[llvm-dev] libFuzzer: Rationale for a line in FuzzerMutate.cpp
Fabian Meumertzheim via llvm-dev
llvm-dev at lists.llvm.org
Fri Apr 9 06:18:58 PDT 2021
While working on potential improvements to libFuzzer's mutations based on
the table of recent compares, I came across this line in FuzzerMutate.cpp (
https://github.com/llvm/llvm-project/blob/920c0f7e09e2a55a800a181fb9bfe296a8733c89/compiler-rt/lib/fuzzer/FuzzerMutate.cpp#L469
):
PersistentAutoDictionary.push_back({DE->GetW(), 1});
It adds an entry to the persistent auto dictionary with a position hint for
position 1, meaning that the mutator would (50% of the time) try to insert
or overwrite some bytes with the entry specifically after the first byte of
the input.
I'm somewhat puzzled about this particular choice. I would have expected
the position hint value to be either std::numeric_limits<size_t>::max(),
which would make the mutator always pick an insertion position at random,
or an existing position hint. Is there something I'm missing here that
would explain the preferred position 1?
Fabian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20210409/381cf10a/attachment.html>
More information about the llvm-dev
mailing list