fuzz: Port correctness/cse fuzzer over to libfuzzer #7543
Conversation
|
|
||
| Expr random_expr(FuzzedDataProvider &fdp, int depth, vector<Expr> &exprs) { | ||
| if (depth <= 0) { | ||
| return fdp.ConsumeIntegralInRange<int>(-5, 4); |
There was a problem hiding this comment.
Looks fine #7546 origional rng() % 10 - 5
|
|
||
| if (!exprs.empty() && fdp.ConsumeBool()) { | ||
| // Reuse an existing expression | ||
| return exprs[fdp.ConsumeIntegralInRange<size_t>(0, exprs.size() - 1)]; |
There was a problem hiding this comment.
Looks fine, explicitly references size()-1
There was a problem hiding this comment.
Or better yet, use PickValueInArray()?
There was a problem hiding this comment.
PickValueInArray doesn't work on vectors... see implementation although this is probably annoying enough that I might just create a PR with the LLVM project.
There was a problem hiding this comment.
ah, I see, got it. (Not sure if LLVM change is worth the hassle, I gather that libfuzzer is unmaintained at this point as there are now bigger and better fuzzing engines)
There was a problem hiding this comment.
(But could always just make a local PickValueInVector() wrapper to use in these tests, nice for clarity)
| } | ||
|
|
||
| Expr next; | ||
| switch (fdp.ConsumeIntegralInRange<int>(0, 8)) { |
There was a problem hiding this comment.
This looks ok.
There was a problem hiding this comment.
If the idea is that a value of 8 is intended to hit the default case, we should add a comment to that effect
There was a problem hiding this comment.
yeah that's what it looks like, I was mostly just attempting to replicate the original logic but while I'm at it I can probably make this clearer too.
| break; | ||
| } | ||
| default: | ||
| next = fdp.ConsumeIntegralInRange<int>(-5, 4); |
There was a problem hiding this comment.
This looks ok.
No description provided.