Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromium / llvm-project / compiler-rt / lib / fuzzer / 2cd9f09af979de41f5850580fd1bf04223a53e39^! / .
commit2cd9f09af979de41f5850580fd1bf04223a53e39[log] [tgz]
authorkcc <kcc>Fri Oct 13 01:12:23 2017 +0000
committerkcc <kcc>Fri Oct 13 01:12:23 2017 +0000
tree5b952cd8dc206f93d4b0c90c7888026ff6202d17
parent51e6f3965307f192c766fdf3d51753cbc6fc4953 [diff]
[libFuzzer] tweam use_feature_frequency to be less aggressive; run a dummy input before the seed corpus

git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk/lib/fuzzer@315657 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/FuzzerCorpus.h b/FuzzerCorpus.h
index 385a065..2da9298 100644
--- a/FuzzerCorpus.h
+++ b/FuzzerCorpus.h

@@ -220,9 +220,11 @@
     return FeatureFrequency[Idx % kFeatureSetSize];
   }
   void UpdateFeatureFrequencyScore(InputInfo *II) {
-    II->FeatureFrequencyScore = 0.00000001;
+    const float kMin = 0.01, kMax = 100.;
+    II->FeatureFrequencyScore = kMin;
     for (auto Idx : II->UniqFeatureSet)
       II->FeatureFrequencyScore += 1. / (GetFeatureFrequency(Idx) + 1.);
+    II->FeatureFrequencyScore = Min(II->FeatureFrequencyScore, kMax);
   }
 
   size_t NumFeatures() const { return NumAddedFeatures; }
@@ -261,8 +263,20 @@
     Weights.resize(N);
     std::iota(Intervals.begin(), Intervals.end(), 0);
     for (size_t i = 0; i < N; i++)
-      Weights[i] =
-          Inputs[i]->NumFeatures * (i + 1) * Inputs[i]->FeatureFrequencyScore;
+      Weights[i] = Inputs[i]->NumFeatures
+                       ? (i + 1) * Inputs[i]->FeatureFrequencyScore
+                       : 0.;
+    if (FeatureDebug) {
+      for (size_t i = 0; i < N; i++)
+        Printf("%zd ", Inputs[i]->NumFeatures);
+      Printf("NUM\n");
+      for (size_t i = 0; i < N; i++)
+        Printf("%f ", Inputs[i]->FeatureFrequencyScore);
+      Printf("SCORE\n");
+      for (size_t i = 0; i < N; i++)
+        Printf("%f ", Weights[i]);
+      Printf("Weights\n");
+    }
     CorpusDistribution = std::piecewise_constant_distribution<double>(
         Intervals.begin(), Intervals.end(), Weights.begin());
   }

diff --git a/FuzzerLoop.cpp b/FuzzerLoop.cpp
index c095fed..30844e3 100644
--- a/FuzzerLoop.cpp
+++ b/FuzzerLoop.cpp

@@ -621,6 +621,10 @@
     SetMaxInputLen(std::min(std::max(kMinDefaultLen, MaxSize), kMaxSaneLen));
   assert(MaxInputLen > 0);
 
+  // Test the callback with empty input and never try it again.
+  uint8_t dummy = 0;
+  ExecuteCallback(&dummy, 0);
+
   if (SizedFiles.empty()) {
     Printf("INFO: A corpus is not provided, starting from an empty corpus\n");
     Unit U({'\n'}); // Valid ASCII input.
@@ -648,9 +652,6 @@
     }
   }
 
-  // Test the callback with empty input and never try it again.
-  uint8_t dummy;
-  ExecuteCallback(&dummy, 0);
 
   PrintStats("INITED");
   if (Corpus.empty()) {