summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerLoop.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'llvm/lib/Fuzzer/FuzzerLoop.cpp')
-rw-r--r--llvm/lib/Fuzzer/FuzzerLoop.cpp31
1 files changed, 4 insertions, 27 deletions
diff --git a/llvm/lib/Fuzzer/FuzzerLoop.cpp b/llvm/lib/Fuzzer/FuzzerLoop.cpp
index b68185ba3b5..0edc21db3ac 100644
--- a/llvm/lib/Fuzzer/FuzzerLoop.cpp
+++ b/llvm/lib/Fuzzer/FuzzerLoop.cpp
@@ -374,7 +374,6 @@ void Fuzzer::RereadOutputCorpus(size_t MaxSize) {
if (!Corpus.HasUnit(X)) {
if (RunOne(X)) {
Corpus.push_back(X);
- UpdateCorpusDistribution();
PrintStats("RELOAD");
}
}
@@ -404,7 +403,6 @@ void Fuzzer::ShuffleAndMinimize(UnitVector *InitialCorpus) {
TryDetectingAMemoryLeak(U.data(), U.size(),
/*DuringInitialCorpusExecution*/ true);
}
- UpdateCorpusDistribution();
PrintStats("INITED");
if (Corpus.empty()) {
Printf("ERROR: no interesting inputs were found. "
@@ -543,7 +541,6 @@ void Fuzzer::PrintNewPCs() {
void Fuzzer::ReportNewCoverage(const Unit &U) {
Corpus.push_back(U);
- UpdateCorpusDistribution();
MD.RecordSuccessfulMutationSequence();
PrintStatusForNewUnit(U);
WriteToOutputCorpus(U);
@@ -656,8 +653,9 @@ void Fuzzer::MutateAndTestOne() {
LazyAllocateCurrentUnitData();
MD.StartMutationSequence();
- auto &U = ChooseUnitToMutate();
- ComputeSHA1(U.data(), U.size(), BaseSha1); // Remember where we started.
+ const auto &II = Corpus.ChooseUnitToMutate(MD.GetRand());
+ const auto &U = II.U;
+ memcpy(BaseSha1, II.Sha1, sizeof(BaseSha1));
assert(CurrentUnitData);
size_t Size = U.size();
assert(Size <= Options.MaxLen && "Oversized Unit");
@@ -667,8 +665,7 @@ void Fuzzer::MutateAndTestOne() {
size_t NewSize = 0;
NewSize = MD.Mutate(CurrentUnitData, Size, Options.MaxLen);
assert(NewSize > 0 && "Mutator returned empty unit");
- assert(NewSize <= Options.MaxLen &&
- "Mutator return overisized unit");
+ assert(NewSize <= Options.MaxLen && "Mutator return overisized unit");
Size = NewSize;
if (i == 0)
StartTraceRecording();
@@ -679,16 +676,6 @@ void Fuzzer::MutateAndTestOne() {
}
}
-// Returns an index of random unit from the corpus to mutate.
-// Hypothesis: units added to the corpus last are more likely to be interesting.
-// This function gives more weight to the more recent units.
-size_t Fuzzer::ChooseUnitIdxToMutate() {
- size_t Idx =
- static_cast<size_t>(CorpusDistribution(MD.GetRand().Get_mt19937()));
- assert(Idx < Corpus.size());
- return Idx;
-}
-
void Fuzzer::ResetCoverage() {
ResetEdgeCoverage();
MaxCoverage.Reset();
@@ -720,16 +707,6 @@ void Fuzzer::Loop() {
MD.PrintRecommendedDictionary();
}
-void Fuzzer::UpdateCorpusDistribution() {
- size_t N = Corpus.size();
- std::vector<double> Intervals(N + 1);
- std::vector<double> Weights(N);
- std::iota(Intervals.begin(), Intervals.end(), 0);
- std::iota(Weights.begin(), Weights.end(), 1);
- CorpusDistribution = std::piecewise_constant_distribution<double>(
- Intervals.begin(), Intervals.end(), Weights.begin());
-}
-
} // namespace fuzzer
extern "C" {
OpenPOWER on IntegriCloud