[libFuzzer] Remove lazy counters.

Summary: Lazy counters haven't improved performance for large fuzz targets.

Reviewers: kcc

Reviewed By: kcc

Subscribers: llvm-commits

Tags: #llvm

Differential Revision: https://reviews.llvm.org/D67476

llvm-svn: 373403

Author: morehouse

compiler-rt/lib/fuzzer/FuzzerDriver.cpp

@@ -708,7 +708,6 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {
     Options.FeaturesDir = Flags.features_dir;
   if (Flags.collect_data_flow)
     Options.CollectDataFlow = Flags.collect_data_flow;
-  Options.LazyCounters = Flags.lazy_counters;
   if (Flags.stop_file)
     Options.StopFile = Flags.stop_file;
 

compiler-rt/lib/fuzzer/FuzzerFlags.def

@@ -123,9 +123,6 @@ FUZZER_FLAG_INT(handle_term, 1, "If 1, try to intercept SIGTERM.")
 FUZZER_FLAG_INT(handle_xfsz, 1, "If 1, try to intercept SIGXFSZ.")
 FUZZER_FLAG_INT(handle_usr1, 1, "If 1, try to intercept SIGUSR1.")
 FUZZER_FLAG_INT(handle_usr2, 1, "If 1, try to intercept SIGUSR2.")
-FUZZER_FLAG_INT(lazy_counters, 0, "If 1, a performance optimization is"
-    "enabled for the 8bit inline counters. "
-    "Requires that libFuzzer successfully installs its SEGV handler")
 FUZZER_FLAG_INT(close_fd_mask, 0, "If 1, close stdout at startup; "
     "if 2, close stderr; if 3, close both. "
     "Be careful, this will also close e.g. stderr of asan.")

compiler-rt/lib/fuzzer/FuzzerLoop.cpp

@@ -742,10 +742,6 @@ void Fuzzer::ReadAndExecuteSeedCorpora(Vector<SizedFile> &CorporaFiles) {
   uint8_t dummy = 0;
   ExecuteCallback(&dummy, 0);
 
-  // Protect lazy counters here, after the once-init code has been executed.
-  if (Options.LazyCounters)
-    TPC.ProtectLazyCounters();
-
   if (CorporaFiles.empty()) {
     Printf("INFO: A corpus is not provided, starting from an empty corpus\n");
     Unit U({'\n'}); // Valid ASCII input.

compiler-rt/lib/fuzzer/FuzzerOptions.h

@@ -75,7 +75,6 @@ struct FuzzingOptions {
   bool HandleXfsz = false;
   bool HandleUsr1 = false;
   bool HandleUsr2 = false;
-  bool LazyCounters = false;
 };
 
 }  // namespace fuzzer

compiler-rt/lib/fuzzer/FuzzerTracePC.cpp

@@ -67,45 +67,6 @@ void TracePC::HandleInline8bitCountersInit(uint8_t *Start, uint8_t *Stop) {
   NumInline8bitCounters += M.Size();
 }
 
-// Mark all full page counter regions as PROT_NONE and set Enabled=false.
-// The first time the instrumented code hits such a protected/disabled
-// counter region we should catch a SEGV and call UnprotectLazyCounters,
-// which will mark the page as PROT_READ|PROT_WRITE and set Enabled=true.
-//
-// Whenever other functions iterate over the counters they should ignore
-// regions with Enabled=false.
-void TracePC::ProtectLazyCounters() {
-  size_t NumPagesProtected = 0;
-  IterateCounterRegions([&](Module::Region &R) {
-    if (!R.OneFullPage) return;
-    if (Mprotect(R.Start, R.Stop - R.Start, false)) {
-      R.Enabled = false;
-      NumPagesProtected++;
-    }
-  });
-  if (NumPagesProtected)
-    Printf("INFO: %zd pages of counters where protected;"
-           " libFuzzer's SEGV handler must be installed\n",
-           NumPagesProtected);
-}
-
-bool TracePC::UnprotectLazyCounters(void *CounterPtr) {
-  // Printf("UnprotectLazyCounters: %p\n", CounterPtr);
-  if (!CounterPtr)
-    return false;
-  bool Done = false;
-  uint8_t *Addr = reinterpret_cast<uint8_t *>(CounterPtr);
-  IterateCounterRegions([&](Module::Region &R) {
-    if (!R.OneFullPage || R.Enabled || Done) return;
-    if (Addr >= R.Start && Addr < R.Stop)
-      if (Mprotect(R.Start, R.Stop - R.Start, true)) {
-        R.Enabled = true;
-        Done = true;
-      }
-  });
-  return Done;
-}
-
 void TracePC::HandlePCsInit(const uintptr_t *Start, const uintptr_t *Stop) {
   const PCTableEntry *B = reinterpret_cast<const PCTableEntry *>(Start);
   const PCTableEntry *E = reinterpret_cast<const PCTableEntry *>(Stop);

compiler-rt/lib/fuzzer/FuzzerTracePC.h

@@ -119,9 +119,6 @@ class TracePC {
   void SetFocusFunction(const std::string &FuncName);
   bool ObservedFocusFunction();
 
-  void ProtectLazyCounters();
-  bool UnprotectLazyCounters(void *CounterPtr);
-
   struct PCTableEntry {
     uintptr_t PC, PCFlags;
   };

compiler-rt/lib/fuzzer/FuzzerUtil.h

@@ -52,8 +52,6 @@ void SetSignalHandler(const FuzzingOptions& Options);
 
 void SleepSeconds(int Seconds);
 
-bool Mprotect(void *Ptr, size_t Size, bool AllowReadWrite);
-
 unsigned long GetPid();
 
 size_t GetPeakRSSMb();

compiler-rt/lib/fuzzer/FuzzerUtilFuchsia.cpp

@@ -305,10 +305,6 @@ void CrashHandler(zx_handle_t *Event) {
 
 } // namespace
 
-bool Mprotect(void *Ptr, size_t Size, bool AllowReadWrite) {
-  return false;  // UNIMPLEMENTED
-}
-
 // Platform specific functions.
 void SetSignalHandler(const FuzzingOptions &Options) {
   // Make sure information from libFuzzer and the sanitizers are easy to

compiler-rt/lib/fuzzer/FuzzerUtilPosix.cpp

@@ -37,7 +37,6 @@ static void (*upstream_segv_handler)(int, siginfo_t *, void *);
 
 static void SegvHandler(int sig, siginfo_t *si, void *ucontext) {
   assert(si->si_signo == SIGSEGV);
-  if (TPC.UnprotectLazyCounters(si->si_addr)) return;
   if (upstream_segv_handler)
     return upstream_segv_handler(sig, si, ucontext);
   Fuzzer::StaticCrashSignalCallback();
@@ -98,11 +97,6 @@ void SetTimer(int Seconds) {
   SetSigaction(SIGALRM, AlarmHandler);
 }
 
-bool Mprotect(void *Ptr, size_t Size, bool AllowReadWrite) {
-  return 0 == mprotect(Ptr, Size,
-                       AllowReadWrite ? (PROT_READ | PROT_WRITE) : PROT_NONE);
-}
-
 void SetSignalHandler(const FuzzingOptions& Options) {
   if (Options.UnitTimeoutSec > 0)
     SetTimer(Options.UnitTimeoutSec / 2 + 1);

compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp

@@ -111,10 +111,6 @@ static TimerQ Timer;
 
 static void CrashHandler(int) { Fuzzer::StaticCrashSignalCallback(); }
 
-bool Mprotect(void *Ptr, size_t Size, bool AllowReadWrite) {
-  return false;  // UNIMPLEMENTED
-}
-
 void SetSignalHandler(const FuzzingOptions& Options) {
   HandlerOpt = &Options;