This is an archive of the discontinued LLVM Phabricator instance.

[libFuzzer] Implement stat::stability_rate based on the percentage of unstable edges.
ClosedPublic

Authored by kevinwkt on Jul 11 2018, 5:47 PM.

Diff Detail

Event Timeline

kevinwkt created this revision.Jul 11 2018, 5:47 PM

Just some minor suggestions.

lib/fuzzer/FuzzerExtFunctions.def
48 ↗(On Diff #155097)

What is this change for? To trow an error if dump_coverage is not available?
I'm not sure this change is good (what if we only compile with new instrumentation where there is no dump_coverage) but in any case it isn't needed. I think you should undo this change.

lib/fuzzer/FuzzerFlags.def
113

I think this should be named print_unstable_stat instead.

lib/fuzzer/FuzzerTracePC.cpp
341

Please remove this change if it isn't necessary for this patch.

355

Please use the same style as the final stats in PrintFinalStats .

lib/fuzzer/FuzzerTracePC.h
186

Please don't make unnecessary changes.

test/fuzzer/PrintUnstableStatsTest.cpp
11

You can ignore this comment if Matt/Kostya approved of the style you used here, but I think it makes sense to put the attributes and function names on the same line, eg:

__attribute__((noinline)) void det0() { x++; }
41

I think this newline isn't necessary.
Also, the newlines in this function seem arbitrary.

metzman added a subscriber: Dor1s.Jul 11 2018, 8:18 PM

Also, you should add @Dor1s as a reviewer.

metzman added inline comments.Jul 11 2018, 8:20 PM
lib/fuzzer/FuzzerFlags.def
113

Maybe ignore this comment for now, only make the change if someone else brings this up since it's kinda pedantic and I can see someone asking you why print_unstable_stat is inconsistent with all other stats

kevinwkt updated this revision to Diff 155118.Jul 11 2018, 11:45 PM
kevinwkt marked 8 inline comments as done.
kevinwkt added a reviewer: Dor1s.

Fixed comments.

Dor1s added a comment.Jul 12 2018, 6:23 AM

Looks great, left some comments.

lib/fuzzer/FuzzerTracePC.cpp
345

nit: size_t (the same type as NumInline8bitCounters uses) might be a safer choice.

346

same here, since NumInline8bitCounters is of size_t type, please use the same type for the index variable

349

why %lf? I don't think that l makes any sense here, as it will be the same as %f: http://www.cplusplus.com/reference/cstdio/printf/

test/fuzzer/PrintUnstableStatsTest.cpp
59

I'd recommend changing this to case 4:. If compiler starts to complain that you don't have the default clause, add a one with assert(false) to declare that that case is unreachable.

kevinwkt updated this revision to Diff 155202.Jul 12 2018, 9:50 AM

Max's changes

kevinwkt marked 4 inline comments as done.Jul 12 2018, 9:51 AM

Just one question

lib/fuzzer/FuzzerTracePC.cpp
64–65

I'm a bit confused, why not make use of the 0th element in UnstableCounters?

kevinwkt added inline comments.Jul 12 2018, 1:21 PM
lib/fuzzer/FuzzerTracePC.cpp
64–65

I based this method off of UpdateObservedPCs() in FuzzerTracePC.cpp.
In line 206, they also utilize GuardIdx starting from 1.

metzman requested changes to this revision.Jul 12 2018, 1:45 PM

Please run clang-format as you agreed to do, it's giving me some small formatting changes for this patch.

FYI, I used clang-format-diff.py since it will format just the code you added rather than everything.

lib/fuzzer/FuzzerTracePC.cpp
64–65

OK. SGTM.
The space wasn't a concern to me by the way. It just looked confusing.

This revision now requires changes to proceed.Jul 12 2018, 1:45 PM
Dor1s added a comment.Jul 12 2018, 2:26 PM

I'd also recommend to make the CL summary and description a bit more verbose. Just think about it in a way that any other LLVM developer who was not reviewing the CL would still be able to get an idea on what's going on by just reading the summary and the description. I apologize for being selfish, but you can take a look at some of my CLs descriptions as an example:

kevinwkt updated this revision to Diff 155432.Jul 13 2018, 10:49 AM
kevinwkt marked 3 inline comments as done.

Updated with clang-format-diff.

kevinwkt edited the summary of this revision. (Show Details)Jul 13 2018, 12:44 PM
metzman accepted this revision.Jul 13 2018, 1:54 PM

Commit message needs tweaking.

we run the unstable checks 2 more times

What are "the unstable checks"? Just say we run it two more times.

In program termination, we run PrintUnstableStats() which will print a line with a stability percentage like AFL does.

In->On

I would leave out details about the test

This revision is now accepted and ready to land.Jul 13 2018, 1:54 PM
Dor1s added a comment.Jul 13 2018, 2:01 PM

Also update the title to something like "[libFuzzer] Implement stat::stability_rate based on the percentage of unstable edges."

lib/fuzzer/FuzzerTracePC.cpp
349

Please remove %%. Other stats do not print any units, just a number, so let's keep it consistent. That would also allow us to get this stat collected by CF and stored in BigQuery without any modifications, I believe.

test/fuzzer/print_unstable_stats.test
7

Don't forget to fix the test as well when you remove %%.

kevinwkt edited the summary of this revision. (Show Details)Jul 13 2018, 2:02 PM
kevinwkt updated this revision to Diff 155510.Jul 13 2018, 3:04 PM

Removed %% from the stat print.

kevinwkt retitled this revision from [libFuzzer] Unstable Edge Stats to [libFuzzer] Implement stat::stability_rate based on the percentage of unstable edges..Jul 13 2018, 3:08 PM
Dor1s accepted this revision.Jul 13 2018, 3:11 PM
Dor1s added subscribers: morehouse, kcc.

Please ask @morehouse and @kcc to review. I'd be happy to land the change after their approval.

morehouse added inline comments.Jul 13 2018, 4:07 PM
lib/fuzzer/FuzzerLoop.cpp
450

Should probably put ScopedEnableMsanInterceptorChecks S; at the beginning of this function, since that might cause different coverage now that we have it in ExecuteCallback.

469

Too much vertical whitespace here. Let's condense things a bit.

lib/fuzzer/FuzzerTracePC.cpp
64–65

The index should start at 0. The only reason GuardIdx starts at 1 is because pc-guards reserve the value 0 to disable the guard. But you're using the inline counters instead.

65

I think you also need to check that NumPCsInPCTables or NumInline8bitCounters are non-zero. Because the current condition will probably be true when using pc-guards.

(Here and below)

89

The second condition is pointless.

Essentially you're doing:

if (x != 5)
  x = 5;
test/fuzzer/print_unstable_stats.test
2

-fsanitize=fuzzer is unnecessary here. It is already built into the %cpp_compiler macro.

6

What's coverage_dir used for?

kevinwkt updated this revision to Diff 155538.Jul 13 2018, 5:21 PM
kevinwkt marked 9 inline comments as done.

Fixed UnstableIdx to start from 1 to 0
Erased Whitelines.

morehouse accepted this revision.Jul 13 2018, 5:38 PM
morehouse added inline comments.
lib/fuzzer/FuzzerTracePC.cpp
65

The style libFuzzer generally follows is:

if (NumInline8bitCounters && ...)

(here and below)

kevinwkt updated this revision to Diff 155541.Jul 13 2018, 5:46 PM

Changed formatting for libFuzzer

Dor1s updated this revision to Diff 155680.Jul 16 2018, 7:58 AM

Rebase on the ToT and getting ready to commit.

Herald added subscribers: Restricted Project, llvm-commits, delcypher. · View Herald TranscriptJul 16 2018, 7:58 AM
Dor1s edited the summary of this revision. (Show Details)Jul 16 2018, 7:58 AM
This revision was automatically updated to reflect the committed changes.
This revision is now accepted and ready to land.Jul 16 2018, 8:25 AM
Dor1s added a comment.Jul 16 2018, 8:56 AM

Kevin, it looks like you've applied clang-format (not clang-format-diff) on Friday and that has introduced a bunch of unnecessary changes. Click on "History" in "Revision Contents" table, then change "Whitespace Changes" listbox to "Show All" in the bottom: https://reviews.llvm.org/D49212?vs=on&id=155681&whitespace=show-all#toc

I'll clean those up for you and re-land the CL, but please be more careful next time. One more sanity check you could do locally is to run svn diff | colordiff and quickly inspect the diff you're about to upload for review.

Dor1s updated this revision to Diff 155699.Jul 16 2018, 9:01 AM

Remove unintentional format changes

This revision was automatically updated to reflect the committed changes.