[llvm] r283178 - [libFuzzer] change the probabilities so that we choose only the inputs that are known to be minimal inputs for at least one coverage feature (works only with -shrink=1 for now)

Kostya Serebryany via llvm-commits llvm-commits at lists.llvm.org
Mon Oct 3 18:51:44 PDT 2016 

Author: kcc
Date: Mon Oct  3 20:51:44 2016
New Revision: 283178

URL: http://llvm.org/viewvc/llvm-project?rev=283178&view=rev
Log:
[libFuzzer] change the probabilities so that we choose only the inputs that are known to be minimal inputs for at least one coverage feature (works only with -shrink=1 for now)

Modified:
    llvm/trunk/lib/Fuzzer/FuzzerCorpus.h
    llvm/trunk/lib/Fuzzer/build.sh

Modified: llvm/trunk/lib/Fuzzer/FuzzerCorpus.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerCorpus.h?rev=283178&r1=283177&r2=283178&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerCorpus.h (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerCorpus.h Mon Oct  3 20:51:44 2016
@@ -127,6 +127,7 @@ private:
       if (!Fe.SmallestElementSize ||
           Fe.SmallestElementSize > Size) {
         II.NumFeatures++;
+        CountingFeatures = true;
         if (Fe.SmallestElementSize > Size) {
           auto &OlderII = Inputs[Fe.SmallestElementIdx];
           assert(OlderII.NumFeatures > 0);
@@ -147,15 +148,22 @@ private:
   // Must be called whenever the corpus or unit weights are changed.
   void UpdateCorpusDistribution() {
     size_t N = Inputs.size();
-    std::vector<double> Intervals(N + 1);
-    std::vector<double> Weights(N);
+    Intervals.resize(N + 1);
+    Weights.resize(N);
     std::iota(Intervals.begin(), Intervals.end(), 0);
-    std::iota(Weights.begin(), Weights.end(), 1);
+    if (CountingFeatures)
+      for (size_t i = 0; i < N; i++)
+        Weights[i] = Inputs[i].NumFeatures * (i + 1);
+    else
+      std::iota(Weights.begin(), Weights.end(), 1);
     CorpusDistribution = std::piecewise_constant_distribution<double>(
         Intervals.begin(), Intervals.end(), Weights.begin());
   }
   std::piecewise_constant_distribution<double> CorpusDistribution;
 
+  std::vector<double> Intervals;
+  std::vector<double> Weights;
+
   std::unordered_set<std::string> Hashes;
   std::vector<InputInfo> Inputs;
 
@@ -164,6 +172,7 @@ private:
     size_t SmallestElementIdx;
     size_t SmallestElementSize;
   };
+  bool CountingFeatures = false;
   Feature FeatureSet[kFeatureSetSize];
 };
 

Modified: llvm/trunk/lib/Fuzzer/build.sh
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/build.sh?rev=283178&r1=283177&r2=283178&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/build.sh (original)
+++ llvm/trunk/lib/Fuzzer/build.sh Mon Oct  3 20:51:44 2016
@@ -1,7 +1,7 @@
 #!/bin/bash
 LIBFUZZER_SRC_DIR=$(dirname $0)
 for f in $LIBFUZZER_SRC_DIR/*.cpp; do
-  clang -O2 -std=c++11 $f -c &
+  clang -g -O2 -std=c++11 $f -c &
 done
 wait
 rm -f libFuzzer.a

More information about the llvm-commits mailing list