Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromium / llvm-project / compiler-rt / lib / fuzzer / 0cab3f0a88ae662db71a2d2dae7cde903e799799^! / . / FuzzerLoop.cpp
commit0cab3f0a88ae662db71a2d2dae7cde903e799799[log] [tgz]
authorkcc <kcc>Thu Jul 19 01:23:32 2018 +0000
committerkcc <kcc>Thu Jul 19 01:23:32 2018 +0000
tree77381e31f2b2fdc9fb9299f479f30199c550a08a
parente59ddd2b1545a577ace52aec6cc8b6191ffcd37a [diff] [blame]
[libFuzzer] first experimental attempt at DFT-based mutations (DFT=data-flow-trace)

git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk/lib/fuzzer@337434 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/FuzzerLoop.cpp b/FuzzerLoop.cpp
index 1ba0765..ffcd341 100644
--- a/FuzzerLoop.cpp
+++ b/FuzzerLoop.cpp

@@ -503,8 +503,7 @@
   if (NumNewFeatures) {
     TPC.UpdateObservedPCs();
     Corpus.AddToCorpus({Data, Data + Size}, NumNewFeatures, MayDeleteFile,
-                       TPC.ObservedFocusFunction(),
-                       UniqFeatureSetTmp, DFT);
+                       TPC.ObservedFocusFunction(), UniqFeatureSetTmp, DFT, II);
     return true;
   }
   if (II && FoundUniqFeaturesOfII &&
@@ -687,7 +686,12 @@
       break;
     MaybeExitGracefully();
     size_t NewSize = 0;
-    NewSize = MD.Mutate(CurrentUnitData, Size, CurrentMaxMutationLen);
+    if (II.HasFocusFunction && !II.DataFlowTraceForFocusFunction.empty() &&
+        Size <= CurrentMaxMutationLen)
+      NewSize = MD.MutateWithMask(CurrentUnitData, Size, Size,
+                                  II.DataFlowTraceForFocusFunction);
+    else
+      NewSize = MD.Mutate(CurrentUnitData, Size, CurrentMaxMutationLen);
     assert(NewSize > 0 && "Mutator returned empty unit");
     assert(NewSize <= CurrentMaxMutationLen && "Mutator return oversized unit");
     Size = NewSize;