Regenerate the execution upon discovering a new interface.
Fuzzer takes advantage of the fact that the sets of opened and touched
interfaces are known during test time. It now uses that informatio to explore
newly discovered interfaces more aggressively.
Test: SANITIZE_TARGET="address coverage" make vts -j64 && vts-tradefed
run commandAndExit vts --skip-all-system-status-check --primary-abi-only
--skip-preconditions -l VERBOSE --module VtsHalBluetoothV1_0IfaceFuzzer
Change-Id: I26ad9569173895c58cc31813f7217435b98035b5
diff --git a/iface_fuzzer/ProtoFuzzerMain.cpp b/iface_fuzzer/ProtoFuzzerMain.cpp
index 7fa208d..5310507 100644
--- a/iface_fuzzer/ProtoFuzzerMain.cpp
+++ b/iface_fuzzer/ProtoFuzzerMain.cpp
@@ -102,7 +102,11 @@
extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *data, size_t size,
size_t max_size, unsigned int seed) {
ExecSpec exec_spec{};
- if (!FromArray(data, size, &exec_spec)) {
+ // An Execution is randomly generated if:
+ // 1. It can't be serialized from the given buffer OR
+ // 2. The runner has opened interfaces that have not been touched.
+ // Otherwise, the Execution is mutated.
+ if (!FromArray(data, size, &exec_spec) || runner->UntouchedIfaces()) {
exec_spec =
mutator->RandomGen(runner->GetOpenedIfaces(), params.exec_size_);
} else {