This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
compiler-rt/lib/fuzzer/
-
lib/
-
fuzzer/
1/2
FuzzerMutate.cpp

Differential D101686

[libFuzzer] Preserve position hint in auto dictionary
ClosedPublic

Authored by fmeum on May 1 2021, 12:53 AM.

Download Raw Diff

Details

Reviewers

morehouse

Commits

rGb1048ff68298: [libFuzzer] Preserve position hint in auto dictionary

Summary

Currently, the position hint of an entry in the persistent auto
dictionary is fixed to 1. As a consequence, with a 50% chance, the entry
is applied right after the first byte of the input. As the position 1
does not appear to have any particular significance, this is likely a
bug that may have been caused by confusing the constructor parameter
with a success count.

This commit resolves the issue by preserving any existing position hint
or disabling the hint if the original entry didn't have one.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

fmeum requested review of this revision.May 1 2021, 12:53 AM

fmeum created this revision.

Herald added a project: Restricted Project. · View Herald TranscriptMay 1 2021, 12:53 AM

Herald added a subscriber: Restricted Project. · View Herald Transcript

fmeum added inline comments.May 1 2021, 12:57 AM

compiler-rt/lib/fuzzer/FuzzerMutate.cpp
484	Maybe this can even be replaced by: PersistentAutoDictionary.push_back(DE); Or does the word in the entry need to be copied here?

Harbormaster completed remote builds in B102088: Diff 342127.May 1 2021, 1:39 AM

Thanks for the bug fix!

compiler-rt/lib/fuzzer/FuzzerMutate.cpp
484	AFAICT, `DictionaryEntry` is POD, so yes let's just do `push_back(DE)` unconditionally.

Simplified the change by copying the DictionaryEntry POD.

Harbormaster completed remote builds in B102463: Diff 342648.May 3 2021, 11:15 PM

LGTM

This revision is now accepted and ready to land.May 4 2021, 8:49 AM

Closed by commit rGb1048ff68298: [libFuzzer] Preserve position hint in auto dictionary (authored by fmeum, committed by morehouse). · Explain WhyMay 4 2021, 9:07 AM

This revision was automatically updated to reflect the committed changes.

morehouse added a commit: rGb1048ff68298: [libFuzzer] Preserve position hint in auto dictionary.

Revision Contents

Path

Size

compiler-rt/

lib/

fuzzer/

FuzzerMutate.cpp

2 lines

Diff 342766

compiler-rt/lib/fuzzer/FuzzerMutate.cpp

	Show First 20 Lines • Show All 474 Lines • ▼ Show 20 Lines
	// Copy successful dictionary entries to PersistentAutoDictionary.			// Copy successful dictionary entries to PersistentAutoDictionary.
	void MutationDispatcher::RecordSuccessfulMutationSequence() {			void MutationDispatcher::RecordSuccessfulMutationSequence() {
	for (auto DE : CurrentDictionaryEntrySequence) {			for (auto DE : CurrentDictionaryEntrySequence) {
	// PersistentAutoDictionary.AddWithSuccessCountOne(DE);			// PersistentAutoDictionary.AddWithSuccessCountOne(DE);
	DE->IncSuccessCount();			DE->IncSuccessCount();
	assert(DE->GetW().size());			assert(DE->GetW().size());
	// Linear search is fine here as this happens seldom.			// Linear search is fine here as this happens seldom.
	if (!PersistentAutoDictionary.ContainsWord(DE->GetW()))			if (!PersistentAutoDictionary.ContainsWord(DE->GetW()))
	PersistentAutoDictionary.push_back({DE->GetW(), 1});			PersistentAutoDictionary.push_back(*DE);
	}			}
				fmeumAuthorUnsubmitted Done Reply Inline Actions Maybe this can even be replaced by: PersistentAutoDictionary.push_back(DE); Or does the word in the entry need to be copied here? fmeum: Maybe this can even be replaced by: ``` PersistentAutoDictionary.push_back(DE); ``` Or does…
				morehouseUnsubmitted Not Done Reply Inline Actions AFAICT, `DictionaryEntry` is POD, so yes let's just do `push_back(DE)` unconditionally. morehouse: AFAICT, `DictionaryEntry` is POD, so yes let's just do `push_back(DE)` unconditionally.
	}			}

	void MutationDispatcher::PrintRecommendedDictionary() {			void MutationDispatcher::PrintRecommendedDictionary() {
	Vector<DictionaryEntry> V;			Vector<DictionaryEntry> V;
	for (auto &DE : PersistentAutoDictionary)			for (auto &DE : PersistentAutoDictionary)
	if (!ManualDictionary.ContainsWord(DE.GetW()))			if (!ManualDictionary.ContainsWord(DE.GetW()))
	V.push_back(DE);			V.push_back(DE);
	if (V.empty()) return;			if (V.empty()) return;
	▲ Show 20 Lines • Show All 104 Lines • Show Last 20 Lines