Index: compiler-rt/trunk/lib/fuzzer/FuzzerDefs.h =================================================================== --- compiler-rt/trunk/lib/fuzzer/FuzzerDefs.h +++ compiler-rt/trunk/lib/fuzzer/FuzzerDefs.h @@ -176,12 +176,6 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback); -struct ScopedDoingMyOwnMemOrStr { - ScopedDoingMyOwnMemOrStr() { DoingMyOwnMemOrStr++; } - ~ScopedDoingMyOwnMemOrStr() { DoingMyOwnMemOrStr--; } - static int DoingMyOwnMemOrStr; -}; - inline uint8_t Bswap(uint8_t x) { return x; } inline uint16_t Bswap(uint16_t x) { return __builtin_bswap16(x); } inline uint32_t Bswap(uint32_t x) { return __builtin_bswap32(x); } @@ -191,6 +185,8 @@ uint8_t *ExtraCountersEnd(); void ClearExtraCounters(); +extern bool RunningUserCallback; + } // namespace fuzzer #endif // LLVM_FUZZER_DEFS_H Index: compiler-rt/trunk/lib/fuzzer/FuzzerDictionary.h =================================================================== --- compiler-rt/trunk/lib/fuzzer/FuzzerDictionary.h +++ compiler-rt/trunk/lib/fuzzer/FuzzerDictionary.h @@ -33,7 +33,6 @@ } bool operator==(const FixedWord &w) const { - ScopedDoingMyOwnMemOrStr scoped_doing_my_own_mem_os_str; return Size == w.Size && 0 == memcmp(Data, w.Data, Size); } Index: compiler-rt/trunk/lib/fuzzer/FuzzerInternal.h =================================================================== --- compiler-rt/trunk/lib/fuzzer/FuzzerInternal.h +++ compiler-rt/trunk/lib/fuzzer/FuzzerInternal.h @@ -118,7 +118,6 @@ uint8_t *CurrentUnitData = nullptr; std::atomic CurrentUnitSize; uint8_t BaseSha1[kSHA1NumBytes]; // Checksum of the base unit. - bool RunningCB = false; bool GracefulExitRequested = false; Index: compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp =================================================================== --- compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp +++ compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp @@ -43,6 +43,8 @@ SharedMemoryRegion SMR; +bool RunningUserCallback = false; + // Only one Fuzzer per process. static Fuzzer *F; @@ -243,7 +245,7 @@ } void Fuzzer::ExitCallback() { - if (!RunningCB) + if (!RunningUserCallback) return; // This exit did not come from the user callback if (EF->__sanitizer_acquire_crash_state && !EF->__sanitizer_acquire_crash_state()) @@ -277,7 +279,7 @@ if (!InFuzzingThread()) return; #endif - if (!RunningCB) + if (!RunningUserCallback) return; // We have not started running units yet. size_t Seconds = duration_cast(system_clock::now() - UnitStartTime).count(); @@ -451,9 +453,9 @@ ScopedEnableMsanInterceptorChecks S; UnitStartTime = system_clock::now(); TPC.ResetMaps(); - RunningCB = true; + RunningUserCallback = true; CB(Data, Size); - RunningCB = false; + RunningUserCallback = false; UnitStopTime = system_clock::now(); }; @@ -558,9 +560,9 @@ AllocTracer.Start(Options.TraceMalloc); UnitStartTime = system_clock::now(); TPC.ResetMaps(); - RunningCB = true; + RunningUserCallback = true; int Res = CB(DataCopy, Size); - RunningCB = false; + RunningUserCallback = false; UnitStopTime = system_clock::now(); (void)Res; assert(Res == 0); Index: compiler-rt/trunk/lib/fuzzer/FuzzerMutate.cpp =================================================================== --- compiler-rt/trunk/lib/fuzzer/FuzzerMutate.cpp +++ compiler-rt/trunk/lib/fuzzer/FuzzerMutate.cpp @@ -195,7 +195,6 @@ const void *Arg1Mutation, const void *Arg2Mutation, size_t ArgSize, const uint8_t *Data, size_t Size) { - ScopedDoingMyOwnMemOrStr scoped_doing_my_own_mem_os_str; bool HandleFirst = Rand.RandBool(); const void *ExistingBytes, *DesiredBytes; Word W; Index: compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.h =================================================================== --- compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.h +++ compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.h @@ -180,7 +180,6 @@ std::pair FocusFunction = {-1, -1}; // Module and PC IDs. - ValueBitMap ValueProfileMap; uintptr_t InitialStack; }; Index: compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.cpp =================================================================== --- compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.cpp +++ compiler-rt/trunk/lib/fuzzer/FuzzerTracePC.cpp @@ -39,8 +39,6 @@ TracePC TPC; -int ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr; - uint8_t *TracePC::Counters() const { return __sancov_trace_pc_guard_8bit_counters; } @@ -608,7 +606,7 @@ ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY void __sanitizer_weak_hook_memcmp(void *caller_pc, const void *s1, const void *s2, size_t n, int result) { - if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return; + if (!fuzzer::RunningUserCallback) return; if (result == 0) return; // No reason to mutate. if (n <= 1) return; // Not interesting. fuzzer::TPC.AddValueForMemcmp(caller_pc, s1, s2, n, /*StopAtZero*/false); @@ -617,7 +615,7 @@ ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY void __sanitizer_weak_hook_strncmp(void *caller_pc, const char *s1, const char *s2, size_t n, int result) { - if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return; + if (!fuzzer::RunningUserCallback) return; if (result == 0) return; // No reason to mutate. size_t Len1 = fuzzer::InternalStrnlen(s1, n); size_t Len2 = fuzzer::InternalStrnlen(s2, n); @@ -630,7 +628,7 @@ ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY void __sanitizer_weak_hook_strcmp(void *caller_pc, const char *s1, const char *s2, int result) { - if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return; + if (!fuzzer::RunningUserCallback) return; if (result == 0) return; // No reason to mutate. size_t N = fuzzer::InternalStrnlen2(s1, s2); if (N <= 1) return; // Not interesting. @@ -640,35 +638,35 @@ ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY void __sanitizer_weak_hook_strncasecmp(void *called_pc, const char *s1, const char *s2, size_t n, int result) { - if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return; + if (!fuzzer::RunningUserCallback) return; return __sanitizer_weak_hook_strncmp(called_pc, s1, s2, n, result); } ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY void __sanitizer_weak_hook_strcasecmp(void *called_pc, const char *s1, const char *s2, int result) { - if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return; + if (!fuzzer::RunningUserCallback) return; return __sanitizer_weak_hook_strcmp(called_pc, s1, s2, result); } ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY void __sanitizer_weak_hook_strstr(void *called_pc, const char *s1, const char *s2, char *result) { - if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return; + if (!fuzzer::RunningUserCallback) return; fuzzer::TPC.MMT.Add(reinterpret_cast(s2), strlen(s2)); } ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY void __sanitizer_weak_hook_strcasestr(void *called_pc, const char *s1, const char *s2, char *result) { - if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return; + if (!fuzzer::RunningUserCallback) return; fuzzer::TPC.MMT.Add(reinterpret_cast(s2), strlen(s2)); } ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY void __sanitizer_weak_hook_memmem(void *called_pc, const void *s1, size_t len1, const void *s2, size_t len2, void *result) { - if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return; + if (!fuzzer::RunningUserCallback) return; fuzzer::TPC.MMT.Add(reinterpret_cast(s2), len2); } } // extern "C" Index: compiler-rt/trunk/test/fuzzer/three-bytes.test =================================================================== --- compiler-rt/trunk/test/fuzzer/three-bytes.test +++ compiler-rt/trunk/test/fuzzer/three-bytes.test @@ -1,8 +1,8 @@ Tests -use_value_profile=2 (alternative VP metric). RUN: %cpp_compiler %S/ThreeBytes.cpp -o %t -RUN: %run %t -seed=1 -runs=100000 -RUN: %run %t -seed=1 -runs=100000 -use_value_profile=1 +RUN: %run %t -seed=1 -runs=30000 +RUN: %run %t -seed=1 -runs=30000 -use_value_profile=1 RUN: not %run %t -seed=1 -runs=1000000 -use_value_profile=2 2>&1 | FileCheck %s CHECK: Test unit written