summaryrefslogtreecommitdiff
path: root/lib/fuzzer/FuzzerLoop.cpp
diff options
context:
space:
mode:
authorMax Moroz <mmoroz@chromium.org>2018-08-02 22:30:03 +0000
committerMax Moroz <mmoroz@chromium.org>2018-08-02 22:30:03 +0000
commit27f6922bac686ad0c060989e480e71495e028199 (patch)
treeb41517eab93bd19bbd78a26bc7e396702e8aeef2 /lib/fuzzer/FuzzerLoop.cpp
parente1ff3d6417ef53be34c67ad9bc5a128b243c3a97 (diff)
downloadcompiler-rt-27f6922bac686ad0c060989e480e71495e028199.tar.gz
[libFuzzer] Initial implementation of weighted mutation leveraging during runtime.
Summary: Added functions that calculate stats while fuzz targets are running and give mutations weight based on how much new coverage they provide, and choose better performing mutations more often. Patch by Kodé Williams (@kodewilliams). Reviewers: Dor1s, metzman, morehouse Reviewed By: Dor1s, morehouse Subscribers: delcypher, kcc, llvm-commits, #sanitizers Differential Revision: https://reviews.llvm.org/D49621 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@338776 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/fuzzer/FuzzerLoop.cpp')
-rw-r--r--lib/fuzzer/FuzzerLoop.cpp4
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/fuzzer/FuzzerLoop.cpp b/lib/fuzzer/FuzzerLoop.cpp
index 4bc88365a..23fcb8a40 100644
--- a/lib/fuzzer/FuzzerLoop.cpp
+++ b/lib/fuzzer/FuzzerLoop.cpp
@@ -38,6 +38,7 @@
namespace fuzzer {
static const size_t kMaxUnitSizeToPrint = 256;
+static const size_t kUpdateMutationWeightRuns = 10000;
thread_local bool Fuzzer::IsMyThread;
@@ -554,6 +555,9 @@ static bool LooseMemeq(const uint8_t *A, const uint8_t *B, size_t Size) {
void Fuzzer::ExecuteCallback(const uint8_t *Data, size_t Size) {
TPC.RecordInitialStack();
+ if (Options.UseWeightedMutations &&
+ TotalNumberOfRuns % kUpdateMutationWeightRuns == 0)
+ MD.UpdateDistribution();
TotalNumberOfRuns++;
assert(InFuzzingThread());
if (SMR.IsClient())
View Lorry Controller Status