCorpus &Corpus, MutationDispatcher &MD, EF->__sanitizer_install_malloc_and_free_hooks(MallocHook, FreeHook); TPC.SetUseCounters(Options.UseCounters); TPC.SetUseValueProfile(Options.UseValueProfile); - TPC.SetUseClangCoverage(Options.UseClangCoverage); if (Options.Verbosity) TPC.PrintModuleInfo(); diff --git a/compiler-rt/lib/fuzzer/FuzzerOptions.h b/compiler-rt/lib/fuzzer/FuzzerOptions.h index cedf7f3..6131cc1 100644 --- a/compiler-rt/lib/fuzzer/FuzzerOptions.h +++ b/compiler-rt/lib/fuzzer/FuzzerOptions.h @@ -53,7 +53,6 @@ struct FuzzingOptions { bool PrintCorpusStats = false; bool PrintCoverage = false; bool DumpCoverage = false; - bool UseClangCoverage = false; bool DetectLeaks = true; int PurgeAllocatorIntervalSec = 1; int UseFeatureFrequency = false; diff --git a/compiler-rt/lib/fuzzer/FuzzerTracePC.cpp b/compiler-rt/lib/fuzzer/FuzzerTracePC.cpp index 701ef08..f8c193e 100644 --- a/compiler-rt/lib/fuzzer/FuzzerTracePC.cpp +++ b/compiler-rt/lib/fuzzer/FuzzerTracePC.cpp @@ -132,9 +132,6 @@ void TracePC::PrintModuleInfo() { _Exit(1); } } - if (size_t NumClangCounters = ClangCountersEnd() - ClangCountersBegin()) - Printf("INFO: %zd Clang Coverage Counters\n", NumClangCounters); - if (size_t NumExtraCounters = ExtraCountersEnd() - ExtraCountersBegin()) Printf("INFO: %zd Extra Counters\n", NumExtraCounters); } @@ -185,13 +182,6 @@ void TracePC::UpdateObservedPCs() { } } } - if (size_t NumClangCounters = - ClangCountersEnd() - ClangCountersBegin()) { - auto P = ClangCountersBegin(); - for (size_t Idx = 0; Idx < NumClangCounters; Idx++) - if (P[Idx]) - ObservePC((uintptr_t)Idx); - } for (size_t i = 0, N = Min(CoveredFuncs.size(), NumPrintNewFuncs); i < N; i++) { Printf("\tNEW_FUNC[%zd/%zd]: ", i, CoveredFuncs.size()); diff --git a/compiler-rt/lib/fuzzer/FuzzerTracePC.h b/compiler-rt/lib/fuzzer/FuzzerTracePC.h index c3f241b..0cf4e72 100644 --- a/compiler-rt/lib/fuzzer/FuzzerTracePC.h +++ b/compiler-rt/lib/fuzzer/FuzzerTracePC.h @@ -80,7 +80,6 @@ class TracePC { template void HandleCmp(uintptr_t PC, T Arg1, T Arg2); size_t GetTotalPCCoverage(); void SetUseCounters(bool UC) { UseCounters = UC; } - void SetUseClangCoverage(bool UCC) { UseClangCoverage = UCC; } void SetUseValueProfile(bool VP) { UseValueProfile = VP; } void SetPrintNewPCs(bool P) { DoPrintNewPCs = P; } void SetPrintNewFuncs(size_t P) { NumPrintNewFuncs = P; } @@ -93,8 +92,6 @@ class TracePC { memset(Counters(), 0, GetNumPCs()); ClearExtraCounters(); ClearInlineCounters(); - if (UseClangCoverage) - ClearClangCounters(); } void ClearInlineCounters(); @@ -135,7 +132,6 @@ class TracePC { private: bool UseCounters = false; bool UseValueProfile = false; - bool UseClangCoverage = false; bool DoPrintNewPCs = false; size_t NumPrintNewFuncs = 0; @@ -251,18 +247,6 @@ void TracePC::CollectFeatures(Callback HandleFeature) const { } } - if (size_t NumClangCounters = ClangCountersEnd() - ClangCountersBegin()) { - auto P = ClangCountersBegin(); - for (size_t Idx = 0; Idx < NumClangCounters; Idx++) - if (auto Cnt = P[Idx]) { - if (UseCounters) - HandleFeature(FirstFeature + Idx * 8 + CounterToFeature(Cnt)); - else - HandleFeature(FirstFeature + Idx); - } - FirstFeature += NumClangCounters; - } - ForEachNonZeroByte(ExtraCountersBegin(), ExtraCountersEnd(), FirstFeature, Handle8bitCounter); FirstFeature += (ExtraCountersEnd() - ExtraCountersBegin()) * 8; diff --git a/compiler-rt/test/fuzzer/fprofile-instr-generate.test b/compiler-rt/test/fuzzer/fprofile-instr-generate.test deleted file mode 100644 index 2a3ec96..0000000 --- a/compiler-rt/test/fuzzer/fprofile-instr-generate.test +++ /dev/null @@ -1,7 +0,0 @@ -# Test libFuzzer + -fprofile-instr-generate -REQUIRES: linux -RUN: %cpp_compiler %S/SimpleTest.cpp -fsanitize-coverage=0 -fprofile-instr-generate -o %t-SimpleTest-fprofile-instr-generate -CHECK-NOT: INFO: Loaded 1 modules -CHECK: INFO: {{.*}} Clang Coverage Counters -CHECK: BINGO -RUN: not %t-SimpleTest-fprofile-instr-generate -runs=1000000 -seed=1 -use_clang_coverage=1 2>&1 | FileCheck %s -- 2.7.4