From 1451a9b65d3b4b4bec3840c83c31bfbca35761b2 Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Fri, 20 Jan 2017 14:38:00 +0100
Subject: syz-fuzzer: prefer to mutate instead of generate

Currently we generate 1 program per 9 mutations.
Do it per 99 mutations.
Benchmark shows both coverage increase and corpus reduction:

                    baseline     generate100            diff
coverage               65467           65569             102
corpus                 35423           35363             -60
exec total           5474879         5030990         -443889
---
 syz-fuzzer/fuzzer.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/syz-fuzzer/fuzzer.go b/syz-fuzzer/fuzzer.go
index 07799452c..efd7cf645 100644
--- a/syz-fuzzer/fuzzer.go
+++ b/syz-fuzzer/fuzzer.go
@@ -216,7 +216,7 @@ func main() {
 				}
 
 				corpusMu.RLock()
-				if len(corpus) == 0 || i%10 == 0 {
+				if len(corpus) == 0 || i%100 == 0 {
 					// Generate a new prog.
 					corpusMu.RUnlock()
 					p := prog.Generate(rnd, programLength, ct)
-- 
cgit mrf-deployment