Commit 2d005827b8
Changed files (6)
lib
lib/fuzzer/web/index.html
@@ -147,7 +147,6 @@
<li>Total Runs: <span id="statTotalRuns"></span></li>
<li>Unique Runs: <span id="statUniqueRuns"></span></li>
<li>Coverage: <span id="statCoverage"></span></li>
- <li>Lowest Stack: <span id="statLowestStack"></span></li>
<li>Entry Points: <ul id="entryPointsList"></ul></li>
</ul>
</div>
lib/fuzzer/web/main.js
@@ -6,7 +6,6 @@
const domStatTotalRuns = document.getElementById("statTotalRuns");
const domStatUniqueRuns = document.getElementById("statUniqueRuns");
const domStatCoverage = document.getElementById("statCoverage");
- const domStatLowestStack = document.getElementById("statLowestStack");
const domEntryPointsList = document.getElementById("entryPointsList");
let wasm_promise = fetch("main.wasm");
@@ -158,7 +157,6 @@
domStatTotalRuns.innerText = totalRuns;
domStatUniqueRuns.innerText = uniqueRuns + " (" + percent(uniqueRuns, totalRuns) + "%)";
domStatCoverage.innerText = coveredSourceLocations + " / " + totalSourceLocations + " (" + percent(coveredSourceLocations, totalSourceLocations) + "%)";
- domStatLowestStack.innerText = unwrapString(wasm_exports.lowestStack());
const entryPoints = unwrapInt32Array(wasm_exports.entryPoints());
resizeDomList(domEntryPointsList, entryPoints.length, "<li></li>");
lib/fuzzer/web/main.zig
@@ -106,13 +106,6 @@ export fn decl_source_html(decl_index: Decl.Index) String {
return String.init(string_result.items);
}
-export fn lowestStack() String {
- const header: *abi.CoverageUpdateHeader = @ptrCast(recent_coverage_update.items[0..@sizeOf(abi.CoverageUpdateHeader)]);
- string_result.clearRetainingCapacity();
- string_result.writer(gpa).print("0x{d}", .{header.lowest_stack}) catch @panic("OOM");
- return String.init(string_result.items);
-}
-
export fn totalSourceLocations() usize {
return coverage_source_locations.items.len;
}
lib/std/Build/Fuzz/abi.zig
@@ -13,7 +13,6 @@ pub const SeenPcsHeader = extern struct {
n_runs: usize,
unique_runs: usize,
pcs_len: usize,
- lowest_stack: usize,
/// Used for comptime assertions. Provides a mechanism for strategically
/// causing compile errors.
@@ -79,7 +78,6 @@ pub const CoverageUpdateHeader = extern struct {
flags: Flags = .{},
n_runs: u64,
unique_runs: u64,
- lowest_stack: u64,
pub const Flags = packed struct(u64) {
tag: ToClientTag = .coverage_update,
lib/std/Build/Fuzz/WebServer.zig
@@ -406,7 +406,6 @@ fn sendCoverageContext(
const seen_pcs = cov_header.seenBits();
const n_runs = @atomicLoad(usize, &cov_header.n_runs, .monotonic);
const unique_runs = @atomicLoad(usize, &cov_header.unique_runs, .monotonic);
- const lowest_stack = @atomicLoad(usize, &cov_header.lowest_stack, .monotonic);
if (prev_unique_runs.* != unique_runs) {
// There has been an update.
if (prev_unique_runs.* == 0) {
@@ -431,7 +430,6 @@ fn sendCoverageContext(
const header: abi.CoverageUpdateHeader = .{
.n_runs = n_runs,
.unique_runs = unique_runs,
- .lowest_stack = lowest_stack,
};
const iovecs: [2]std.posix.iovec_const = .{
makeIov(std.mem.asBytes(&header)),
lib/fuzzer.zig
@@ -28,7 +28,8 @@ fn logOverride(
f.writer().print(prefix1 ++ prefix2 ++ format ++ "\n", args) catch @panic("failed to write to fuzzer log");
}
-export threadlocal var __sancov_lowest_stack: usize = std.math.maxInt(usize);
+/// Helps determine run uniqueness in the face of recursion.
+export threadlocal var __sancov_lowest_stack: usize = 0;
export fn __sanitizer_cov_trace_const_cmp1(arg1: u8, arg2: u8) void {
handleCmp(@returnAddress(), arg1, arg2);
@@ -220,7 +221,6 @@ const Fuzzer = struct {
.n_runs = 0,
.unique_runs = 0,
.pcs_len = pcs.len,
- .lowest_stack = std.math.maxInt(usize),
};
f.seen_pcs.appendSliceAssumeCapacity(std.mem.asBytes(&header));
f.seen_pcs.appendNTimesAssumeCapacity(0, n_bitset_elems * @sizeOf(usize));
@@ -261,8 +261,8 @@ const Fuzzer = struct {
f.input.appendSliceAssumeCapacity(run.input);
try f.mutate();
- _ = @atomicRmw(usize, &header.lowest_stack, .Min, __sancov_lowest_stack, .monotonic);
@memset(f.pc_counters, 0);
+ __sancov_lowest_stack = std.math.maxInt(usize);
f.coverage.reset();
fuzzer_one(f.input.items.ptr, f.input.items.len);