[libFuzzer] simplify TracePC::HandleTrace even further. Also, when dealing with -exit_on_src_pos, symbolize every PC only once

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@285223 91177308-0d34-0410-b5e6-96231b3b80d8

Author: kcc

lib/Fuzzer/FuzzerLoop.cpp

@@ -17,6 +17,7 @@
 
 #include <algorithm>
 #include <cstring>
+#include <set>
 #include <memory>
 
 #if defined(__has_include)
@@ -161,7 +162,6 @@ Fuzzer::Fuzzer(UserCallback CB, InputCorpus &Corpus, MutationDispatcher &MD,
   assert(!F);
   F = this;
   TPC.ResetMaps();
-  TPC.ResetGuards();
   ResetCoverage();
   IsMyThread = true;
   if (Options.DetectLeaks && EF->__sanitizer_install_malloc_and_free_hooks)
@@ -381,9 +381,11 @@ void Fuzzer::SetMaxMutationLen(size_t MaxMutationLen) {
 
 void Fuzzer::CheckExitOnSrcPosOrItem() {
   if (!Options.ExitOnSrcPos.empty()) {
+    static auto *PCsSet = new std::set<uintptr_t>;
     for (size_t i = 1, N = TPC.GetNumPCs(); i < N; i++) {
       uintptr_t PC = TPC.GetPC(i);
       if (!PC) continue;
+      if (!PCsSet->insert(PC).second) continue;
       std::string Descr = DescribePC("%L", PC);
       if (Descr.find(Options.ExitOnSrcPos) != std::string::npos) {
         Printf("INFO: found line matching '%s', exiting.\n",
@@ -510,8 +512,6 @@ void Fuzzer::ExecuteCallback(const uint8_t *Data, size_t Size) {
   UnitStartTime = system_clock::now();
   ResetCounters();  // Reset coverage right before the callback.
   TPC.ResetMaps();
-  if (Options.UseCounters)
-    TPC.ResetGuards();
   int Res = CB(DataCopy, Size);
   UnitStopTime = system_clock::now();
   (void)Res;
@@ -577,20 +577,17 @@ UnitVector Fuzzer::FindExtraUnits(const UnitVector &Initial,
   for (int Iter = 0; Iter < 10; Iter++) {
     ShuffleCorpus(&Res);
     TPC.ResetMaps();
-    TPC.ResetGuards();
     Corpus.ResetFeatureSet();
     ResetCoverage();
 
     for (auto &U : Initial) {
       TPC.ResetMaps();
-      TPC.ResetGuards();
       RunOne(U);
     }
 
     Tmp.clear();
     for (auto &U : Res) {
       TPC.ResetMaps();
-      TPC.ResetGuards();
       if (RunOne(U))
         Tmp.push_back(U);
     }

lib/Fuzzer/FuzzerTracePC.cpp

@@ -30,19 +30,8 @@ TracePC TPC;
 void TracePC::HandleTrace(uint32_t *Guard, uintptr_t PC) {
   uint32_t Idx = *Guard;
   if (!Idx) return;
-  if (!PCs[Idx % kNumPCs])
-    PCs[Idx % kNumPCs] = PC;
-  uint8_t *CounterPtr = &Counters[Idx % kNumCounters];
-  uint8_t Counter = *CounterPtr;
-  if (UseCounters) {
-    if (Counter < 128)
-      *CounterPtr = Counter + 1;
-    else
-      *Guard = 0;
-  } else {
-    *CounterPtr = 1;
-    *Guard = 0;
-  }
+  PCs[Idx % kNumPCs] = PC;
+  Counters[Idx % kNumCounters]++;
 }
 
 size_t TracePC::GetTotalPCCoverage() {
@@ -70,14 +59,6 @@ void TracePC::PrintModuleInfo() {
   Printf("\n");
 }
 
-void TracePC::ResetGuards() {
-  uint32_t N = 0;
-  for (size_t M = 0; M < NumModules; M++)
-    for (uint32_t *X = Modules[M].Start, *End = Modules[M].Stop; X < End; X++)
-      *X = ++N;
-  assert(N == NumGuards);
-}
-
 size_t TracePC::FinalizeTrace(InputCorpus *C, size_t InputSize, bool Shrink) {
   if (!UsingTracePcGuard()) return 0;
   size_t Res = 0;

lib/Fuzzer/FuzzerTracePC.h

@@ -69,8 +69,6 @@ class TracePC {
   void UpdateFeatureSet(size_t CurrentElementIdx, size_t CurrentElementSize);
   void PrintFeatureSet();
 
-  void ResetGuards();
-
   void PrintModuleInfo();
 
   void PrintCoverage();