[lib/Fuzzer] change the way we use taint information for fuzzing. Now, we run a singl...

[oota-llvm.git] / lib / Fuzzer / FuzzerLoop.cpp

diff --git a/lib/Fuzzer/FuzzerLoop.cpp b/lib/Fuzzer/FuzzerLoop.cpp
index 57893e0f1fe3ef22b589f78ad9e9dbdd1b01c6d4..9d35384ecd5ff9b1ec13b5a9ae659276afc35562 100644 (file)
--- a/lib/Fuzzer/FuzzerLoop.cpp
+++ b/lib/Fuzzer/FuzzerLoop.cpp
@@ -285,9 +285,14 @@ void Fuzzer::ReportNewCoverage(size_t NewCoverage, const Unit &U) {
 
 void Fuzzer::MutateAndTestOne(Unit *U) {
   for (int i = 0; i < Options.MutateDepth; i++) {
-    MutateWithDFSan(U);
+    StartTraceRecording();
     Mutate(U, Options.MaxLen);
     RunOneAndUpdateCorpus(*U);
+    size_t NumTraceBasedMutations = StopTraceRecording();
+    for (size_t j = 0; j < NumTraceBasedMutations; j++) {
+        ApplyTraceBasedMutation(j, U);
+        RunOneAndUpdateCorpus(*U);
+    }
   }
 }