Optimize clang source-based code coverage build configuration.

I've been testing the changes on net_parse_cookie_line_fuzzer, which is a fuzz target of average size written in C++. Improvements step by step: 0) Original configuration, Coverage + ASan: 158 MB 1,000 exec/s 1) Prohibit ASan (and other sanitizers), use only Coverage instrumentation: 132 MB same speed The following change hasn't been applied, but let's keep it in the description FTR: - 2) Disable sanitizer coverage (which is different from clang source-based coverage): - 90 MB 1,088 exec/s (speed +8-10%) 3) Avoid optimize_for_fuzzing config (i.e. use -O3 instead of -O1 for coverage build): Same size 1,773 exec/s (speed +60-65% on top of the previous change) 4) Disable coverage for libFuzzer source code: 88 MB 3,988 exec/s (speed +125% on top of previous changes) 5) Disable coverage for libc++ and libc++abi sources (https://chromium-review.googlesource.com/#/c/chromium/buildtools/+/693570): 86 MB 4,110 exec/s (speed +3% on top of previous changes) In total, for that particular target: - build size reduced by ~45% - execution speed increased by ~310% I've also tested the changes with zlib_uncompress_fuzzer (a tiny fuzz target for C-library): - build size reduced by ~83% - execution speed increased by ~120% I haven't measured impact on the other fuzz targets, so it may vary a lot, but the result seems to be quite significant anyway. Bug: 759794 Change-Id: Icf61c979e38d0f7849ab7281bd9e24cf2b7a7d02 Reviewed-on: https://chromium-review.googlesource.com/693564Reviewed-by: Brett Wilson <brettw@chromium.org> Reviewed-by: Oliver Chang <ochang@chromium.org> Commit-Queue: Abhishek Arya <inferno@chromium.org> Cr-Commit-Position: refs/heads/master@{#506454}

Optimize clang source-based code coverage build configuration.
I've been testing the changes on net_parse_cookie_line_fuzzer, which is a fuzz target of average size written in C++. Improvements step by step: 0) Original configuration, Coverage + ASan: 158 MB 1,000 exec/s 1) Prohibit ASan (and other sanitizers), use only Coverage instrumentation: 132 MB same speed The following change hasn't been applied, but let's keep it in the description FTR: - 2) Disable sanitizer coverage (which is different from clang source-based coverage): - 90 MB 1,088 exec/s (speed +8-10%) 3) Avoid optimize_for_fuzzing config (i.e. use -O3 instead of -O1 for coverage build): Same size 1,773 exec/s (speed +60-65% on top of the previous change) 4) Disable coverage for libFuzzer source code: 88 MB 3,988 exec/s (speed +125% on top of previous changes) 5) Disable coverage for libc++ and libc++abi sources (https://chromium-review.googlesource.com/#/c/chromium/buildtools/+/693570): 86 MB 4,110 exec/s (speed +3% on top of previous changes) In total, for that particular target: - build size reduced by ~45% - execution speed increased by ~310% I've also tested the changes with zlib_uncompress_fuzzer (a tiny fuzz target for C-library): - build size reduced by ~83% - execution speed increased by ~120% I haven't measured impact on the other fuzz targets, so it may vary a lot, but the result seems to be quite significant anyway. Bug: 759794 Change-Id: Icf61c979e38d0f7849ab7281bd9e24cf2b7a7d02 Reviewed-on: https://chromium-review.googlesource.com/693564Reviewed-by: Brett Wilson <brettw@chromium.org> Reviewed-by: Oliver Chang <ochang@chromium.org> Commit-Queue: Abhishek Arya <inferno@chromium.org> Cr-Commit-Position: refs/heads/master@{#506454}
c8fee977 · Max Moroz · Commit Bot · af33ce68 · c8fee977 · c8fee977
Commit c8fee977 authored Oct 04, 2017 by Max Moroz Committed by Commit Bot Oct 04, 2017
6 changed files
--- a/build/config/BUILDCONFIG.gn
+++ b/build/config/BUILDCONFIG.gn
@@ -527,6 +527,7 @@ default_compiler_configs = [
  "//build/config/compiler:default_symbols",
  "//build/config/compiler:no_rtti",
  "//build/config/compiler:runtime_library",
+  "//build/config/coverage:default_coverage",
  "//build/config/sanitizers:default_sanitizer_flags",
 ]
 if (is_win) {

--- a/build/config/compiler/BUILD.gn
+++ b/build/config/compiler/BUILD.gn
@@ -265,8 +265,6 @@ config("compiler") {
    # and build system rebuild things when their commandline changes). Nothing
    # should ever read this define.
    defines += [ "CR_CLANG_REVISION=\"$clang_revision\"" ]
-    configs += [ "//build/config/coverage" ]
  }
  # Non-Mac Posix compiler flags setup.
@@ -1723,6 +1721,12 @@ config("default_optimization") {
    configs = [ ":no_optimize" ]
  } else if (optimize_for_fuzzing) {
    assert(!is_win, "Fuzzing optimize level not supported on Windows")
+    # Coverage build is quite slow. Using "optimize_for_fuzzing" makes it even
+    # slower as it uses "-O1" instead of "-O3". Prevent that from happening.
+    assert(!use_clang_coverage,
+           "optimize_for_fuzzing=true should not be used with " +
+               "use_clang_coverage=true.")
    configs = [ ":optimize_fuzzing" ]
  } else {
    configs = [ ":optimize" ]

--- a/build/config/coverage/BUILD.gn
+++ b/build/config/coverage/BUILD.gn
@@ -2,14 +2,9 @@
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
-import("//build/toolchain/toolchain.gni")
+import("//build/config/coverage/coverage.gni")
-declare_args() {
+config("default_coverage") {
-  # Enable Clang's source-based code coverage.
-  use_clang_coverage = false
-}
-config("coverage") {
  if (use_clang_coverage) {
    cflags = [
      "-fprofile-instr-generate",

--- a/build/config/coverage/OWNERS
+++ b/build/config/coverage/OWNERS
+inferno@chromium.org
+mmoroz@chromium.org
+ochang@chromium.org
--- a/build/config/coverage/coverage.gni
+++ b/build/config/coverage/coverage.gni
+# Copyright 2017 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+import("//build/toolchain/toolchain.gni")
+declare_args() {
+  # Enable Clang's Source-based Code Coverage.
+  use_clang_coverage = false
+}
+assert(!use_clang_coverage || is_clang,
+       "Clang Source-based Code Coverage requires clang.")
--- a/third_party/libFuzzer/BUILD.gn
+++ b/third_party/libFuzzer/BUILD.gn
@@ -2,11 +2,16 @@
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
+# Engine should be compiled without coverage (infinite loop in trace_cmp).
+fuzzing_engine_remove_configs = [
+  "//build/config/coverage:default_coverage",
+  "//build/config/sanitizers:default_sanitizer_flags",
+]
+fuzzing_engine_add_configs =
+    [ "//build/config/sanitizers:default_sanitizer_flags_but_coverage" ]
 source_set("libfuzzer") {
-  # libfuzzer should be compiled without coverage (infinite loop in trace_cmp).
-  configs -= [ "//build/config/sanitizers:default_sanitizer_flags" ]
-  configs +=
-      [ "//build/config/sanitizers:default_sanitizer_flags_but_coverage" ]
  sources = [
    "src/FuzzerCrossOver.cpp",
    "src/FuzzerDriver.cpp",
@@ -32,15 +37,16 @@ source_set("libfuzzer") {
    "src/FuzzerUtilPosix.cpp",
    "src/FuzzerUtilWindows.cpp",
  ]
+  configs -= fuzzing_engine_remove_configs
+  configs += fuzzing_engine_add_configs
 }
 source_set("afl_driver") {
-  # AFL should be compiled without coverage (infinite loop in trace_cmp).
-  configs -= [ "//build/config/sanitizers:default_sanitizer_flags" ]
-  configs +=
-      [ "//build/config/sanitizers:default_sanitizer_flags_but_coverage" ]
  sources = [
    "src/afl/afl_driver.cpp",
  ]
+  configs -= fuzzing_engine_remove_configs
+  configs += fuzzing_engine_add_configs
 }