[libFuzzer] when mutating based on CMP traces also try adding +/- 1 to the desired bytes. Add another test for use_cmp
llvm-svn: 285109
diff --git a/llvm/lib/Fuzzer/FuzzerMutate.cpp b/llvm/lib/Fuzzer/FuzzerMutate.cpp
index 3b5417f..0109f51 100644
--- a/llvm/lib/Fuzzer/FuzzerMutate.cpp
+++ b/llvm/lib/Fuzzer/FuzzerMutate.cpp
@@ -205,8 +205,6 @@
DictionaryEntry MutationDispatcher::MakeDictionaryEntryFromCMP(
T Arg1, T Arg2, const uint8_t *Data, size_t Size) {
ScopedDoingMyOwnMemmem scoped_doing_my_own_memmem;
- if (Rand.RandBool()) Arg1 = Bswap(Arg1);
- if (Rand.RandBool()) Arg2 = Bswap(Arg2);
bool HandleFirst = Rand.RandBool();
T ExistingBytes, DesiredBytes;
Word W;
@@ -214,6 +212,9 @@
for (int Arg = 0; Arg < 2; Arg++) {
ExistingBytes = HandleFirst ? Arg1 : Arg2;
DesiredBytes = HandleFirst ? Arg2 : Arg1;
+ DesiredBytes += Rand(-1, 1);
+ if (Rand.RandBool()) ExistingBytes = Bswap(ExistingBytes);
+ if (Rand.RandBool()) DesiredBytes = Bswap(DesiredBytes);
HandleFirst = !HandleFirst;
W.Set(reinterpret_cast<uint8_t*>(&DesiredBytes), sizeof(T));
const size_t kMaxNumPositions = 8;
@@ -236,15 +237,9 @@
uint8_t *Data, size_t Size, size_t MaxSize) {
Word W;
DictionaryEntry DE;
- bool Debug = false;
if (Rand.RandBool()) {
auto X = TPC.TORC8.Get(Rand.Rand());
DE = MakeDictionaryEntryFromCMP(X.A, X.B, Data, Size);
- if (X.A > 10000 &&X.B > 10000) Debug = false;
- if (Debug) {
- Printf("ZZZ %zx %zx\n", X.A, X.B);
- DE.Print();
- }
} else {
auto X = TPC.TORC4.Get(Rand.Rand());
if ((X.A >> 16) == 0 && (X.B >> 16) == 0 && Rand.RandBool())
@@ -255,9 +250,6 @@
}
Size = ApplyDictionaryEntry(Data, Size, MaxSize, DE);
if (!Size) return 0;
- if (Debug) {
- Printf("DONE\n");
- }
DictionaryEntry &DERef =
CmpDictionaryEntriesDeque[CmpDictionaryEntriesDequeIdx++ %
kCmpDictionaryEntriesDequeSize];
diff --git a/llvm/lib/Fuzzer/FuzzerRandom.h b/llvm/lib/Fuzzer/FuzzerRandom.h
index c771418..b1be0bb 100644
--- a/llvm/lib/Fuzzer/FuzzerRandom.h
+++ b/llvm/lib/Fuzzer/FuzzerRandom.h
@@ -21,6 +21,11 @@
size_t Rand() { return R(); }
size_t RandBool() { return Rand() % 2; }
size_t operator()(size_t n) { return n ? Rand() % n : 0; }
+ intptr_t operator()(intptr_t From, intptr_t To) {
+ assert(From < To);
+ intptr_t RangeSize = To - From + 1;
+ return operator()(RangeSize) + From;
+ }
std::mt19937 &Get_mt19937() { return R; }
private:
std::mt19937 R;
diff --git a/llvm/lib/Fuzzer/test/simple-cmp.test b/llvm/lib/Fuzzer/test/simple-cmp.test
new file mode 100644
index 0000000..f5791ad
--- /dev/null
+++ b/llvm/lib/Fuzzer/test/simple-cmp.test
@@ -0,0 +1,2 @@
+CHECK: BINGO
+RUN: not LLVMFuzzer-SimpleCmpTest -seed=1 -use_cmp=1 -runs=100000000 2>&1 | FileCheck %s