This is an archive of the discontinued LLVM Phabricator instance.

Differential D94508

Add functions to encode/decode feature files
AbandonedPublic

Authored by aarongreen on Jan 12 2021, 9:23 AM.

Details

Reviewers
morehouse
kcc
charco
Summary

This change adds EncodeFeatures and DecodeFeatures to FuzzerFork. These are fairly vacuous in this change: features files are simply sorted lists of unsigned, 32 bit integers. The addition of these methods and their associated tests helps encapsulate the feature file format, allowing subsequent changes to it.

This is change 3 of (at least) 18 for cross-process fuzzing support

Diff Detail

Event Timeline

aarongreen created this revision.Jan 12 2021, 9:23 AM
Herald added a subscriber: mgorny. · View Herald TranscriptJan 12 2021, 9:23 AM
aarongreen requested review of this revision.Jan 12 2021, 9:23 AM
Herald added a project: Restricted Project. · View Herald TranscriptJan 12 2021, 9:23 AM
Herald added a subscriber: Restricted Project. · View Herald Transcript
Harbormaster completed remote builds in B84849: Diff 316125.Jan 12 2021, 9:27 AM
charco added inline comments.Jan 20 2021, 6:58 PM
compiler-rt/lib/fuzzer/FuzzerFork.cpp
199

What happens if the features here are not sorted?

compiler-rt/lib/fuzzer/FuzzerFork.h
19

empty line

compiler-rt/lib/fuzzer/tests/FuzzerUnittest.cpp
1313

Why did you have to add this?

aarongreen added inline comments.Feb 3 2021, 11:14 AM
compiler-rt/lib/fuzzer/FuzzerFork.cpp
199

DecodeFeatures will return false, and the FeatureFile will be skipped. This shouldn't happen if EncodeFeatures was used to write the FeatureFile in the first place.

compiler-rt/lib/fuzzer/FuzzerFork.h
19

Intentional. Most of the header files have a blank lines separating the 'namespace' lines from other code, and clang-format allows it.

compiler-rt/lib/fuzzer/tests/FuzzerUnittest.cpp
1313

In this change, the rationale is to ensure srand(0) is called and the tests using pseudorandom values are deterministic. Unit tests should *always* be deterministic!

Later, this is reused to instantiate the fuzzer::EF global in a way that prevents heap use-after-frees when running with --gtest_repeat=N for N > 1. The unit tests were broken when using this feature, but repeating tests was absolutely critical to hunting down flake in later changes adding the IPC layer.

morehouse accepted this revision.Feb 4 2021, 8:38 AM
morehouse added inline comments.
compiler-rt/lib/fuzzer/tests/FuzzerTestUtil.h
44
67

Nit: Let's use a single naming convention, either "Stop" or "End"

compiler-rt/lib/fuzzer/tests/FuzzerUnittest.cpp
702

What does EXPECT_NO_FATAL_FAILURE do here? How is this line different from just CheckEncodedFeatures(...)?

This revision is now accepted and ready to land.Feb 4 2021, 8:38 AM
aarongreen updated this revision to Diff 321575.Feb 4 2021, 3:02 PM
aarongreen marked an inline comment as done.

Address morehouse's comments.

compiler-rt/lib/fuzzer/tests/FuzzerUnittest.cpp
702

This is me juggling too many changes simultaneously. When the features files become DSO-relative, CheckEncodedFeatures gets a few ASSERT_...(...) statements. Until then, you are correct, these aren't needed.

aarongreen added a child revision: D94509: Add fuzzer::DSORelativeValues.Feb 5 2021, 9:05 AM
aarongreen added a parent revision: D94507: Bugfix for collecting features from very small DSOs..
aarongreen updated this revision to Diff 332315.Mar 22 2021, 9:08 AM
aarongreen marked 2 inline comments as done.
Harbormaster completed remote builds in B95010: Diff 332315.Mar 22 2021, 10:50 AM
aarongreen mentioned this in D94512: Add ModuleInfo to TracePC.Mar 31 2021, 11:36 AM
aarongreen mentioned this in D94510: Tweak SimpleFastHash.Mar 31 2021, 11:39 AM
aarongreen abandoned this revision.Sep 1 2021, 9:06 AM
aarongreen marked an inline comment as done.

Multiprocess fuzzing will not be supported by the libFuzzer maintainers. Fuchsia has implemented a new approach with their Component Fuzzing Framework (RFC-117).

Revision Contents

PathSize
compiler-rt/
lib/
fuzzer/
7 lines
32 lines
10 lines
tests/
2 lines
75 lines
96 lines

Diff 332315

compiler-rt/lib/fuzzer/FuzzerFork.h

Show All 10 Lines
#include "FuzzerDefs.h" #include "FuzzerDefs.h"
#include "FuzzerOptions.h" #include "FuzzerOptions.h"
#include "FuzzerRandom.h" #include "FuzzerRandom.h"
#include <string> #include <string>
namespace fuzzer { namespace fuzzer {
charcoUnsubmitted
Not Done
ReplyInline Actions

empty line

charco: empty line
aarongreenAuthorUnsubmitted
Done
ReplyInline Actions

Intentional. Most of the header files have a blank lines separating the 'namespace' lines from other code, and clang-format allows it.

aarongreen: Intentional. Most of the header files have a blank lines separating the 'namespace' lines from…
void FuzzWithFork(Random &Rand, const FuzzingOptions &Options, void FuzzWithFork(Random &Rand, const FuzzingOptions &Options,
const Vector<std::string> &Args, const Vector<std::string> &Args,
const Vector<std::string> &CorpusDirs, int NumJobs); const Vector<std::string> &CorpusDirs, int NumJobs);
void EncodeFeatures(const Vector<uint32_t> &Features,
Vector<uint32_t> *Encoded);
bool DecodeFeatures(const Vector<uint32_t> &Encoded,
Vector<uint32_t> *Features);
} // namespace fuzzer } // namespace fuzzer
#endif // LLVM_FUZZER_FORK_H #endif // LLVM_FUZZER_FORK_H

compiler-rt/lib/fuzzer/FuzzerFork.cpp

Show First 20 LinesShow All 187 Lines▼ Show 20 Lines void RunOneMergeJob(FuzzJob *Job) {
// Choose only those inputs that have new features. // Choose only those inputs that have new features.
GetSizedFilesFromDir(Job->CorpusDir, &TempFiles); GetSizedFilesFromDir(Job->CorpusDir, &TempFiles);
std::sort(TempFiles.begin(), TempFiles.end()); std::sort(TempFiles.begin(), TempFiles.end());
for (auto &F : TempFiles) { for (auto &F : TempFiles) {
auto FeatureFile = F.File; auto FeatureFile = F.File;
FeatureFile.replace(0, Job->CorpusDir.size(), Job->FeaturesDir); FeatureFile.replace(0, Job->CorpusDir.size(), Job->FeaturesDir);
auto FeatureBytes = FileToVector(FeatureFile, 0, false); auto FeatureBytes = FileToVector(FeatureFile, 0, false);
assert((FeatureBytes.size() % sizeof(uint32_t)) == 0); assert((FeatureBytes.size() % sizeof(uint32_t)) == 0);
Vector<uint32_t> NewFeatures(FeatureBytes.size() / sizeof(uint32_t)); Vector<uint32_t> Encoded(FeatureBytes.size() / sizeof(uint32_t));
memcpy(NewFeatures.data(), FeatureBytes.data(), FeatureBytes.size()); memcpy(Encoded.data(), FeatureBytes.data(), FeatureBytes.size());
for (auto Ft : NewFeatures) { Vector<uint32_t> NewFeatures;
if (!Features.count(Ft)) { if (DecodeFeatures(Encoded, &NewFeatures))
charcoUnsubmitted
Not Done
ReplyInline Actions

What happens if the features here are not sorted?

charco: What happens if the features here are not sorted?
aarongreenAuthorUnsubmitted
Done
ReplyInline Actions

DecodeFeatures will return false, and the FeatureFile will be skipped. This shouldn't happen if EncodeFeatures was used to write the FeatureFile in the first place.

aarongreen: DecodeFeatures will return false, and the FeatureFile will be skipped. This shouldn't happen if…
if (!std::includes(Features.begin(), Features.end(),
NewFeatures.begin(), NewFeatures.end()))
MergeCandidates.push_back(F); MergeCandidates.push_back(F);
break;
}
}
} }
// if (!FilesToAdd.empty() || Job->ExitCode != 0) // if (!FilesToAdd.empty() || Job->ExitCode != 0)
Printf("#%zd: cov: %zd ft: %zd corp: %zd exec/s %zd " Printf("#%zd: cov: %zd ft: %zd corp: %zd exec/s %zd "
"oom/timeout/crash: %zd/%zd/%zd time: %zds job: %zd dft_time: %d\n", "oom/timeout/crash: %zd/%zd/%zd time: %zds job: %zd dft_time: %d\n",
NumRuns, Cov.size(), Features.size(), Files.size(), NumRuns, Cov.size(), Features.size(), Files.size(),
Stats.average_exec_per_sec, NumOOMs, NumTimeouts, NumCrashes, Stats.average_exec_per_sec, NumOOMs, NumTimeouts, NumCrashes,
secondsSinceProcessStartUp(), Job->JobId, Job->DftTimeInSeconds); secondsSinceProcessStartUp(), Job->JobId, Job->DftTimeInSeconds);
▲ Show 20 LinesShow All 198 Lines▼ Show 20 Linesvoid FuzzWithFork(Random &Rand, const FuzzingOptions &Options,
RmDirRecursive(Env.TempDir); RmDirRecursive(Env.TempDir);
// Use the exit code from the last child process. // Use the exit code from the last child process.
Printf("INFO: exiting: %d time: %zds\n", ExitCode, Printf("INFO: exiting: %d time: %zds\n", ExitCode,
Env.secondsSinceProcessStartUp()); Env.secondsSinceProcessStartUp());
exit(ExitCode); exit(ExitCode);
} }
void EncodeFeatures(const Vector<uint32_t> &Features,
Vector<uint32_t> *Encoded) {
assert(Encoded);
Encoded->clear();
Encoded->resize(Features.size());
std::partial_sort_copy(Features.begin(), Features.end(), Encoded->begin(),
Encoded->end());
}
bool DecodeFeatures(const Vector<uint32_t> &Encoded,
Vector<uint32_t> *Features) {
assert(Features);
if (!std::is_sorted(Encoded.begin(), Encoded.end()))
return false;
Features->clear();
Features->insert(Features->end(), Encoded.begin(), Encoded.end());
return true;
}
} // namespace fuzzer } // namespace fuzzer

compiler-rt/lib/fuzzer/FuzzerLoop.cpp

//===- FuzzerLoop.cpp - Fuzzer's main loop --------------------------------===// //===- FuzzerLoop.cpp - Fuzzer's main loop --------------------------------===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// Fuzzer's main loop. // Fuzzer's main loop.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "FuzzerCorpus.h" #include "FuzzerCorpus.h"
#include "FuzzerFork.h"
#include "FuzzerIO.h" #include "FuzzerIO.h"
#include "FuzzerInternal.h" #include "FuzzerInternal.h"
#include "FuzzerMutate.h" #include "FuzzerMutate.h"
#include "FuzzerPlatform.h" #include "FuzzerPlatform.h"
#include "FuzzerRandom.h" #include "FuzzerRandom.h"
#include "FuzzerTracePC.h" #include "FuzzerTracePC.h"
#include <algorithm> #include <algorithm>
#include <cstring> #include <cstring>
▲ Show 20 LinesShow All 427 Lines▼ Show 20 Lines if (TimeOfUnit > Threshhold && TimeOfUnit >= Options.ReportSlowUnits) {
Printf("Slowest unit: %zd s:\n", TimeOfLongestUnitInSeconds); Printf("Slowest unit: %zd s:\n", TimeOfLongestUnitInSeconds);
WriteUnitToFileWithPrefix({Data, Data + Size}, "slow-unit-"); WriteUnitToFileWithPrefix({Data, Data + Size}, "slow-unit-");
} }
} }
static void WriteFeatureSetToFile(const std::string &FeaturesDir, static void WriteFeatureSetToFile(const std::string &FeaturesDir,
const std::string &FileName, const std::string &FileName,
const Vector<uint32_t> &FeatureSet) { const Vector<uint32_t> &FeatureSet) {
if (FeaturesDir.empty() || FeatureSet.empty()) return; if (FeaturesDir.empty() || FeatureSet.empty())
WriteToFile(reinterpret_cast<const uint8_t *>(FeatureSet.data()), return;
FeatureSet.size() * sizeof(FeatureSet[0]), Vector<uint32_t> Encoded;
EncodeFeatures(FeatureSet, &Encoded);
WriteToFile(reinterpret_cast<const uint8_t *>(Encoded.data()),
Encoded.size() * sizeof(Encoded[0]),
DirPlusFile(FeaturesDir, FileName)); DirPlusFile(FeaturesDir, FileName));
} }
static void RenameFeatureSetFile(const std::string &FeaturesDir, static void RenameFeatureSetFile(const std::string &FeaturesDir,
const std::string &OldFile, const std::string &OldFile,
const std::string &NewFile) { const std::string &NewFile) {
if (FeaturesDir.empty()) return; if (FeaturesDir.empty()) return;
RenameFile(DirPlusFile(FeaturesDir, OldFile), RenameFile(DirPlusFile(FeaturesDir, OldFile),
▲ Show 20 LinesShow All 460 LinesShow Last 20 Lines

compiler-rt/lib/fuzzer/tests/CMakeLists.txt

Show First 20 LinesShow All 67 Lines▼ Show 20 Lines if(CMAKE_SYSTEM_NAME STREQUAL "Linux" AND
set(LIBFUZZER_TEST_RUNTIME_LINK_FLAGS ${LIBCXX_${arch}_PREFIX}/lib/libc++.a) set(LIBFUZZER_TEST_RUNTIME_LINK_FLAGS ${LIBCXX_${arch}_PREFIX}/lib/libc++.a)
endif() endif()
set(FuzzerTestObjects) set(FuzzerTestObjects)
generate_compiler_rt_tests(FuzzerTestObjects generate_compiler_rt_tests(FuzzerTestObjects
FuzzerUnitTests "Fuzzer-${arch}-Test" ${arch} FuzzerUnitTests "Fuzzer-${arch}-Test" ${arch}
SOURCES FuzzerUnittest.cpp ${COMPILER_RT_GTEST_SOURCE} SOURCES FuzzerUnittest.cpp ${COMPILER_RT_GTEST_SOURCE}
RUNTIME ${LIBFUZZER_TEST_RUNTIME} RUNTIME ${LIBFUZZER_TEST_RUNTIME}
DEPS gtest ${LIBFUZZER_TEST_RUNTIME_DEPS} DEPS gtest ${LIBFUZZER_TEST_RUNTIME_DEPS} FuzzerTestUtil.h
CFLAGS ${LIBFUZZER_UNITTEST_CFLAGS} ${LIBFUZZER_TEST_RUNTIME_CFLAGS} CFLAGS ${LIBFUZZER_UNITTEST_CFLAGS} ${LIBFUZZER_TEST_RUNTIME_CFLAGS}
LINK_FLAGS ${LIBFUZZER_UNITTEST_LINK_FLAGS} ${LIBFUZZER_TEST_RUNTIME_LINK_FLAGS}) LINK_FLAGS ${LIBFUZZER_UNITTEST_LINK_FLAGS} ${LIBFUZZER_TEST_RUNTIME_LINK_FLAGS})
set_target_properties(FuzzerUnitTests PROPERTIES set_target_properties(FuzzerUnitTests PROPERTIES
RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}) RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR})
set(FuzzedDataProviderTestObjects) set(FuzzedDataProviderTestObjects)
generate_compiler_rt_tests(FuzzedDataProviderTestObjects generate_compiler_rt_tests(FuzzedDataProviderTestObjects
FuzzedDataProviderUnitTests "FuzzerUtils-${arch}-Test" ${arch} FuzzedDataProviderUnitTests "FuzzerUtils-${arch}-Test" ${arch}
SOURCES FuzzedDataProviderUnittest.cpp ${COMPILER_RT_GTEST_SOURCE} SOURCES FuzzedDataProviderUnittest.cpp ${COMPILER_RT_GTEST_SOURCE}
DEPS gtest ${LIBFUZZER_TEST_RUNTIME_DEPS} ${COMPILER_RT_SOURCE_DIR}/include/fuzzer/FuzzedDataProvider.h DEPS gtest ${LIBFUZZER_TEST_RUNTIME_DEPS} ${COMPILER_RT_SOURCE_DIR}/include/fuzzer/FuzzedDataProvider.h
CFLAGS ${LIBFUZZER_UNITTEST_CFLAGS} ${LIBFUZZER_TEST_RUNTIME_CFLAGS} CFLAGS ${LIBFUZZER_UNITTEST_CFLAGS} ${LIBFUZZER_TEST_RUNTIME_CFLAGS}
LINK_FLAGS ${LIBFUZZER_UNITTEST_LINK_FLAGS} ${LIBFUZZER_TEST_RUNTIME_LINK_FLAGS}) LINK_FLAGS ${LIBFUZZER_UNITTEST_LINK_FLAGS} ${LIBFUZZER_TEST_RUNTIME_LINK_FLAGS})
set_target_properties(FuzzedDataProviderUnitTests PROPERTIES set_target_properties(FuzzedDataProviderUnitTests PROPERTIES
RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}) RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR})
endif() endif()

compiler-rt/lib/fuzzer/tests/FuzzerTestUtil.h

  • This file was added.
//===- FuzzerTestUtil.h -----------------------------------------*- C++ -* ===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
// Test support shared between unit tests.
//===----------------------------------------------------------------------===//
#ifndef LLVM_FUZZER_TEST_UTIL_H
#define LLVM_FUZZER_TEST_UTIL_H
#include "FuzzerTracePC.h"
#include "gtest/gtest.h"
Lint: Pre-merge checks
Inline Actions

clang-tidy: warning: #includes are not sorted properly [llvm-include-order]
not useful
clang-tidy: error: 'gtest/gtest.h' file not found [clang-diagnostic-error]
not useful
clang-tidy: error: 'gtest/gtest.h' file not found [clang-diagnostic-error]
not useful

Lint: Pre-merge checks: clang-tidy: warning: #includes are not sorted properly [llvm-include-order] [[https://github.
#include <cstddef>
#include <cstdint>
#include <initializer_list>
#include <memory>
#include <vector>
namespace fuzzer {
// Helper environment to ensure that:
// * The PRNG is seeded deterministically.
class TestEnvironment : public testing::Environment {
public:
void SetUp() override { srand(0); }
};
// Test utilities for picking repeatable psuedorandom numbers.
template <typename T>
typename std::enable_if<std::is_integral<T>::value, T>::type Pick() {
return static_cast<T>(rand() & std::numeric_limits<T>::max());
}
template <typename T>
typename std::enable_if<std::is_floating_point<T>::value, T>::type Pick() {
auto AbsVal = static_cast<T>(rand()) / static_cast<T>(RAND_MAX);
return rand() % 2 ? -AbsVal : AbsVal;
}
// Helper struct for creating coverage data for unit tests. Note that once
// memory is added to the fuzzer::TracePC singleton, that object will assume it
morehouseUnsubmitted
Done
ReplyInline Actions
return rand() % 2 ? -AbsVal : AbsVal;
}
- // Helper struct for creating covergae data for unit tests. Note that once
+ // Helper struct for creating coverage data for unit tests. Note that once
// memory is added to the fuzzer::TracePC singleton, that object will assume it
morehouse:
// is valid for its lifetime, i.e. the remainder of the process. This can cause
// issues if unit tests are repeated, i.e. -gtest_repeat=<n>. Avoid this by
// declaring the FakeModule static within the test that adds it to the coverage.
template <size_t N> struct FakeModule final {
public:
uint8_t Counters[N];
uintptr_t PCs[N * 2];
const size_t NumPCs = N;
FakeModule() {
memset(Counters, 0, sizeof(Counters));
auto *TE = GetPCTableEntries();
uintptr_t PC = Pick<uintptr_t>() & ((1ULL << 48) - 1);
for (size_t i = 0; i < N; ++i) {
TE[i].PC = PC;
TE[i].PCFlags = i == 0 || (rand() % 16) == 0;
PC += Pick<uint16_t>();
}
}
uint8_t *CountersEnd() { return Counters + N; }
uintptr_t *PCsEnd() { return PCs + (N * 2); }
morehouseUnsubmitted
Done
ReplyInline Actions

Nit: Let's use a single naming convention, either "Stop" or "End"

morehouse: Nit: Let's use a single naming convention, either "Stop" or "End"
TracePC::PCTableEntry *GetPCTableEntries() {
return reinterpret_cast<TracePC::PCTableEntry *>(PCs);
}
};
} // namespace fuzzer
#endif // LLVM_FUZZER_TEST_UTIL_H

compiler-rt/lib/fuzzer/tests/FuzzerUnittest.cpp

// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// Avoid ODR violations (LibFuzzer is built without ASan and this test is built // Avoid ODR violations (LibFuzzer is built without ASan and this test is built
// with ASan) involving C++ standard library types when using libcxx. // with ASan) involving C++ standard library types when using libcxx.
#define _LIBCPP_HAS_NO_ASAN #define _LIBCPP_HAS_NO_ASAN
// Do not attempt to use LLVM ostream etc from gtest. // Do not attempt to use LLVM ostream etc from gtest.
#define GTEST_NO_LLVM_SUPPORT 1 #define GTEST_NO_LLVM_SUPPORT 1
#include "FuzzerCorpus.h" #include "FuzzerCorpus.h"
#include "FuzzerDictionary.h" #include "FuzzerDictionary.h"
#include "FuzzerFork.h"
#include "FuzzerInternal.h" #include "FuzzerInternal.h"
#include "FuzzerMerge.h" #include "FuzzerMerge.h"
#include "FuzzerMutate.h" #include "FuzzerMutate.h"
#include "FuzzerRandom.h" #include "FuzzerRandom.h"
#include "FuzzerTracePC.h" #include "FuzzerTracePC.h"
#include "tests/FuzzerTestUtil.h"
#include "gtest/gtest.h" #include "gtest/gtest.h"
#include <memory> #include <memory>
#include <set> #include <set>
#include <sstream> #include <sstream>
using namespace fuzzer; using namespace fuzzer;
// For now, have LLVMFuzzerTestOneInput just to make it link. // For now, have LLVMFuzzerTestOneInput just to make it link.
▲ Show 20 LinesShow All 604 Lines▼ Show 20 Lines
} }
#define TRACED_EQ(A, ...) \ #define TRACED_EQ(A, ...) \
{ \ { \
SCOPED_TRACE(#A); \ SCOPED_TRACE(#A); \
EQ(A, __VA_ARGS__); \ EQ(A, __VA_ARGS__); \
} }
template <size_t N>
void CheckEncodedFeatures(FakeModule<N> &M, bool UseCounters) {
// Ensure the module has been added to the TracePC
auto *B = reinterpret_cast<const TracePC::PCTableEntry *>(M.PCs);
uintptr_t Idx = 0;
while (true) {
auto *TE = TPC.PCTableEntryByIdx(Idx);
if (!TE) {
TPC.HandlePCsInit(M.PCs, M.PCsEnd());
TPC.HandleInline8bitCountersInit(M.Counters, M.CountersEnd());
break;
}
if (TE == B)
break;
++Idx;
}
// Generate the sequence of relative encoded features for the given module.
Vector<uint32_t> Expected;
auto FirstFeature = Idx * 8;
for (size_t i = 0; i < M.NumPCs; ++i) {
if (M.Counters[i]) {
if (UseCounters) {
Expected.push_back(FirstFeature + i * 8 +
CounterToFeature(M.Counters[i]));
} else {
Expected.push_back(FirstFeature + i);
}
}
++Idx;
}
// Now get the actual encoded features, and look for the expected ones.
Vector<uint32_t> Features, Actual;
TPC.CollectFeatures(
[&](size_t F) { Features.push_back(static_cast<uint32_t>(F)); });
EncodeFeatures(Features, &Actual);
auto I = std::search(Actual.begin(), Actual.end(), Expected.begin(),
Expected.end());
EXPECT_NE(I, Actual.end());
}
TEST(FuzzerFork, EncodeFeatures) {
TPC.SetUseCounters(0);
TPC.SetUseValueProfileMask(0);
TPC.RecordInitialStack();
TPC.ResetMaps();
// Add a module. It will be added to TPC, so make it static to allow the test
// to be run multiple times.
static FakeModule<4> M1;
M1.Counters[0] = 3;
M1.Counters[1] = 2;
M1.Counters[2] = 1;
M1.Counters[3] = 0; // Not encoded.
CheckEncodedFeatures(M1, /* UseCounters */ false);
// Add a second module. This time, use counters.
TPC.SetUseCounters(1);
static FakeModule<9> M2;
M2.Counters[0] = 0; // Not encoded.
morehouseUnsubmitted
Done
ReplyInline Actions

What does EXPECT_NO_FATAL_FAILURE do here? How is this line different from just CheckEncodedFeatures(...)?

morehouse: What does `EXPECT_NO_FATAL_FAILURE` do here? How is this line different from just…
aarongreenAuthorUnsubmitted
Done
ReplyInline Actions

This is me juggling too many changes simultaneously. When the features files become DSO-relative, CheckEncodedFeatures gets a few ASSERT_...(...) statements. Until then, you are correct, these aren't needed.

aarongreen: This is me juggling too many changes simultaneously. When the features files become DSO…
M2.Counters[1] = 1;
M2.Counters[2] = 2;
M2.Counters[3] = 3;
M2.Counters[4] = 4;
M2.Counters[5] = 8;
M2.Counters[6] = 16;
M2.Counters[7] = 32;
M2.Counters[8] = 128;
CheckEncodedFeatures(M2, /* UseCounters */ true);
}
TEST(FuzzerFork, DecodeFeatures) {
Vector<uint32_t> A;
// Empty input
EXPECT_TRUE(DecodeFeatures({}, &A));
TRACED_EQ(A, {});
// Not sorted
EXPECT_FALSE(DecodeFeatures({3, 2}, &A));
TRACED_EQ(A, {});
// Valid
EXPECT_TRUE(DecodeFeatures({2, 3}, &A));
TRACED_EQ(A, {2, 3});
// Multiple valid modules.
EXPECT_TRUE(DecodeFeatures({2, 3, 4, 5, 6}, &A));
TRACED_EQ(A, {2, 3, 4, 5, 6});
}
TEST(Merger, Parse) { TEST(Merger, Parse) {
Merger M; Merger M;
const char *kInvalidInputs[] = { const char *kInvalidInputs[] = {
// Bad file numbers // Bad file numbers
"", "",
"x", "x",
"0\n0", "0\n0",
▲ Show 20 LinesShow All 563 Lines▼ Show 20 LinesTEST(Entropic, ComputeEnergy) {
II->FeatureFreqs.push_back(std::pair<uint32_t, uint16_t>(42, 6)); II->FeatureFreqs.push_back(std::pair<uint32_t, uint16_t>(42, 6));
II->NumExecutedMutations = 20; II->NumExecutedMutations = 20;
II->UpdateEnergy(10, false, std::chrono::microseconds(0)); II->UpdateEnergy(10, false, std::chrono::microseconds(0));
EXPECT_LT(SubAndSquare(II->Energy, 1.792831), Precision); EXPECT_LT(SubAndSquare(II->Energy, 1.792831), Precision);
} }
int main(int argc, char **argv) { int main(int argc, char **argv) {
testing::InitGoogleTest(&argc, argv); testing::InitGoogleTest(&argc, argv);
testing::AddGlobalTestEnvironment(new fuzzer::TestEnvironment());
charcoUnsubmitted
Done
ReplyInline Actions

Why did you have to add this?

charco: Why did you have to add this?
aarongreenAuthorUnsubmitted
Done
ReplyInline Actions

In this change, the rationale is to ensure srand(0) is called and the tests using pseudorandom values are deterministic. Unit tests should *always* be deterministic!

Later, this is reused to instantiate the fuzzer::EF global in a way that prevents heap use-after-frees when running with --gtest_repeat=N for N > 1. The unit tests were broken when using this feature, but repeating tests was absolutely critical to hunting down flake in later changes adding the IPC layer.

aarongreen: In this change, the rationale is to ensure srand(0) is called and the tests using pseudorandom…
return RUN_ALL_TESTS(); return RUN_ALL_TESTS();
} }