diff options
| author | Max Moroz <mmoroz@chromium.org> | 2018-08-29 21:53:15 +0000 |
|---|---|---|
| committer | Max Moroz <mmoroz@chromium.org> | 2018-08-29 21:53:15 +0000 |
| commit | 9bf9f89d6293e8a66257a1a6ea1c5a2a2f3e7f11 (patch) | |
| tree | 6955888375f828aa115a09a117b2e30d0c0d115f /lib/fuzzer/FuzzerLoop.cpp | |
| parent | a327fdf5f39ff1c09a67a7fb4519a406a0fcae64 (diff) | |
| download | compiler-rt-9bf9f89d6293e8a66257a1a6ea1c5a2a2f3e7f11.tar.gz | |
[libFuzzer] Remove mutation stats and weighted mutation selection.
Summary:
This was an experimental feature. After evaluating it with:
1) https://github.com/google/fuzzer-test-suite/tree/master/engine-comparison
2) enabling on real world fuzz targets running at ClusterFuzz and OSS-Fuzz
The following conclusions were made:
1) With fuzz targets that have reached a code coverage plateau, the feature does
not improve libFuzzer's ability to discover new coverage and may actually
negatively impact it.
2) With fuzz targets that have not yet reached a code coverage plateau, the
feature might speed up new units discovery in some cases, but it is quite
rare and hard to confirm with a high level on confidence.
Revert of https://reviews.llvm.org/D48054 and https://reviews.llvm.org/D49621.
Reviewers: metzman, morehouse
Reviewed By: metzman, morehouse
Subscribers: delcypher, #sanitizers, llvm-commits, kcc
Differential Revision: https://reviews.llvm.org/D51455
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@340976 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/fuzzer/FuzzerLoop.cpp')
| -rw-r--r-- | lib/fuzzer/FuzzerLoop.cpp | 5 |
1 files changed, 0 insertions, 5 deletions
diff --git a/lib/fuzzer/FuzzerLoop.cpp b/lib/fuzzer/FuzzerLoop.cpp index c7b13d1e5..7b98f55ae 100644 --- a/lib/fuzzer/FuzzerLoop.cpp +++ b/lib/fuzzer/FuzzerLoop.cpp @@ -38,7 +38,6 @@ namespace fuzzer { static const size_t kMaxUnitSizeToPrint = 256; -static const size_t kUpdateMutationWeightRuns = 10000; thread_local bool Fuzzer::IsMyThread; @@ -361,7 +360,6 @@ void Fuzzer::PrintFinalStats() { TPC.DumpCoverage(); if (Options.PrintCorpusStats) Corpus.PrintStats(); - if (Options.PrintMutationStats) MD.PrintMutationStats(); if (!Options.PrintFinalStats) return; size_t ExecPerSec = execPerSec(); @@ -550,9 +548,6 @@ static bool LooseMemeq(const uint8_t *A, const uint8_t *B, size_t Size) { void Fuzzer::ExecuteCallback(const uint8_t *Data, size_t Size) { TPC.RecordInitialStack(); - if (Options.UseWeightedMutations && - TotalNumberOfRuns % kUpdateMutationWeightRuns == 0) - MD.UpdateDistribution(); TotalNumberOfRuns++; assert(InFuzzingThread()); if (SMR.IsClient()) |