diff options
| author | Kostya Serebryany <kcc@google.com> | 2016-10-04 01:51:44 +0000 |
|---|---|---|
| committer | Kostya Serebryany <kcc@google.com> | 2016-10-04 01:51:44 +0000 |
| commit | 5a52a11ce49b11bbc4c3db71bea43a3bd3667a53 (patch) | |
| tree | a2dfe61baf72ad0dc9052eb09cb23364fc9c9456 /llvm/lib | |
| parent | dcf0cfca4c161ebdf00c2f605cf7032b5c23fe9d (diff) | |
| download | bcm5719-llvm-5a52a11ce49b11bbc4c3db71bea43a3bd3667a53.tar.gz bcm5719-llvm-5a52a11ce49b11bbc4c3db71bea43a3bd3667a53.zip | |
[libFuzzer] change the probabilities so that we choose only the inputs that are known to be minimal inputs for at least one coverage feature (works only with -shrink=1 for now)
llvm-svn: 283178
Diffstat (limited to 'llvm/lib')
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerCorpus.h | 15 | ||||
| -rwxr-xr-x | llvm/lib/Fuzzer/build.sh | 2 |
2 files changed, 13 insertions, 4 deletions
diff --git a/llvm/lib/Fuzzer/FuzzerCorpus.h b/llvm/lib/Fuzzer/FuzzerCorpus.h index 802f700f5c9..3b76471db6e 100644 --- a/llvm/lib/Fuzzer/FuzzerCorpus.h +++ b/llvm/lib/Fuzzer/FuzzerCorpus.h @@ -127,6 +127,7 @@ private: if (!Fe.SmallestElementSize || Fe.SmallestElementSize > Size) { II.NumFeatures++; + CountingFeatures = true; if (Fe.SmallestElementSize > Size) { auto &OlderII = Inputs[Fe.SmallestElementIdx]; assert(OlderII.NumFeatures > 0); @@ -147,15 +148,22 @@ private: // Must be called whenever the corpus or unit weights are changed. void UpdateCorpusDistribution() { size_t N = Inputs.size(); - std::vector<double> Intervals(N + 1); - std::vector<double> Weights(N); + Intervals.resize(N + 1); + Weights.resize(N); std::iota(Intervals.begin(), Intervals.end(), 0); - std::iota(Weights.begin(), Weights.end(), 1); + if (CountingFeatures) + for (size_t i = 0; i < N; i++) + Weights[i] = Inputs[i].NumFeatures * (i + 1); + else + std::iota(Weights.begin(), Weights.end(), 1); CorpusDistribution = std::piecewise_constant_distribution<double>( Intervals.begin(), Intervals.end(), Weights.begin()); } std::piecewise_constant_distribution<double> CorpusDistribution; + std::vector<double> Intervals; + std::vector<double> Weights; + std::unordered_set<std::string> Hashes; std::vector<InputInfo> Inputs; @@ -164,6 +172,7 @@ private: size_t SmallestElementIdx; size_t SmallestElementSize; }; + bool CountingFeatures = false; Feature FeatureSet[kFeatureSetSize]; }; diff --git a/llvm/lib/Fuzzer/build.sh b/llvm/lib/Fuzzer/build.sh index 92d7b8cdbf7..3cbe39dbebb 100755 --- a/llvm/lib/Fuzzer/build.sh +++ b/llvm/lib/Fuzzer/build.sh @@ -1,7 +1,7 @@ #!/bin/bash LIBFUZZER_SRC_DIR=$(dirname $0) for f in $LIBFUZZER_SRC_DIR/*.cpp; do - clang -O2 -std=c++11 $f -c & + clang -g -O2 -std=c++11 $f -c & done wait rm -f libFuzzer.a |
