From d4492f81011df9dd12ff78275b45bb81093700c7 Mon Sep 17 00:00:00 2001
From: Kostya Serebryany <kcc@google.com>
Date: Tue, 30 Aug 2016 03:05:50 +0000
Subject: [PATCH] [libFuzzer] use bits instead of bytes for memcmp/strcmp value
 profile -- the fuzzer reaches the goal much faster, at least on the simple
 puzzles

llvm-svn: 280054
---
 llvm/lib/Fuzzer/FuzzerTraceState.cpp        | 28 ++++++++++++++++++----------
 llvm/lib/Fuzzer/test/value-profile-mem.test |  6 +++---
 2 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/llvm/lib/Fuzzer/FuzzerTraceState.cpp b/llvm/lib/Fuzzer/FuzzerTraceState.cpp
index 7bbc759..732e1a4 100644
--- a/llvm/lib/Fuzzer/FuzzerTraceState.cpp
+++ b/llvm/lib/Fuzzer/FuzzerTraceState.cpp
@@ -552,26 +552,34 @@ static void AddValueForMemcmp(void *caller_pc, const void *s1, const void *s2,
                               size_t n) {
   if (!n) return;
   size_t Len = std::min(n, (size_t)32);
-  const char *A1 = reinterpret_cast<const char *>(s1);
-  const char *A2 = reinterpret_cast<const char *>(s2);
-  size_t LastSameByte = 0;
-  for (; LastSameByte < Len; LastSameByte++)
-    if (A1[LastSameByte] != A2[LastSameByte])
+  const uint8_t *A1 = reinterpret_cast<const uint8_t *>(s1);
+  const uint8_t *A2 = reinterpret_cast<const uint8_t *>(s2);
+  size_t I = 0;
+  for (; I < Len; I++)
+    if (A1[I] != A2[I])
       break;
   size_t PC = reinterpret_cast<size_t>(caller_pc);
-  VP.AddValue((PC & 4095) | (LastSameByte << 12));
+  size_t Idx = I * 8;
+  if (I < Len)
+    Idx += __builtin_popcountl((A1[I] ^ A2[I])) - 1;
+  VP.AddValue((PC & 4095) | (Idx << 12));
 }
 
 static void AddValueForStrcmp(void *caller_pc, const char *s1, const char *s2,
                               size_t n) {
   if (!n) return;
   size_t Len = std::min(n, (size_t)32);
-  size_t LastSameByte = 0;
-  for (; LastSameByte < Len; LastSameByte++)
-    if (s1[LastSameByte] != s2[LastSameByte] || s1[LastSameByte] == 0)
+  const uint8_t *A1 = reinterpret_cast<const uint8_t *>(s1);
+  const uint8_t *A2 = reinterpret_cast<const uint8_t *>(s2);
+  size_t I = 0;
+  for (; I < Len; I++)
+    if (A1[I] != A2[I] || A1[I] == 0)
       break;
   size_t PC = reinterpret_cast<size_t>(caller_pc);
-  VP.AddValue((PC & 4095) | (LastSameByte << 12));
+  size_t Idx = I * 8;
+  if (I < Len && A1[I])
+    Idx += __builtin_popcountl((A1[I] ^ A2[I])) - 1;
+  VP.AddValue((PC & 4095) | (Idx << 12));
 }
 
 ATTRIBUTE_TARGET_POPCNT
diff --git a/llvm/lib/Fuzzer/test/value-profile-mem.test b/llvm/lib/Fuzzer/test/value-profile-mem.test
index 60cc67f..059fec8 100644
--- a/llvm/lib/Fuzzer/test/value-profile-mem.test
+++ b/llvm/lib/Fuzzer/test/value-profile-mem.test
@@ -1,4 +1,4 @@
 CHECK: BINGO
-RUN: not LLVMFuzzer-SingleMemcmpTest -seed=1 -use_memcmp=0 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s
-RUN: not LLVMFuzzer-SingleStrcmpTest -seed=1 -use_memcmp=0 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s
-RUN: not LLVMFuzzer-SingleStrncmpTest -seed=1 -use_memcmp=0 -use_value_profile=1 -runs=10000000 2>&1 | FileCheck %s
+RUN: not LLVMFuzzer-SingleMemcmpTest -seed=1 -use_memcmp=0 -use_value_profile=1 -runs=1000000 2>&1 | FileCheck %s
+RUN: not LLVMFuzzer-SingleStrcmpTest -seed=1 -use_memcmp=0 -use_value_profile=1 -runs=1000000 2>&1 | FileCheck %s
+RUN: not LLVMFuzzer-SingleStrncmpTest -seed=1 -use_memcmp=0 -use_value_profile=1 -runs=1000000 2>&1 | FileCheck %s
-- 
2.7.4