diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/fuzzer/FuzzerInternal.h | 2 | ||||
-rw-r--r-- | lib/fuzzer/FuzzerLoop.cpp | 12 | ||||
-rw-r--r-- | lib/fuzzer/FuzzerTracePC.h | 2 | ||||
-rw-r--r-- | lib/fuzzer/FuzzerUtil.h | 2 |
4 files changed, 7 insertions, 11 deletions
diff --git a/lib/fuzzer/FuzzerInternal.h b/lib/fuzzer/FuzzerInternal.h index 5ae9e2b8f..2b2638f1f 100644 --- a/lib/fuzzer/FuzzerInternal.h +++ b/lib/fuzzer/FuzzerInternal.h @@ -124,8 +124,6 @@ private: size_t NumberOfNewUnitsAdded = 0; size_t LastCorpusUpdateRun = 0; - system_clock::time_point LastCorpusUpdateTime = system_clock::now(); - bool HasMoreMallocsThanFrees = false; size_t NumberOfLeakDetectionAttempts = 0; diff --git a/lib/fuzzer/FuzzerLoop.cpp b/lib/fuzzer/FuzzerLoop.cpp index 6ed48e08b..5b451ca12 100644 --- a/lib/fuzzer/FuzzerLoop.cpp +++ b/lib/fuzzer/FuzzerLoop.cpp @@ -567,7 +567,6 @@ void Fuzzer::ReportNewCoverage(InputInfo *II, const Unit &U) { NumberOfNewUnitsAdded++; CheckExitOnSrcPosOrItem(); // Check only after the unit is saved to corpus. LastCorpusUpdateRun = TotalNumberOfRuns; - LastCorpusUpdateTime = system_clock::now(); } // Tries detecting a memory leak on the particular input that we have just @@ -758,18 +757,15 @@ void Fuzzer::Loop(const Vector<std::string> &CorpusDirs) { // Update TmpMaxMutationLen if (Options.ExperimentalLenControl) { if (TmpMaxMutationLen < MaxMutationLen && - (TotalNumberOfRuns - LastCorpusUpdateRun > - Options.ExperimentalLenControl && - duration_cast<seconds>(Now - LastCorpusUpdateTime).count() >= 1)) { - LastCorpusUpdateRun = TotalNumberOfRuns; - LastCorpusUpdateTime = Now; + TotalNumberOfRuns - LastCorpusUpdateRun > + Options.ExperimentalLenControl * Log(TmpMaxMutationLen)) { TmpMaxMutationLen = - Min(MaxMutationLen, - TmpMaxMutationLen + Max(size_t(4), TmpMaxMutationLen / 8)); + Min(MaxMutationLen, TmpMaxMutationLen + Log(TmpMaxMutationLen)); if (TmpMaxMutationLen <= MaxMutationLen) Printf("#%zd\tTEMP_MAX_LEN: %zd (%zd %zd)\n", TotalNumberOfRuns, TmpMaxMutationLen, Options.ExperimentalLenControl, LastCorpusUpdateRun); + LastCorpusUpdateRun = TotalNumberOfRuns; } } else { TmpMaxMutationLen = MaxMutationLen; diff --git a/lib/fuzzer/FuzzerTracePC.h b/lib/fuzzer/FuzzerTracePC.h index 300e5db38..dc65cd720 100644 --- a/lib/fuzzer/FuzzerTracePC.h +++ b/lib/fuzzer/FuzzerTracePC.h @@ -276,7 +276,7 @@ void TracePC::CollectFeatures(Callback HandleFeature) const { // Step function, grows similar to 8 * Log_2(A). auto StackDepthStepFunction = [](uint32_t A) -> uint32_t { - uint32_t Log2 = 32 - __builtin_clz(A) - 1; + uint32_t Log2 = Log(A); if (Log2 < 3) return A; Log2 -= 3; return (Log2 + 1) * 8 + ((A >> Log2) & 7); diff --git a/lib/fuzzer/FuzzerUtil.h b/lib/fuzzer/FuzzerUtil.h index 9a6227ea7..f2ed028ce 100644 --- a/lib/fuzzer/FuzzerUtil.h +++ b/lib/fuzzer/FuzzerUtil.h @@ -80,6 +80,8 @@ std::string SearchRegexCmd(const std::string &Regex); size_t SimpleFastHash(const uint8_t *Data, size_t Size); +inline uint32_t Log(uint32_t X) { return 32 - __builtin_clz(X) - 1; } + } // namespace fuzzer #endif // LLVM_FUZZER_UTIL_H |