[libFuzzer] perform fewer crossover operations compared to plain mutations

llvm-svn: 247364

1 files changed, 8 insertions, 7 deletions

diff --git a/llvm/lib/Fuzzer/FuzzerLoop.cpp b/llvm/lib/Fuzzer/FuzzerLoop.cpp
index f1802f65c37..96783dac673 100644
--- a/llvm/lib/Fuzzer/FuzzerLoop.cpp
+++ b/llvm/lib/Fuzzer/FuzzerLoop.cpp
@@ -337,23 +337,24 @@ void Fuzzer::Loop() {
       RereadOutputCorpus();
       if (TotalNumberOfRuns >= Options.MaxNumberOfRuns)
         return;
-      // First, simply mutate the unit w/o doing crosses.
       CurrentUnit = Corpus[J1];
-      MutateAndTestOne(&CurrentUnit);
-      // Now, cross with others.
-      if (Options.DoCrossOver && !Corpus[J1].empty()) {
-        for (size_t J2 = 0; J2 < Corpus.size(); J2++) {
+      // Optionally, cross with another unit.
+      if (Options.DoCrossOver && USF.GetRand().RandBool()) {
+        size_t J2 = USF.GetRand()(Corpus.size());
+        if (!Corpus[J1].empty() && !Corpus[J2].empty()) {
+          assert(!Corpus[J2].empty());
           CurrentUnit.resize(Options.MaxLen);
           size_t NewSize = USF.CrossOver(
               Corpus[J1].data(), Corpus[J1].size(), Corpus[J2].data(),
               Corpus[J2].size(), CurrentUnit.data(), CurrentUnit.size());
           assert(NewSize > 0 && "CrossOver returned empty unit");
           assert(NewSize <= (size_t)Options.MaxLen &&
-                 "CrossOver return overisized unit");
+                 "CrossOver returned overisized unit");
           CurrentUnit.resize(NewSize);
-          MutateAndTestOne(&CurrentUnit);
         }
       }
+      // Perform several mutations and runs.
+      MutateAndTestOne(&CurrentUnit);
     }
   }
 }