bugfix in mutator algo (now faster)

Yevgeny Pats · Yevgeny Pats · commit 596dbe6ca5d4 · 2019-11-02T10:02:25.000+02:00
diff --git a/.npmignore b/.npmignore
@@ -0,0 +1,6 @@
+.idea
+node_modules
+build
+crash-*
+corpus/*
+examples/
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "jsfuzz",
-  "version": "1.0.9",
+  "version": "1.0.10",
   "description": "Coverage Guided Javascript Fuzzer",
   "main": "build/src/index.js",
   "types": "build/src/inde.d.ts",
diff --git a/src/corpus.ts b/src/corpus.ts
@@ -68,8 +68,23 @@ export class Corpus {
         return Math.floor(Math.random() * Math.floor(n));
     }
 
-    exp2() {
-        return Math.round(Math.log2(this.rand(2**32)));
+    dec2bin(dec: number){
+        const bin = dec.toString(2);
+        return '0'.repeat(32 - bin.length) + bin;
+    }
+
+    // Exp2 generates n with probability 1/2^(n+1).
+    Exp2() {
+        const bin = this.dec2bin(this.rand(2**32));
+        let count = 0;
+        for (let i=0; i<32; i++) {
+            if(bin[i] === '0') {
+                count += 1;
+            } else {
+                break;
+            }
+        }
+        return count;
     }
 
     chooseLen(n: number) {
@@ -86,8 +101,7 @@ export class Corpus {
     mutate(buf: Buffer) {
         let res = Buffer.allocUnsafe(buf.length);
         buf.copy(res, 0, 0, buf.length);
-        // const nm = 1 + this.exp2();
-        const nm = 1 + this.rand(32);
+        const nm = 1 + this.Exp2();
         for (let i=0; i<nm; i++) {
             const x = this.rand(16);
             if ( x ===0 ) {

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "jsfuzz",`
`3`		`- "version": "1.0.9",`
	`3`	`+ "version": "1.0.10",`
`4`	`4`	`"description": "Coverage Guided Javascript Fuzzer",`
`5`	`5`	`"main": "build/src/index.js",`
`6`	`6`	`"types": "build/src/inde.d.ts",`