From 156cec6232ae2971456bc206bfd0fce1133a1e6d Mon Sep 17 00:00:00 2001 From: Matt Morehouse Date: Tue, 1 Oct 2019 22:49:06 +0000 Subject: [libFuzzer] Remove lazy counters. Summary: Lazy counters haven't improved performance for large fuzz targets. Reviewers: kcc Reviewed By: kcc Subscribers: llvm-commits Tags: #llvm Differential Revision: https://reviews.llvm.org/D67476 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@373403 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/fuzzer/FuzzerDriver.cpp | 1 - lib/fuzzer/FuzzerFlags.def | 3 --- lib/fuzzer/FuzzerLoop.cpp | 4 ---- lib/fuzzer/FuzzerOptions.h | 1 - lib/fuzzer/FuzzerTracePC.cpp | 39 --------------------------------------- lib/fuzzer/FuzzerTracePC.h | 3 --- lib/fuzzer/FuzzerUtil.h | 2 -- lib/fuzzer/FuzzerUtilFuchsia.cpp | 4 ---- lib/fuzzer/FuzzerUtilPosix.cpp | 6 ------ lib/fuzzer/FuzzerUtilWindows.cpp | 4 ---- 10 files changed, 67 deletions(-) (limited to 'lib') diff --git a/lib/fuzzer/FuzzerDriver.cpp b/lib/fuzzer/FuzzerDriver.cpp index 54c7ff079..44c90655b 100644 --- a/lib/fuzzer/FuzzerDriver.cpp +++ b/lib/fuzzer/FuzzerDriver.cpp @@ -708,7 +708,6 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) { Options.FeaturesDir = Flags.features_dir; if (Flags.collect_data_flow) Options.CollectDataFlow = Flags.collect_data_flow; - Options.LazyCounters = Flags.lazy_counters; if (Flags.stop_file) Options.StopFile = Flags.stop_file; diff --git a/lib/fuzzer/FuzzerFlags.def b/lib/fuzzer/FuzzerFlags.def index a11cfe440..0e19a9cde 100644 --- a/lib/fuzzer/FuzzerFlags.def +++ b/lib/fuzzer/FuzzerFlags.def @@ -123,9 +123,6 @@ FUZZER_FLAG_INT(handle_term, 1, "If 1, try to intercept SIGTERM.") FUZZER_FLAG_INT(handle_xfsz, 1, "If 1, try to intercept SIGXFSZ.") FUZZER_FLAG_INT(handle_usr1, 1, "If 1, try to intercept SIGUSR1.") FUZZER_FLAG_INT(handle_usr2, 1, "If 1, try to intercept SIGUSR2.") -FUZZER_FLAG_INT(lazy_counters, 0, "If 1, a performance optimization is" - "enabled for the 8bit inline counters. " - "Requires that libFuzzer successfully installs its SEGV handler") FUZZER_FLAG_INT(close_fd_mask, 0, "If 1, close stdout at startup; " "if 2, close stderr; if 3, close both. " "Be careful, this will also close e.g. stderr of asan.") diff --git a/lib/fuzzer/FuzzerLoop.cpp b/lib/fuzzer/FuzzerLoop.cpp index 96ab544b1..df533e877 100644 --- a/lib/fuzzer/FuzzerLoop.cpp +++ b/lib/fuzzer/FuzzerLoop.cpp @@ -742,10 +742,6 @@ void Fuzzer::ReadAndExecuteSeedCorpora(Vector &CorporaFiles) { uint8_t dummy = 0; ExecuteCallback(&dummy, 0); - // Protect lazy counters here, after the once-init code has been executed. - if (Options.LazyCounters) - TPC.ProtectLazyCounters(); - if (CorporaFiles.empty()) { Printf("INFO: A corpus is not provided, starting from an empty corpus\n"); Unit U({'\n'}); // Valid ASCII input. diff --git a/lib/fuzzer/FuzzerOptions.h b/lib/fuzzer/FuzzerOptions.h index ad3df015b..beecc9803 100644 --- a/lib/fuzzer/FuzzerOptions.h +++ b/lib/fuzzer/FuzzerOptions.h @@ -75,7 +75,6 @@ struct FuzzingOptions { bool HandleXfsz = false; bool HandleUsr1 = false; bool HandleUsr2 = false; - bool LazyCounters = false; }; } // namespace fuzzer diff --git a/lib/fuzzer/FuzzerTracePC.cpp b/lib/fuzzer/FuzzerTracePC.cpp index c47357703..f03be7a39 100644 --- a/lib/fuzzer/FuzzerTracePC.cpp +++ b/lib/fuzzer/FuzzerTracePC.cpp @@ -67,45 +67,6 @@ void TracePC::HandleInline8bitCountersInit(uint8_t *Start, uint8_t *Stop) { NumInline8bitCounters += M.Size(); } -// Mark all full page counter regions as PROT_NONE and set Enabled=false. -// The first time the instrumented code hits such a protected/disabled -// counter region we should catch a SEGV and call UnprotectLazyCounters, -// which will mark the page as PROT_READ|PROT_WRITE and set Enabled=true. -// -// Whenever other functions iterate over the counters they should ignore -// regions with Enabled=false. -void TracePC::ProtectLazyCounters() { - size_t NumPagesProtected = 0; - IterateCounterRegions([&](Module::Region &R) { - if (!R.OneFullPage) return; - if (Mprotect(R.Start, R.Stop - R.Start, false)) { - R.Enabled = false; - NumPagesProtected++; - } - }); - if (NumPagesProtected) - Printf("INFO: %zd pages of counters where protected;" - " libFuzzer's SEGV handler must be installed\n", - NumPagesProtected); -} - -bool TracePC::UnprotectLazyCounters(void *CounterPtr) { - // Printf("UnprotectLazyCounters: %p\n", CounterPtr); - if (!CounterPtr) - return false; - bool Done = false; - uint8_t *Addr = reinterpret_cast(CounterPtr); - IterateCounterRegions([&](Module::Region &R) { - if (!R.OneFullPage || R.Enabled || Done) return; - if (Addr >= R.Start && Addr < R.Stop) - if (Mprotect(R.Start, R.Stop - R.Start, true)) { - R.Enabled = true; - Done = true; - } - }); - return Done; -} - void TracePC::HandlePCsInit(const uintptr_t *Start, const uintptr_t *Stop) { const PCTableEntry *B = reinterpret_cast(Start); const PCTableEntry *E = reinterpret_cast(Stop); diff --git a/lib/fuzzer/FuzzerTracePC.h b/lib/fuzzer/FuzzerTracePC.h index 4f5ebeb04..501f3b544 100644 --- a/lib/fuzzer/FuzzerTracePC.h +++ b/lib/fuzzer/FuzzerTracePC.h @@ -119,9 +119,6 @@ class TracePC { void SetFocusFunction(const std::string &FuncName); bool ObservedFocusFunction(); - void ProtectLazyCounters(); - bool UnprotectLazyCounters(void *CounterPtr); - struct PCTableEntry { uintptr_t PC, PCFlags; }; diff --git a/lib/fuzzer/FuzzerUtil.h b/lib/fuzzer/FuzzerUtil.h index 0a127911d..85c5571d6 100644 --- a/lib/fuzzer/FuzzerUtil.h +++ b/lib/fuzzer/FuzzerUtil.h @@ -52,8 +52,6 @@ void SetSignalHandler(const FuzzingOptions& Options); void SleepSeconds(int Seconds); -bool Mprotect(void *Ptr, size_t Size, bool AllowReadWrite); - unsigned long GetPid(); size_t GetPeakRSSMb(); diff --git a/lib/fuzzer/FuzzerUtilFuchsia.cpp b/lib/fuzzer/FuzzerUtilFuchsia.cpp index 36010f7f1..50071a7e5 100644 --- a/lib/fuzzer/FuzzerUtilFuchsia.cpp +++ b/lib/fuzzer/FuzzerUtilFuchsia.cpp @@ -305,10 +305,6 @@ void CrashHandler(zx_handle_t *Event) { } // namespace -bool Mprotect(void *Ptr, size_t Size, bool AllowReadWrite) { - return false; // UNIMPLEMENTED -} - // Platform specific functions. void SetSignalHandler(const FuzzingOptions &Options) { // Make sure information from libFuzzer and the sanitizers are easy to diff --git a/lib/fuzzer/FuzzerUtilPosix.cpp b/lib/fuzzer/FuzzerUtilPosix.cpp index 110785d87..cefe7ae18 100644 --- a/lib/fuzzer/FuzzerUtilPosix.cpp +++ b/lib/fuzzer/FuzzerUtilPosix.cpp @@ -37,7 +37,6 @@ static void (*upstream_segv_handler)(int, siginfo_t *, void *); static void SegvHandler(int sig, siginfo_t *si, void *ucontext) { assert(si->si_signo == SIGSEGV); - if (TPC.UnprotectLazyCounters(si->si_addr)) return; if (upstream_segv_handler) return upstream_segv_handler(sig, si, ucontext); Fuzzer::StaticCrashSignalCallback(); @@ -98,11 +97,6 @@ void SetTimer(int Seconds) { SetSigaction(SIGALRM, AlarmHandler); } -bool Mprotect(void *Ptr, size_t Size, bool AllowReadWrite) { - return 0 == mprotect(Ptr, Size, - AllowReadWrite ? (PROT_READ | PROT_WRITE) : PROT_NONE); -} - void SetSignalHandler(const FuzzingOptions& Options) { if (Options.UnitTimeoutSec > 0) SetTimer(Options.UnitTimeoutSec / 2 + 1); diff --git a/lib/fuzzer/FuzzerUtilWindows.cpp b/lib/fuzzer/FuzzerUtilWindows.cpp index 074e1eb42..ed90044c3 100644 --- a/lib/fuzzer/FuzzerUtilWindows.cpp +++ b/lib/fuzzer/FuzzerUtilWindows.cpp @@ -111,10 +111,6 @@ static TimerQ Timer; static void CrashHandler(int) { Fuzzer::StaticCrashSignalCallback(); } -bool Mprotect(void *Ptr, size_t Size, bool AllowReadWrite) { - return false; // UNIMPLEMENTED -} - void SetSignalHandler(const FuzzingOptions& Options) { HandlerOpt = &Options; -- cgit v1.2.1