After https://reviews.llvm.org/D86382 it works.
Details
Details
Diff Detail
Diff Detail
- Repository
- rG LLVM Github Monorepo
Event Timeline
Comment Actions
Maybe SimpleCmpTest.cpp is not so simple?
Should we rather simplify it. On my workstation it takes 7s, which looks quite long.
Removing any condition makes it just 0.02s
Comment Actions
Hm, it actually looks fairly simple as is: just a bunch of comparisons of unmodified ints from the input buffer with constants. So I would expect Mutate_AddWordFromTORC to help solving it this fairly quickly. Do you have an idea why this might not be happening? Maybe it could be worth looking into it a bit deeper.
Comment Actions
My point is that it's already too long for lit test. So we should either investigate or simplify, but do not let it run longer.
Comment Actions
Actually it's simple with -use_value_profile=1 which is not used here.
For different seeds even for a half of of this conditions it can reach 10^7
I believe other platforms or tests without use_value_profile just lucky.
Longest condition is "a == 0x4242 && PrintOnce(LINE) &&"
for changed
if (a == 0x4242 && PrintOnce(__LINE__) &&
true) {
fprintf(stderr, "BINGO; Found the target: size %zd (%zd, %zd, %d, %d), exiting.\n",
Size, x, y, z, a);
exitclang --driver-mode=g++ -O2 -gline-tables-only -fsanitize=address,fuzzer -I/usr/local/google/home/vitalybuka/src/llvm.git/llvm-project/compiler-rt/lib/fuzzer -m32 /usr/local/google/home/vitalybuka/src/llvm.git/llvm-project/compiler-rt/test/fuzzer/SimpleCmpTest.cpp -o /usr/local/google/home/vitalybuka/src/llvm.git/out/z/projects/compiler-rt/test/fuzzer/I386DefaultLinuxConfig/Output/value-profile-cmp.test.tmp-SimpleCmpTest /usr/local/google/home/vitalybuka/src/llvm.git/out/z/projects/compiler-rt/test/fuzzer/I386DefaultLinuxConfig/Output/value-profile-cmp.test.tmp-SimpleCmpTest -runs=100000000
INFO: A corpus is not provided, starting from an empty corpus
#2 INITED cov: 2 ft: 2 corp: 1/1b exec/s: 0 rss: 40Mb
#2157 NEW cov: 3 ft: 3 corp: 2/25b lim: 25 exec/s: 0 rss: 40Mb L: 24/24 MS: 5 InsertRepeatedBytes-ShuffleBytes-ChangeBit-InsertByte-InsertRepeatedBytes-
#2097152 pulse cov: 3 ft: 3 corp: 2/25b lim: 4096 exec/s: 1048576 rss: 224Mb
#4194304 pulse cov: 3 ft: 3 corp: 2/25b lim: 4096 exec/s: 838860 rss: 406Mb
#8388608 pulse cov: 3 ft: 3 corp: 2/25b lim: 4096 exec/s: 838860 rss: 552Mb
#16777216 pulse cov: 3 ft: 3 corp: 2/25b lim: 4096 exec/s: 798915 rss: 554Mb
Seen line 32
BINGO; Found the target: size 24 (-241, -1, -1048577, -59), exiting.
==3072934== ERROR: libFuzzer: fuzz target exited
#0 0x811f8a2 in __sanitizer_print_stack_trace /usr/local/google/home/vitalybuka/src/llvm.git/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:86:3
#1 0x8099ed5 in fuzzer::PrintStackTrace() /usr/local/google/home/vitalybuka/src/llvm.git/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5
#2 0x8082527 in fuzzer::Fuzzer::ExitCallback() /usr/local/google/home/vitalybuka/src/llvm.git/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:250:3
#3 0x80824be in fuzzer::Fuzzer::StaticExitCallback() /usr/local/google/home/vitalybuka/src/llvm.git/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:209:6
#4 0xf7a791dd (/lib/i386-linux-gnu/libc.so.6+0x371dd)
#5 0xf7a793c0 in exit (/lib/i386-linux-gnu/libc.so.6+0x373c0)
#6 0x814c0d2 in LLVMFuzzerTestOneInput /usr/local/google/home/vitalybuka/src/llvm.git/llvm-project/compiler-rt/test/fuzzer/SimpleCmpTest.cpp:36:5
#7 0x80838a6 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned int) /usr/local/google/home/vitalybuka/src/llvm.git/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:559:15
#8 0x808307e in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned int, bool, fuzzer::InputInfo*, bool*) /usr/local/google/home/vitalybuka/src/llvm.git/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:471:3
#9 0x808488a in fuzzer::Fuzzer::MutateAndTestOne() /usr/local/google/home/vitalybuka/src/llvm.git/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:702:19
#10 0x8085454 in fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /usr/local/google/home/vitalybuka/src/llvm.git/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:838:5
#11 0x80741cd in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned int)) /usr/local/google/home/vitalybuka/src/llvm.git/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:852:6
#12 0x809a927 in main /usr/local/google/home/vitalybuka/src/llvm.git/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#13 0xf7a60ef0 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x1eef0)
#14 0x8069931 in _start (/usr/local/google/home/vitalybuka/src/llvm.git/out/z/projects/compiler-rt/test/fuzzer/I386DefaultLinuxConfig/Output/value-profile-cmp.test.tmp-SimpleCmpTest+0x8069931)
SUMMARY: libFuzzer: fuzz target exited
MS: 5 CMP-CopyPart-ShuffleBytes-EraseBytes-CMP- DE: "\x17\x00"-"BB\x00\x00"-; base unit: e77b6be5a40f31857870a32bc55ad4a84e093f3d
0xf,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xef,0xff,0xc5,0xff,0xff,0xff,0xef,0xff,0xc5,0xff,0x42,0x42,0x0,0x0,
\x0f\xff\xff\xff\xff\xff\xff\xff\xff\xff\xef\xff\xc5\xff\xff\xff\xef\xff\xc5\xffBB\x00\x00
artifact_prefix='./'; Test unit written to ./crash-bab75b2babdb30c78d9667b358e0d5a52d8eacddOther tests on this file use either use_value_profile or more iterations.
Here we test msan and not particular counters, so I would recommend just to add -use_value_profile=1