From a5bb6d53f2f4016a335e8dee310e76493ef3b825 Mon Sep 17 00:00:00 2001
From: Matt Morehouse <mascasa@google.com>
Date: Mon, 9 Jul 2018 22:31:26 +0000
Subject: [PATCH] Revert "[libFuzzer] Mutation tracking and logging
 implemented"

This reverts r336597 due to bot breakage.

llvm-svn: 336616
---
 compiler-rt/lib/fuzzer/FuzzerDriver.cpp           |  1 -
 compiler-rt/lib/fuzzer/FuzzerFlags.def            |  1 -
 compiler-rt/lib/fuzzer/FuzzerLoop.cpp             |  2 -
 compiler-rt/lib/fuzzer/FuzzerMutate.cpp           | 66 +++++++----------------
 compiler-rt/lib/fuzzer/FuzzerMutate.h             | 12 +----
 compiler-rt/lib/fuzzer/FuzzerOptions.h            |  1 -
 compiler-rt/test/fuzzer/fuzzer-mutationstats.test |  5 --
 7 files changed, 22 insertions(+), 66 deletions(-)
 delete mode 100644 compiler-rt/test/fuzzer/fuzzer-mutationstats.test

diff --git a/compiler-rt/lib/fuzzer/FuzzerDriver.cpp b/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
index 6c785eb..c2f8583 100644
--- a/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
+++ b/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
@@ -613,7 +613,6 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {
   Options.PrintNewCovPcs = Flags.print_pcs;
   Options.PrintNewCovFuncs = Flags.print_funcs;
   Options.PrintFinalStats = Flags.print_final_stats;
-  Options.PrintMutationStats = Flags.print_mutation_stats;
   Options.PrintCorpusStats = Flags.print_corpus_stats;
   Options.PrintCoverage = Flags.print_coverage;
   Options.DumpCoverage = Flags.dump_coverage;
diff --git a/compiler-rt/lib/fuzzer/FuzzerFlags.def b/compiler-rt/lib/fuzzer/FuzzerFlags.def
index b77a1ff..aaa1727 100644
--- a/compiler-rt/lib/fuzzer/FuzzerFlags.def
+++ b/compiler-rt/lib/fuzzer/FuzzerFlags.def
@@ -153,4 +153,3 @@ FUZZER_DEPRECATED_FLAG(use_equivalence_server)
 FUZZER_FLAG_INT(analyze_dict, 0, "Experimental")
 FUZZER_DEPRECATED_FLAG(use_clang_coverage)
 FUZZER_FLAG_STRING(data_flow_trace, "Experimental: use the data flow trace")
-FUZZER_FLAG_INT(print_mutation_stats, 0, "Experimental")
diff --git a/compiler-rt/lib/fuzzer/FuzzerLoop.cpp b/compiler-rt/lib/fuzzer/FuzzerLoop.cpp
index 1a2276f..d412b58 100644
--- a/compiler-rt/lib/fuzzer/FuzzerLoop.cpp
+++ b/compiler-rt/lib/fuzzer/FuzzerLoop.cpp
@@ -355,8 +355,6 @@ void Fuzzer::PrintFinalStats() {
     TPC.DumpCoverage();
   if (Options.PrintCorpusStats)
     Corpus.PrintStats();
-  if (Options.PrintMutationStats)
-    MD.PrintMutationStats();
   if (!Options.PrintFinalStats)
     return;
   size_t ExecPerSec = execPerSec();
diff --git a/compiler-rt/lib/fuzzer/FuzzerMutate.cpp b/compiler-rt/lib/fuzzer/FuzzerMutate.cpp
index ef059fc..865e598 100644
--- a/compiler-rt/lib/fuzzer/FuzzerMutate.cpp
+++ b/compiler-rt/lib/fuzzer/FuzzerMutate.cpp
@@ -58,10 +58,6 @@ MutationDispatcher::MutationDispatcher(Random &Rand,
   if (EF->LLVMFuzzerCustomCrossOver)
     Mutators.push_back(
         {&MutationDispatcher::Mutate_CustomCrossOver, "CustomCrossOver"});
-
-  // Initialize mutation statistic counters.
-  TotalMutations.resize(Mutators.size(), 0);
-  UsefulMutations.resize(Mutators.size(), 0);
 }
 
 static char RandCh(Random &Rand) {
@@ -265,9 +261,9 @@ size_t MutationDispatcher::Mutate_AddWordFromTORC(
     DE = MakeDictionaryEntryFromCMP(X.A, X.B, Data, Size);
   } break;
   case 3: if (Options.UseMemmem) {
-      auto X = TPC.MMT.Get(Rand.Rand());
-      DE = DictionaryEntry(X);
-    } break;
+    auto X = TPC.MMT.Get(Rand.Rand());
+    DE = DictionaryEntry(X);
+  } break;
   default:
     assert(0);
   }
@@ -435,18 +431,18 @@ size_t MutationDispatcher::Mutate_CrossOver(uint8_t *Data, size_t Size,
   auto &U = MutateInPlaceHere;
   size_t NewSize = 0;
   switch(Rand(3)) {
-  case 0:
-    NewSize = CrossOver(Data, Size, O.data(), O.size(), U.data(), U.size());
-    break;
-  case 1:
-    NewSize = InsertPartOf(O.data(), O.size(), U.data(), U.size(), MaxSize);
-    if (!NewSize)
+    case 0:
+      NewSize = CrossOver(Data, Size, O.data(), O.size(), U.data(), U.size());
+      break;
+    case 1:
+      NewSize = InsertPartOf(O.data(), O.size(), U.data(), U.size(), MaxSize);
+      if (!NewSize)
+        NewSize = CopyPartOf(O.data(), O.size(), U.data(), U.size());
+      break;
+    case 2:
       NewSize = CopyPartOf(O.data(), O.size(), U.data(), U.size());
-    break;
-  case 2:
-    NewSize = CopyPartOf(O.data(), O.size(), U.data(), U.size());
-    break;
-  default: assert(0);
+      break;
+    default: assert(0);
   }
   assert(NewSize > 0 && "CrossOver returned empty unit");
   assert(NewSize <= MaxSize && "CrossOver returned overisized unit");
@@ -455,7 +451,7 @@ size_t MutationDispatcher::Mutate_CrossOver(uint8_t *Data, size_t Size,
 }
 
 void MutationDispatcher::StartMutationSequence() {
-  CurrentMutatorIdxSequence.clear();
+  CurrentMutatorSequence.clear();
   CurrentDictionaryEntrySequence.clear();
 }
 
@@ -469,7 +465,6 @@ void MutationDispatcher::RecordSuccessfulMutationSequence() {
     if (!PersistentAutoDictionary.ContainsWord(DE->GetW()))
       PersistentAutoDictionary.push_back({DE->GetW(), 1});
   }
-  RecordUsefulMutations();
 }
 
 void MutationDispatcher::PrintRecommendedDictionary() {
@@ -489,9 +484,9 @@ void MutationDispatcher::PrintRecommendedDictionary() {
 }
 
 void MutationDispatcher::PrintMutationSequence() {
-  Printf("MS: %zd ", CurrentMutatorIdxSequence.size());
-  for (auto M : CurrentMutatorIdxSequence)
-    Printf("%s-", Mutators[M].Name);
+  Printf("MS: %zd ", CurrentMutatorSequence.size());
+  for (auto M : CurrentMutatorSequence)
+    Printf("%s-", M.Name);
   if (!CurrentDictionaryEntrySequence.empty()) {
     Printf(" DE: ");
     for (auto DE : CurrentDictionaryEntrySequence) {
@@ -519,14 +514,12 @@ size_t MutationDispatcher::MutateImpl(uint8_t *Data, size_t Size,
   // in which case they will return 0.
   // Try several times before returning un-mutated data.
   for (int Iter = 0; Iter < 100; Iter++) {
-    size_t MutatorIdx = Rand(Mutators.size());
-    auto M = Mutators[MutatorIdx];
+    auto M = Mutators[Rand(Mutators.size())];
     size_t NewSize = (this->*(M.Fn))(Data, Size, MaxSize);
     if (NewSize && NewSize <= MaxSize) {
       if (Options.OnlyASCII)
         ToASCII(Data, NewSize);
-      CurrentMutatorIdxSequence.push_back(MutatorIdx);
-      TotalMutations[MutatorIdx]++;
+      CurrentMutatorSequence.push_back(M);
       return NewSize;
     }
   }
@@ -539,23 +532,4 @@ void MutationDispatcher::AddWordToManualDictionary(const Word &W) {
       {W, std::numeric_limits<size_t>::max()});
 }
 
-void MutationDispatcher::RecordUsefulMutations() {
-  for (const size_t M : CurrentMutatorIdxSequence)
-    UsefulMutations[M]++;
-}
-
-void MutationDispatcher::PrintMutationStats() {
-  Printf("\nstat::mutation_usefulness:      ");
-  for (size_t i = 0; i < Mutators.size(); i++) {
-    double UsefulPercentage =
-        TotalMutations[i]
-            ? (100.0 * UsefulMutations[i]) / TotalMutations[i]
-            : 0;
-    Printf("%.3f", UsefulPercentage);
-    if (i < Mutators.size() - 1)
-      Printf(",");
-  }
-  Printf("\n");
-}
-
 }  // namespace fuzzer
diff --git a/compiler-rt/lib/fuzzer/FuzzerMutate.h b/compiler-rt/lib/fuzzer/FuzzerMutate.h
index 3216522..996d756 100644
--- a/compiler-rt/lib/fuzzer/FuzzerMutate.h
+++ b/compiler-rt/lib/fuzzer/FuzzerMutate.h
@@ -86,11 +86,8 @@ public:
 
   Random &GetRand() { return Rand; }
 
-  void PrintMutationStats();
-
-  void RecordUsefulMutations();
-
 private:
+
   struct Mutator {
     size_t (MutationDispatcher::*Fn)(uint8_t *Data, size_t Size, size_t Max);
     const char *Name;
@@ -131,8 +128,8 @@ private:
   // entries that led to successful discoveries in the past mutations.
   Dictionary PersistentAutoDictionary;
 
+  Vector<Mutator> CurrentMutatorSequence;
   Vector<DictionaryEntry *> CurrentDictionaryEntrySequence;
-  Vector<size_t> CurrentMutatorIdxSequence;
 
   static const size_t kCmpDictionaryEntriesDequeSize = 16;
   DictionaryEntry CmpDictionaryEntriesDeque[kCmpDictionaryEntriesDequeSize];
@@ -146,11 +143,6 @@ private:
 
   Vector<Mutator> Mutators;
   Vector<Mutator> DefaultMutators;
-
-  // A total count of each mutation used in the fuzzing process.
-  Vector<uint64_t> TotalMutations;
-  // The number of each mutation that resulted in new coverage.
-  Vector<uint64_t> UsefulMutations;
 };
 
 }  // namespace fuzzer
diff --git a/compiler-rt/lib/fuzzer/FuzzerOptions.h b/compiler-rt/lib/fuzzer/FuzzerOptions.h
index 019dc6f..ab90df8 100644
--- a/compiler-rt/lib/fuzzer/FuzzerOptions.h
+++ b/compiler-rt/lib/fuzzer/FuzzerOptions.h
@@ -52,7 +52,6 @@ struct FuzzingOptions {
   bool PrintNewCovPcs = false;
   int PrintNewCovFuncs = 0;
   bool PrintFinalStats = false;
-  bool PrintMutationStats = false;
   bool PrintCorpusStats = false;
   bool PrintCoverage = false;
   bool DumpCoverage = false;
diff --git a/compiler-rt/test/fuzzer/fuzzer-mutationstats.test b/compiler-rt/test/fuzzer/fuzzer-mutationstats.test
deleted file mode 100644
index 95743a8..0000000
--- a/compiler-rt/test/fuzzer/fuzzer-mutationstats.test
+++ /dev/null
@@ -1,5 +0,0 @@
-RUN: %cpp_compiler %S/SimpleTest.cpp -o %t-MutationStatsTest
-RUN: not %run %t-MutationStatsTest -print_mutation_stats=1 2>&1 | FileCheck %s
-
-# Ensures there are some non-zero values in the usefulness percentages printed.
-CHECK: stat::mutation_usefulness:   {{[0-9]+\.[0-9]+}}
-- 
2.7.4