projects / platform / upstream / llvm.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dcf0cfc)
[libFuzzer] change the probabilities so that we choose only the inputs that are known...
authorKostya Serebryany <kcc@google.com>
Tue, 4 Oct 2016 01:51:44 +0000 (01:51 +0000)
committerKostya Serebryany <kcc@google.com>
Tue, 4 Oct 2016 01:51:44 +0000 (01:51 +0000)
llvm-svn: 283178

llvm/lib/Fuzzer/FuzzerCorpus.h patch | blob | history
llvm/lib/Fuzzer/build.sh patch | blob | history

diff --git a/llvm/lib/Fuzzer/FuzzerCorpus.h b/llvm/lib/Fuzzer/FuzzerCorpus.h
index 802f700..3b76471 100644 (file)
--- a/llvm/lib/Fuzzer/FuzzerCorpus.h
+++ b/llvm/lib/Fuzzer/FuzzerCorpus.h
@@ -127,6 +127,7 @@ private:
       if (!Fe.SmallestElementSize ||
           Fe.SmallestElementSize > Size) {
         II.NumFeatures++;
+        CountingFeatures = true;
         if (Fe.SmallestElementSize > Size) {
           auto &OlderII = Inputs[Fe.SmallestElementIdx];
           assert(OlderII.NumFeatures > 0);
@@ -147,15 +148,22 @@ private:
   // Must be called whenever the corpus or unit weights are changed.
   void UpdateCorpusDistribution() {
     size_t N = Inputs.size();
-    std::vector<double> Intervals(N + 1);
-    std::vector<double> Weights(N);
+    Intervals.resize(N + 1);
+    Weights.resize(N);
     std::iota(Intervals.begin(), Intervals.end(), 0);
-    std::iota(Weights.begin(), Weights.end(), 1);
+    if (CountingFeatures)
+      for (size_t i = 0; i < N; i++)
+        Weights[i] = Inputs[i].NumFeatures * (i + 1);
+    else
+      std::iota(Weights.begin(), Weights.end(), 1);
     CorpusDistribution = std::piecewise_constant_distribution<double>(
         Intervals.begin(), Intervals.end(), Weights.begin());
   }
   std::piecewise_constant_distribution<double> CorpusDistribution;
 
+  std::vector<double> Intervals;
+  std::vector<double> Weights;
+
   std::unordered_set<std::string> Hashes;
   std::vector<InputInfo> Inputs;
 
@@ -164,6 +172,7 @@ private:
     size_t SmallestElementIdx;
     size_t SmallestElementSize;
   };
+  bool CountingFeatures = false;
   Feature FeatureSet[kFeatureSetSize];
 };
 
diff --git a/llvm/lib/Fuzzer/build.sh b/llvm/lib/Fuzzer/build.sh
index 92d7b8c..3cbe39d 100755 (executable)
--- a/llvm/lib/Fuzzer/build.sh
+++ b/llvm/lib/Fuzzer/build.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 LIBFUZZER_SRC_DIR=$(dirname $0)
 for f in $LIBFUZZER_SRC_DIR/*.cpp; do
-  clang -O2 -std=c++11 $f -c &
+  clang -g -O2 -std=c++11 $f -c &
 done
 wait
 rm -f libFuzzer.a
Domain: System / Toolchain;