[libFuzzer] perform fewer crossover operations compared to plain mutations

llvm-svn: 247364
This commit is contained in:
Kostya Serebryany 2015-09-11 00:20:58 +00:00
parent 24d07fdd27
commit dd02f1f8ab
1 changed files with 8 additions and 7 deletions

View File

@ -337,26 +337,27 @@ void Fuzzer::Loop() {
RereadOutputCorpus();
if (TotalNumberOfRuns >= Options.MaxNumberOfRuns)
return;
// First, simply mutate the unit w/o doing crosses.
CurrentUnit = Corpus[J1];
MutateAndTestOne(&CurrentUnit);
// Now, cross with others.
if (Options.DoCrossOver && !Corpus[J1].empty()) {
for (size_t J2 = 0; J2 < Corpus.size(); J2++) {
// Optionally, cross with another unit.
if (Options.DoCrossOver && USF.GetRand().RandBool()) {
size_t J2 = USF.GetRand()(Corpus.size());
if (!Corpus[J1].empty() && !Corpus[J2].empty()) {
assert(!Corpus[J2].empty());
CurrentUnit.resize(Options.MaxLen);
size_t NewSize = USF.CrossOver(
Corpus[J1].data(), Corpus[J1].size(), Corpus[J2].data(),
Corpus[J2].size(), CurrentUnit.data(), CurrentUnit.size());
assert(NewSize > 0 && "CrossOver returned empty unit");
assert(NewSize <= (size_t)Options.MaxLen &&
"CrossOver return overisized unit");
"CrossOver returned overisized unit");
CurrentUnit.resize(NewSize);
}
}
// Perform several mutations and runs.
MutateAndTestOne(&CurrentUnit);
}
}
}
}
}
void Fuzzer::SyncCorpus() {
if (Options.SyncCommand.empty() || Options.OutputCorpus.empty()) return;