[llvm-dev] libFuzzer vs. unrolling (original) (raw)
George Karpenkov via llvm-dev llvm-dev at lists.llvm.org
Wed Oct 3 16:10:10 PDT 2018
- Previous message: [llvm-dev] [RFC] Pagerando: Page-granularity code randomization
- Next message: [llvm-dev] New warnings when building trunk with GCC 9
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
We still get intermittent failures on libfuzzer/shrink.test every now and then. I could not get a reproducible example. Have you seen a similar issue?
George
On Aug 8, 2018, at 4:04 PM, George Karpenkov <ekarpenkov at apple.com> wrote:
Hi, After https://reviews.llvm.org/D48800 landed, shrink.test stopped passing for us on x8664h architecture (x8664 + some haswell extensions). After looking further into this today, I have noticed that optimizations on haswell are more likely to do unrolling (since it can do more advanced vectorization). The main loop (inside the callback) in shrink.test gets unrolled thrice, and stays the same on x8664. I see how unrolling could mess with coverage, as conceptually the same location in the code becomes e.g. three after unrolling, and fuzzer should prefer exploring different portions of the program to going around the loop. Should we then disable unrolling when OPTFORFUZZING is enabled in the spirit of https://reviews.llvm.org/D44232 ? Or just increase the limit on shrink.test? Regards, George
- Previous message: [llvm-dev] [RFC] Pagerando: Page-granularity code randomization
- Next message: [llvm-dev] New warnings when building trunk with GCC 9
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]