Regenerate the execution upon discovering a new interface. Fuzzer takes advantage of the fact that the sets of opened and touched interfaces are known during test time. It now uses that informatio to explore newly discovered interfaces more aggressively. Test: SANITIZE_TARGET="address coverage" make vts -j64 && vts-tradefed run commandAndExit vts --skip-all-system-status-check --primary-abi-only --skip-preconditions -l VERBOSE --module VtsHalBluetoothV1_0IfaceFuzzer Change-Id: I26ad9569173895c58cc31813f7217435b98035b5

commit: d0229fba51e6df2ea8ba22591a0b230997625ab1 [log] [tgz]
author: Tri Vo <[email protected]> Thu Aug 10 17:27:49 2017 -0700
committer: Tri Vo <[email protected]> Thu Aug 10 17:44:23 2017 -0700
tree: b3d1440f0b8545869a9ef2ac246f79bb78fe3978
parent: 9169abd1912ccd0375a125ec2f5214382590f90f [diff] [blame]
diff --git a/iface_fuzzer/ProtoFuzzerMain.cpp b/iface_fuzzer/ProtoFuzzerMain.cpp
index 7fa208d..5310507 100644
--- a/iface_fuzzer/ProtoFuzzerMain.cpp
+++ b/iface_fuzzer/ProtoFuzzerMain.cpp

@@ -102,7 +102,11 @@
 extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *data, size_t size,
                                           size_t max_size, unsigned int seed) {
   ExecSpec exec_spec{};
-  if (!FromArray(data, size, &exec_spec)) {
+  // An Execution is randomly generated if:
+  // 1. It can't be serialized from the given buffer OR
+  // 2. The runner has opened interfaces that have not been touched.
+  // Otherwise, the Execution is mutated.
+  if (!FromArray(data, size, &exec_spec) || runner->UntouchedIfaces()) {
     exec_spec =
         mutator->RandomGen(runner->GetOpenedIfaces(), params.exec_size_);
   } else {
commit	d0229fba51e6df2ea8ba22591a0b230997625ab1	[log] [tgz]
author	Tri Vo <[email protected]>	Thu Aug 10 17:27:49 2017 -0700
committer	Tri Vo <[email protected]>	Thu Aug 10 17:44:23 2017 -0700
tree	b3d1440f0b8545869a9ef2ac246f79bb78fe3978
parent	9169abd1912ccd0375a125ec2f5214382590f90f [diff] [blame]