[regexp fuzzer] Let the fuzzer input select the regexp flag.

[regexp fuzzer] Let the fuzzer input select the regexp flag.

With this CL the regexp-parser-fuzzer uses the first byte of the fuzzer
input to select the regexp flag instead of executing each input with all
possible flags. Thereby the fuzzer can explore more inputs and with its
coverage metric will explore all flags only for interesting inputs.

I updated all files in test/fuzzer/regexp and added a random byte at the beginning. This byte is used by the fuzzer to determine the flag.

BUG=chromium:664436
R=yangguo@chromium.org

Committed: https://crrev.com/2ba24a71b6e86b6272f2eccb37694b2b56a1219c
Cr-Commit-Position: refs/heads/master@{#41176}

[ahaas, 2016-11-18 12:29:54]

The CQ bit was checked by ahaas@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-11-18 12:30:02]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[ahaas, 2016-11-18 12:31:12]

Description was changed from

==========
[regexp fuzzer] Let the fuzzer input select the regexp flag.

With this CL the regexp-parser-fuzzer uses the first byte of the fuzzer
input to select the regexp flag instead of executing each input with all
possible flags. Thereby the fuzzer can explore more inputs and with its
coverage metric will explore all flags only for interesting inputs.

BUG=chromium:664436
R=yangguo@chromium.org
==========

to

==========
[regexp fuzzer] Let the fuzzer input select the regexp flag.

With this CL the regexp-parser-fuzzer uses the first byte of the fuzzer
input to select the regexp flag instead of executing each input with all
possible flags. Thereby the fuzzer can explore more inputs and with its
coverage metric will explore all flags only for interesting inputs.

I updated all files in test/fuzzer/regexp and added a random byte at the
beginning. This byte is used by the fuzzer to determine the flag.

BUG=chromium:664436
R=yangguo@chromium.org
==========

[Yang, 2016-11-18 12:35:50]

LGTM. I did not verify though whether the test seeds cover all bits for the
flags.

[commit-bot: I haz the power, 2016-11-18 12:56:46]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-11-18 12:56:47]

Dry run: This issue passed the CQ dry run.

[ahaas, 2016-11-22 09:55:36]

The CQ bit was checked by ahaas@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-11-22 09:55:46]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[ahaas, 2016-11-22 09:56:11]

ahaas@chromium.org changed reviewers:
+ mmoroz@chromium.org

[ahaas, 2016-11-22 09:58:22]

On 2016/11/18 at 12:35:50, yangguo wrote:
> LGTM. I did not verify though whether the test seeds cover all bits for the
flags.

According to kcc and mmoroz it is better to use a hash instead of the first
byte. I also remove the GC call at the end of the test because it causes a 3X
slowdown with the new flag selection.

[commit-bot: I haz the power, 2016-11-22 10:24:38]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-11-22 10:24:39]

Dry run: This issue passed the CQ dry run.

[mmoroz, 2016-11-22 10:44:29]

Description was changed from

==========
[regexp fuzzer] Let the fuzzer input select the regexp flag.

With this CL the regexp-parser-fuzzer uses the first byte of the fuzzer
input to select the regexp flag instead of executing each input with all
possible flags. Thereby the fuzzer can explore more inputs and with its
coverage metric will explore all flags only for interesting inputs.

I updated all files in test/fuzzer/regexp and added a random byte at the
beginning. This byte is used by the fuzzer to determine the flag.

BUG=chromium:664436
R=yangguo@chromium.org
==========

to

==========
[regexp fuzzer] Let the fuzzer input select the regexp flag.

With this CL the regexp-parser-fuzzer uses the first byte of the fuzzer
input to select the regexp flag instead of executing each input with all
possible flags. Thereby the fuzzer can explore more inputs and with its
coverage metric will explore all flags only for interesting inputs.

I updated all files in test/fuzzer/regexp and added a random byte at the
beginning. This byte is used by the fuzzer to determine the flag.

BUG=chromium:664436
R=yangguo@chromium.org
==========

[mmoroz, 2016-11-22 10:44:29]

mmoroz@chromium.org changed reviewers:
+ kcc@chromium.org

[mmoroz, 2016-11-22 10:46:05]

On 2016/11/22 09:58:22, ahaas wrote:
> On 2016/11/18 at 12:35:50, yangguo wrote:
> > LGTM. I did not verify though whether the test seeds cover all bits for the
> flags.
> 
> According to kcc and mmoroz it is better to use a hash instead of the first
> byte. I also remove the GC call at the end of the test because it causes a 3X
> slowdown with the new flag selection.

Thanks Andreas for implementing this, but we need to invoke GC on every run,
otherwise we have a "parasitic coverage" caused by some internal GC state which
changes for every input. I think Kostya raised that point in the issue comments:
https://bugs.chromium.org/p/chromium/issues/detail?id=664436#c5

[mmoroz, 2016-11-22 10:46:38]

LGTM after re-storing the GC call.

https://codereview.chromium.org/2511373002/diff/20001/test/fuzzer/regexp.cc
File test/fuzzer/regexp.cc (left):

https://codereview.chromium.org/2511373002/diff/20001/test/fuzzer/regexp.cc#o...
test/fuzzer/regexp.cc:77: isolate->RequestGarbageCollectionForTesting(
Could you please return this call?

[ahaas, 2016-11-22 12:29:52]

The CQ bit was checked by ahaas@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-11-22 12:29:55]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[ahaas, 2016-11-22 12:30:56]

https://codereview.chromium.org/2511373002/diff/20001/test/fuzzer/regexp.cc
File test/fuzzer/regexp.cc (left):

https://codereview.chromium.org/2511373002/diff/20001/test/fuzzer/regexp.cc#o...
test/fuzzer/regexp.cc:77: isolate->RequestGarbageCollectionForTesting(
On 2016/11/22 at 10:46:38, mmoroz wrote:
> Could you please return this call?

Done.

[mmoroz, 2016-11-22 12:33:28]

thanks, LGTM!

[commit-bot: I haz the power, 2016-11-22 12:56:20]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-11-22 12:56:21]

Dry run: This issue passed the CQ dry run.

[ahaas, 2016-11-22 12:56:49]

The CQ bit was checked by ahaas@chromium.org

[ahaas, 2016-11-22 12:56:49]

The patchset sent to the CQ was uploaded after l-g-t-m from yangguo@chromium.org
Link to the patchset: https://codereview.chromium.org/2511373002/#ps40001
(title: "Reintroduce the GC call.")

[commit-bot: I haz the power, 2016-11-22 12:56:56]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-11-22 12:59:12]

CQ is committing da patch.

Bot data: {"patchset_id": 40001, "attempt_start_ts": 1479819409340890,
"parent_rev": "b15c4c19a7ca74cfa121fc44bbea924f1540cf51", "commit_rev":
"20a076594938a4bb76211e15914eeff8e7b55f6e"}

[commit-bot: I haz the power, 2016-11-22 12:59:18]

Description was changed from

==========
[regexp fuzzer] Let the fuzzer input select the regexp flag.

With this CL the regexp-parser-fuzzer uses the first byte of the fuzzer
input to select the regexp flag instead of executing each input with all
possible flags. Thereby the fuzzer can explore more inputs and with its
coverage metric will explore all flags only for interesting inputs.

I updated all files in test/fuzzer/regexp and added a random byte at the
beginning. This byte is used by the fuzzer to determine the flag.

BUG=chromium:664436
R=yangguo@chromium.org
==========

to

==========
[regexp fuzzer] Let the fuzzer input select the regexp flag.

With this CL the regexp-parser-fuzzer uses the first byte of the fuzzer
input to select the regexp flag instead of executing each input with all
possible flags. Thereby the fuzzer can explore more inputs and with its
coverage metric will explore all flags only for interesting inputs.

I updated all files in test/fuzzer/regexp and added a random byte at the
beginning. This byte is used by the fuzzer to determine the flag.

BUG=chromium:664436
R=yangguo@chromium.org
==========

[commit-bot: I haz the power, 2016-11-22 12:59:20]

Committed patchset #3 (id:40001)

[commit-bot: I haz the power, 2016-11-22 12:59:45]

Description was changed from

==========
[regexp fuzzer] Let the fuzzer input select the regexp flag.

With this CL the regexp-parser-fuzzer uses the first byte of the fuzzer
input to select the regexp flag instead of executing each input with all
possible flags. Thereby the fuzzer can explore more inputs and with its
coverage metric will explore all flags only for interesting inputs.

I updated all files in test/fuzzer/regexp and added a random byte at the
beginning. This byte is used by the fuzzer to determine the flag.

BUG=chromium:664436
R=yangguo@chromium.org
==========

to

==========
[regexp fuzzer] Let the fuzzer input select the regexp flag.

With this CL the regexp-parser-fuzzer uses the first byte of the fuzzer
input to select the regexp flag instead of executing each input with all
possible flags. Thereby the fuzzer can explore more inputs and with its
coverage metric will explore all flags only for interesting inputs.

I updated all files in test/fuzzer/regexp and added a random byte at the
beginning. This byte is used by the fuzzer to determine the flag.

BUG=chromium:664436
R=yangguo@chromium.org

Committed: https://crrev.com/2ba24a71b6e86b6272f2eccb37694b2b56a1219c
Cr-Commit-Position: refs/heads/master@{#41176}
==========

[commit-bot: I haz the power, 2016-11-22 12:59:46]

Patchset 3 (id:??) landed as
https://crrev.com/2ba24a71b6e86b6272f2eccb37694b2b56a1219c
Cr-Commit-Position: refs/heads/master@{#41176}