This is an archive of the discontinued LLVM Phabricator instance.

Differential D14537

sanitizer: speedup coverage by 33%
ClosedPublic

Authored by dvyukov on Nov 10 2015, 4:25 AM.

Details

Reviewers
kcc
Summary

Atomic RMW is not necessary in InitializeGuardArray. It is supposed to run when no user code runs. And if user code runs concurrently, then the atomic RMW won't help anyway. So replace it with non-atomic RMW.

InitializeGuardArray takes more than 50% of time during re2 fuzzing:

real 0m47.215s
51.56% a.out a.out [.] __sanitizer_reset_coverage

6.68%  a.out  a.out                [.] __sanitizer_cov
3.41%  a.out  a.out                [.] __sanitizer::internal_bzero_aligned16(void*, unsigned long)
1.79%  a.out  a.out                [.] __asan::Allocator::Allocate(unsigned long, unsigned long,

With this change:

real 0m31.661s
26.21% a.out a.out [.] sanitizer_reset_coverage
10.12% a.out a.out [.] sanitizer_cov

5.38%  a.out  a.out                [.] __sanitizer::internal_bzero_aligned16(void*, unsigned long)
2.53%  a.out  a.out                [.] __asan::Allocator::Allocate(unsigned long, unsigned long,

That's 33% speedup.

Diff Detail

Event Timeline

dvyukov updated this revision to Diff 39803.Nov 10 2015, 4:25 AM
dvyukov retitled this revision from to sanitizer: speedup coverage by 33%.
dvyukov updated this object.
dvyukov added a reviewer: kcc.
dvyukov added a subscriber: llvm-commits.
kcc accepted this revision.Nov 10 2015, 1:32 PM
kcc edited edge metadata.

LGTM, thanks!

But how do you do "re2 fuzzing"?

This revision is now accepted and ready to land.Nov 10 2015, 1:32 PM
dvyukov added a comment.Nov 10 2015, 1:44 PM

I've used the following program as fuzzer approximation:

#include <stdio.h>
#include <stdint.h>
#include <re2/re2.h>
#include <sqlite/sqlite3.h>
#include <sanitizer/coverage_interface.h>

uint8_t bitset[1<<24];

int main() {

for (int i = 0; i < 100000; i++) {
        if (!RE2::PartialMatch("hello", "h.*o")) {
                sqlite3_open_v2(0, 0, 0, 0);
                printf("X");
        }
        __sanitizer_reset_coverage();
}

}

re2 is on commit 7925aaabefbb594a45b500146c1d29da70da0c12 + sqlite3 amalgamation 3.9.2 linked in.

Then built it with -fsanitize=address -fno-omit-frame-pointer -fsanitize-coverage=edge.

kcc added a comment.Nov 10 2015, 1:47 PM

got it, I did not realize you are using __sanitizer_reset_coverage

dvyukov closed this revision.Nov 11 2015, 1:39 AM

submitted in 252715

Revision Contents

PathSize
lib/
sanitizer_common/
3 lines

Diff 39803

lib/sanitizer_common/sanitizer_coverage_libcdep.cc

Show First 20 LinesShow All 220 Lines▼ Show 20 Linesvoid CoverageData::Enable() {
num_8bit_counters = 0; num_8bit_counters = 0;
} }
void CoverageData::InitializeGuardArray(s32 *guards) { void CoverageData::InitializeGuardArray(s32 *guards) {
Enable(); // Make sure coverage is enabled at this point. Enable(); // Make sure coverage is enabled at this point.
s32 n = guards[0]; s32 n = guards[0];
for (s32 j = 1; j <= n; j++) { for (s32 j = 1; j <= n; j++) {
uptr idx = atomic_fetch_add(&pc_array_index, 1, memory_order_relaxed); uptr idx = atomic_load_relaxed(&pc_array_index);
atomic_store_relaxed(&pc_array_index, idx + 1);
guards[j] = -static_cast<s32>(idx + 1); guards[j] = -static_cast<s32>(idx + 1);
} }
} }
void CoverageData::Disable() { void CoverageData::Disable() {
if (pc_array) { if (pc_array) {
UnmapOrDie(pc_array, sizeof(uptr) * kPcArrayMaxSize); UnmapOrDie(pc_array, sizeof(uptr) * kPcArrayMaxSize);
pc_array = nullptr; pc_array = nullptr;
▲ Show 20 LinesShow All 714 LinesShow Last 20 Lines