Page MenuHomePhabricator

[libFuzzer] Fix arguments of InsertPartOf/CopyPartOf calls in CrossOver mutator.
ClosedPublic

Authored by dokyungs on Aug 7 2020, 1:46 PM.

Details

Summary

The CrossOver mutator is meant to cross over two given buffers (referred to as the first/second buffer below). Previously InsertPartOf/CopyPartOf calls used in the CrossOver mutator incorrectly inserted/copied part of the second buffer into a "scratch buffer" (MutateInPlaceHere of the size CurrentMaxMutationLen), rather than the first buffer. This is not intended behavior, because the scratch buffer does not always (i) contain the content of the first buffer, and (ii) have the same size as the first buffer; CurrentMaxMutationLen is typically a lot larger than the size of the first buffer. This patch fixes the issue by using the first buffer instead of the scratch buffer in InsertPartOf/CopyPartOf calls.

A FuzzBench experiment was run to make sure that this change does not inadvertently degrade the performance. The performance is largely the same; more details can be found at: https://storage.googleapis.com/fuzzer-test-suite-public/fixcrossover-report/index.html

This patch also adds two new tests, namely "cross_over_insert" and "cross_over_copy", which specifically target InsertPartOf and CopyPartOf, respectively.

  • cross_over_insert.test checks if the fuzzer can use InsertPartOf to trigger the crash.
  • cross_over_copy.test checks if the fuzzer can use CopyPartOf to trigger the crash.

These newly added tests were designed to pass with the current patch, but not without the it (with b216c80cc2496b87bf827260ce7e24dc62247d71 these tests do not pass). To achieve this, -max_len was intentionally given a high value. Without this patch, InsertPartOf/CopyPartOf will generate larger inputs, possibly with unpredictable data in it, thereby failing to trigger the crash.

The test pass condition for these new tests is narrowed down by (i) limiting mutation depth to 1 (i.e., a single CrossOver mutation should be able to trigger the crash) and (ii) checking whether the mutation sequence of "CrossOver-" leads to the crash.

Also note that these newly added tests and an existing test (cross_over.test) all use "-reduce_inputs=0" flags to prevent reducing inputs; it's easier to force the fuzzer to keep original input string this way than tweaking cov-instrumented basic blocks in the source code of the fuzzer executable.

Diff Detail

Event Timeline

dokyungs created this revision.Aug 7 2020, 1:46 PM
Herald added a project: Restricted Project. · View Herald TranscriptAug 7 2020, 1:46 PM
Herald added a subscriber: Restricted Project. · View Herald Transcript
dokyungs requested review of this revision.Aug 7 2020, 1:46 PM
dokyungs edited the summary of this revision. (Show Details)Aug 7 2020, 1:52 PM
dokyungs edited the summary of this revision. (Show Details)
dokyungs updated this revision to Diff 284041.Aug 7 2020, 1:56 PM

Remove REQUIRES: linux, x86_64 in the new test, since the test from which the new tests copied does not have it.

Harbormaster completed remote builds in B67531: Diff 284036.
morehouse added inline comments.Aug 10 2020, 11:54 AM
compiler-rt/test/fuzzer/CrossOverTest.cpp
10

Please also list the original crossover test case here.

30

Since the new inputs also start with A and Z, would it be simpler to leave this test unchanged?

dokyungs updated this revision to Diff 284902.Aug 11 2020, 2:45 PM

Addressed comments.

dokyungs updated this revision to Diff 284906.Aug 11 2020, 2:57 PM
dokyungs marked an inline comment as done.

Further address comments.

dokyungs added inline comments.Aug 11 2020, 3:00 PM
compiler-rt/test/fuzzer/CrossOverTest.cpp
30

Reverted changes except for CrossOverTest.cpp:45 which needs changing because the inputs of the newly added tests are not always of size 10.

morehouse accepted this revision.Aug 11 2020, 4:45 PM

LGTM, but let's wait to merge until we get confirmation from FuzzBench that this doesn't hurt fuzzer performance.

This revision is now accepted and ready to land.Aug 11 2020, 4:45 PM
dokyungs edited the summary of this revision. (Show Details)Aug 17 2020, 4:07 PM

Looks like this change is causing the value-profile-load.test test to fail. Can you please take a look?

******************** TEST 'libFuzzer :: value-profile-load.test' FAILED ********************
Script:
--
: 'RUN: at line 2';     /Users/buildslave/jenkins/workspace/clang-stage1-RA/clang-build/./bin/clang  --driver-mode=g++ -O2 -gline-tables-only -fsanitize=address,fuzzer -I/Users/buildslave/jenkins/workspace/clang-stage1-RA/llvm-project/compiler-rt/lib/fuzzer -arch x86_64 -stdlib=libc++ -mmacosx-version-min=10.9 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.sdk /Users/buildslave/jenkins/workspace/clang-stage1-RA/llvm-project/compiler-rt/test/fuzzer/LoadTest.cpp -fsanitize-coverage=trace-gep -o /Users/buildslave/jenkins/workspace/clang-stage1-RA/clang-build/tools/clang/runtime/compiler-rt-bins/test/fuzzer/X86_64DefaultDarwinConfig/Output/value-profile-load.test.tmp-LoadTest
: 'RUN: at line 3';   not  /Users/buildslave/jenkins/workspace/clang-stage1-RA/clang-build/tools/clang/runtime/compiler-rt-bins/test/fuzzer/X86_64DefaultDarwinConfig/Output/value-profile-load.test.tmp-LoadTest -seed=2 -use_cmp=0 -use_value_profile=1 -runs=20000000 2>&1 | FileCheck /Users/buildslave/jenkins/workspace/clang-stage1-RA/llvm-project/compiler-rt/test/fuzzer/value-profile-load.test
--
Exit Code: 1

Command Output (stderr):
--
+ : 'RUN: at line 2'
+ /Users/buildslave/jenkins/workspace/clang-stage1-RA/clang-build/./bin/clang --driver-mode=g++ -O2 -gline-tables-only -fsanitize=address,fuzzer -I/Users/buildslave/jenkins/workspace/clang-stage1-RA/llvm-project/compiler-rt/lib/fuzzer -arch x86_64 -stdlib=libc++ -mmacosx-version-min=10.9 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.sdk /Users/buildslave/jenkins/workspace/clang-stage1-RA/llvm-project/compiler-rt/test/fuzzer/LoadTest.cpp -fsanitize-coverage=trace-gep -o /Users/buildslave/jenkins/workspace/clang-stage1-RA/clang-build/tools/clang/runtime/compiler-rt-bins/test/fuzzer/X86_64DefaultDarwinConfig/Output/value-profile-load.test.tmp-LoadTest
+ : 'RUN: at line 3'
+ not /Users/buildslave/jenkins/workspace/clang-stage1-RA/clang-build/tools/clang/runtime/compiler-rt-bins/test/fuzzer/X86_64DefaultDarwinConfig/Output/value-profile-load.test.tmp-LoadTest -seed=2 -use_cmp=0 -use_value_profile=1 -runs=20000000
+ FileCheck /Users/buildslave/jenkins/workspace/clang-stage1-RA/llvm-project/compiler-rt/test/fuzzer/value-profile-load.test
/Users/buildslave/jenkins/workspace/clang-stage1-RA/llvm-project/compiler-rt/test/fuzzer/value-profile-load.test:1:8: error: CHECK: expected string not found in input
CHECK: AddressSanitizer: global-buffer-overflow
       ^
<stdin>:1:1: note: scanning from here
INFO: Seed: 2
^
<stdin>:5:27: note: possible intended match here
INFO: A corpus is not provided, starting from an empty corpus
                          ^

Input file: <stdin>
Check file: /Users/buildslave/jenkins/workspace/clang-stage1-RA/llvm-project/compiler-rt/test/fuzzer/value-profile-load.test

-dump-input=help explains the following input dump.

Input was:
<<<<<<
           1: INFO: Seed: 2
check:1'0     X~~~~~~~~~~~~ error: no match found
           2: INFO: Loaded 1 modules (3 inline 8-bit counters): 3 [0x10af2bac8, 0x10af2bacb), 
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           3: INFO: Loaded 1 PC tables (3 PCs): 3 [0x10af2bad0,0x10af2bb00), 
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           4: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           5: INFO: A corpus is not provided, starting from an empty corpus
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
check:1'1                               ?                                   possible intended match
           6: #2 INITED cov: 2 ft: 4 corp: 1/1b exec/s: 0 rss: 31Mb
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           7: #14 NEW cov: 2 ft: 5 corp: 2/4b lim: 4 exec/s: 0 rss: 31Mb L: 3/3 MS: 2 CrossOver-CopyPart-
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           8: #242 NEW cov: 2 ft: 6 corp: 3/9b lim: 6 exec/s: 0 rss: 31Mb L: 5/5 MS: 3 ShuffleBytes-ShuffleBytes-CopyPart-
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           9: #477 NEW cov: 3 ft: 11 corp: 4/17b lim: 8 exec/s: 0 rss: 31Mb L: 8/8 MS: 5 EraseBytes-ChangeByte-EraseBytes-InsertRepeatedBytes-CopyPart-
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          10: #480 NEW cov: 3 ft: 13 corp: 5/24b lim: 8 exec/s: 0 rss: 31Mb L: 7/8 MS: 3 ChangeByte-InsertByte-CopyPart-
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           .
           .
           .
>>>>>>

--

********************

Looks like this change is causing the value-profile-load.test test to fail. Can you please take a look?

******************** TEST 'libFuzzer :: value-profile-load.test' FAILED ********************
Script:
--
: 'RUN: at line 2';     /Users/buildslave/jenkins/workspace/clang-stage1-RA/clang-build/./bin/clang  --driver-mode=g++ -O2 -gline-tables-only -fsanitize=address,fuzzer -I/Users/buildslave/jenkins/workspace/clang-stage1-RA/llvm-project/compiler-rt/lib/fuzzer -arch x86_64 -stdlib=libc++ -mmacosx-version-min=10.9 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.sdk /Users/buildslave/jenkins/workspace/clang-stage1-RA/llvm-project/compiler-rt/test/fuzzer/LoadTest.cpp -fsanitize-coverage=trace-gep -o /Users/buildslave/jenkins/workspace/clang-stage1-RA/clang-build/tools/clang/runtime/compiler-rt-bins/test/fuzzer/X86_64DefaultDarwinConfig/Output/value-profile-load.test.tmp-LoadTest
: 'RUN: at line 3';   not  /Users/buildslave/jenkins/workspace/clang-stage1-RA/clang-build/tools/clang/runtime/compiler-rt-bins/test/fuzzer/X86_64DefaultDarwinConfig/Output/value-profile-load.test.tmp-LoadTest -seed=2 -use_cmp=0 -use_value_profile=1 -runs=20000000 2>&1 | FileCheck /Users/buildslave/jenkins/workspace/clang-stage1-RA/llvm-project/compiler-rt/test/fuzzer/value-profile-load.test
--
Exit Code: 1

Command Output (stderr):
--
+ : 'RUN: at line 2'
+ /Users/buildslave/jenkins/workspace/clang-stage1-RA/clang-build/./bin/clang --driver-mode=g++ -O2 -gline-tables-only -fsanitize=address,fuzzer -I/Users/buildslave/jenkins/workspace/clang-stage1-RA/llvm-project/compiler-rt/lib/fuzzer -arch x86_64 -stdlib=libc++ -mmacosx-version-min=10.9 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.sdk /Users/buildslave/jenkins/workspace/clang-stage1-RA/llvm-project/compiler-rt/test/fuzzer/LoadTest.cpp -fsanitize-coverage=trace-gep -o /Users/buildslave/jenkins/workspace/clang-stage1-RA/clang-build/tools/clang/runtime/compiler-rt-bins/test/fuzzer/X86_64DefaultDarwinConfig/Output/value-profile-load.test.tmp-LoadTest
+ : 'RUN: at line 3'
+ not /Users/buildslave/jenkins/workspace/clang-stage1-RA/clang-build/tools/clang/runtime/compiler-rt-bins/test/fuzzer/X86_64DefaultDarwinConfig/Output/value-profile-load.test.tmp-LoadTest -seed=2 -use_cmp=0 -use_value_profile=1 -runs=20000000
+ FileCheck /Users/buildslave/jenkins/workspace/clang-stage1-RA/llvm-project/compiler-rt/test/fuzzer/value-profile-load.test
/Users/buildslave/jenkins/workspace/clang-stage1-RA/llvm-project/compiler-rt/test/fuzzer/value-profile-load.test:1:8: error: CHECK: expected string not found in input
CHECK: AddressSanitizer: global-buffer-overflow
       ^
<stdin>:1:1: note: scanning from here
INFO: Seed: 2
^
<stdin>:5:27: note: possible intended match here
INFO: A corpus is not provided, starting from an empty corpus
                          ^

Input file: <stdin>
Check file: /Users/buildslave/jenkins/workspace/clang-stage1-RA/llvm-project/compiler-rt/test/fuzzer/value-profile-load.test

-dump-input=help explains the following input dump.

Input was:
<<<<<<
           1: INFO: Seed: 2
check:1'0     X~~~~~~~~~~~~ error: no match found
           2: INFO: Loaded 1 modules (3 inline 8-bit counters): 3 [0x10af2bac8, 0x10af2bacb), 
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           3: INFO: Loaded 1 PC tables (3 PCs): 3 [0x10af2bad0,0x10af2bb00), 
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           4: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           5: INFO: A corpus is not provided, starting from an empty corpus
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
check:1'1                               ?                                   possible intended match
           6: #2 INITED cov: 2 ft: 4 corp: 1/1b exec/s: 0 rss: 31Mb
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           7: #14 NEW cov: 2 ft: 5 corp: 2/4b lim: 4 exec/s: 0 rss: 31Mb L: 3/3 MS: 2 CrossOver-CopyPart-
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           8: #242 NEW cov: 2 ft: 6 corp: 3/9b lim: 6 exec/s: 0 rss: 31Mb L: 5/5 MS: 3 ShuffleBytes-ShuffleBytes-CopyPart-
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           9: #477 NEW cov: 3 ft: 11 corp: 4/17b lim: 8 exec/s: 0 rss: 31Mb L: 8/8 MS: 5 EraseBytes-ChangeByte-EraseBytes-InsertRepeatedBytes-CopyPart-
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          10: #480 NEW cov: 3 ft: 13 corp: 5/24b lim: 8 exec/s: 0 rss: 31Mb L: 7/8 MS: 3 ChangeByte-InsertByte-CopyPart-
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           .
           .
           .
>>>>>>

--

********************

Could you please apply the following patch and see if it fixes the regression?

https://reviews.llvm.org/D86247

Looks like this change is causing the value-profile-load.test test to fail. Can you please take a look?

******************** TEST 'libFuzzer :: value-profile-load.test' FAILED ********************
Script:
--
: 'RUN: at line 2';     /Users/buildslave/jenkins/workspace/clang-stage1-RA/clang-build/./bin/clang  --driver-mode=g++ -O2 -gline-tables-only -fsanitize=address,fuzzer -I/Users/buildslave/jenkins/workspace/clang-stage1-RA/llvm-project/compiler-rt/lib/fuzzer -arch x86_64 -stdlib=libc++ -mmacosx-version-min=10.9 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.sdk /Users/buildslave/jenkins/workspace/clang-stage1-RA/llvm-project/compiler-rt/test/fuzzer/LoadTest.cpp -fsanitize-coverage=trace-gep -o /Users/buildslave/jenkins/workspace/clang-stage1-RA/clang-build/tools/clang/runtime/compiler-rt-bins/test/fuzzer/X86_64DefaultDarwinConfig/Output/value-profile-load.test.tmp-LoadTest
: 'RUN: at line 3';   not  /Users/buildslave/jenkins/workspace/clang-stage1-RA/clang-build/tools/clang/runtime/compiler-rt-bins/test/fuzzer/X86_64DefaultDarwinConfig/Output/value-profile-load.test.tmp-LoadTest -seed=2 -use_cmp=0 -use_value_profile=1 -runs=20000000 2>&1 | FileCheck /Users/buildslave/jenkins/workspace/clang-stage1-RA/llvm-project/compiler-rt/test/fuzzer/value-profile-load.test
--
Exit Code: 1

Command Output (stderr):
--
+ : 'RUN: at line 2'
+ /Users/buildslave/jenkins/workspace/clang-stage1-RA/clang-build/./bin/clang --driver-mode=g++ -O2 -gline-tables-only -fsanitize=address,fuzzer -I/Users/buildslave/jenkins/workspace/clang-stage1-RA/llvm-project/compiler-rt/lib/fuzzer -arch x86_64 -stdlib=libc++ -mmacosx-version-min=10.9 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.sdk /Users/buildslave/jenkins/workspace/clang-stage1-RA/llvm-project/compiler-rt/test/fuzzer/LoadTest.cpp -fsanitize-coverage=trace-gep -o /Users/buildslave/jenkins/workspace/clang-stage1-RA/clang-build/tools/clang/runtime/compiler-rt-bins/test/fuzzer/X86_64DefaultDarwinConfig/Output/value-profile-load.test.tmp-LoadTest
+ : 'RUN: at line 3'
+ not /Users/buildslave/jenkins/workspace/clang-stage1-RA/clang-build/tools/clang/runtime/compiler-rt-bins/test/fuzzer/X86_64DefaultDarwinConfig/Output/value-profile-load.test.tmp-LoadTest -seed=2 -use_cmp=0 -use_value_profile=1 -runs=20000000
+ FileCheck /Users/buildslave/jenkins/workspace/clang-stage1-RA/llvm-project/compiler-rt/test/fuzzer/value-profile-load.test
/Users/buildslave/jenkins/workspace/clang-stage1-RA/llvm-project/compiler-rt/test/fuzzer/value-profile-load.test:1:8: error: CHECK: expected string not found in input
CHECK: AddressSanitizer: global-buffer-overflow
       ^
<stdin>:1:1: note: scanning from here
INFO: Seed: 2
^
<stdin>:5:27: note: possible intended match here
INFO: A corpus is not provided, starting from an empty corpus
                          ^

Input file: <stdin>
Check file: /Users/buildslave/jenkins/workspace/clang-stage1-RA/llvm-project/compiler-rt/test/fuzzer/value-profile-load.test

-dump-input=help explains the following input dump.

Input was:
<<<<<<
           1: INFO: Seed: 2
check:1'0     X~~~~~~~~~~~~ error: no match found
           2: INFO: Loaded 1 modules (3 inline 8-bit counters): 3 [0x10af2bac8, 0x10af2bacb), 
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           3: INFO: Loaded 1 PC tables (3 PCs): 3 [0x10af2bad0,0x10af2bb00), 
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           4: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           5: INFO: A corpus is not provided, starting from an empty corpus
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
check:1'1                               ?                                   possible intended match
           6: #2 INITED cov: 2 ft: 4 corp: 1/1b exec/s: 0 rss: 31Mb
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           7: #14 NEW cov: 2 ft: 5 corp: 2/4b lim: 4 exec/s: 0 rss: 31Mb L: 3/3 MS: 2 CrossOver-CopyPart-
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           8: #242 NEW cov: 2 ft: 6 corp: 3/9b lim: 6 exec/s: 0 rss: 31Mb L: 5/5 MS: 3 ShuffleBytes-ShuffleBytes-CopyPart-
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           9: #477 NEW cov: 3 ft: 11 corp: 4/17b lim: 8 exec/s: 0 rss: 31Mb L: 8/8 MS: 5 EraseBytes-ChangeByte-EraseBytes-InsertRepeatedBytes-CopyPart-
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          10: #480 NEW cov: 3 ft: 13 corp: 5/24b lim: 8 exec/s: 0 rss: 31Mb L: 7/8 MS: 3 ChangeByte-InsertByte-CopyPart-
check:1'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           .
           .
           .
>>>>>>

--

********************

Could you please apply the following patch and see if it fixes the regression?

https://reviews.llvm.org/D86247

It fixes it. Thanks!

This revision is now accepted and ready to land.Aug 20 2020, 11:57 PM

Right, the bot has been red since http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux/builds/29113, which includes this change.
There has been another change in the same build that broke *everything*, so you likely did not get an actionable message from the buildbot at that time.
Please fix!

Right, the bot has been red since http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux/builds/29113, which includes this change.
There has been another change in the same build that broke *everything*, so you likely did not get an actionable message from the buildbot at that time.
Please fix!

Working on a fix now.

Reverted this in 8831e34771fec4dfbe62a6e31d9bc9419a3b93c3 to get the bots green again. Please feel free to ping if you need someone to test this on macOS.

Reverted this in 8831e34771fec4dfbe62a6e31d9bc9419a3b93c3 to get the bots green again. Please feel free to ping if you need someone to test this on macOS.

Could you try this patch again on top of https://reviews.llvm.org/D86247 which hopefully fixes the failing test on macOS?

Reverted this in 8831e34771fec4dfbe62a6e31d9bc9419a3b93c3 to get the bots green again. Please feel free to ping if you need someone to test this on macOS.

Ping @azharudd

@dokyungs, looking into this now.

azharudd added a comment.EditedAug 25 2020, 12:26 PM

Reverted this in 8831e34771fec4dfbe62a6e31d9bc9419a3b93c3 to get the bots green again. Please feel free to ping if you need someone to test this on macOS.

Could you try this patch again on top of https://reviews.llvm.org/D86247 which hopefully fixes the failing test on macOS?

@dokyungs, it works. The value-profile-load test didn't fail when I tried this and D86247 together. It would be better to commit them together in a single commit.