Issue 838991 link

Starred by 2 users

Issue metadata

Status:	Assigned
Owner:	mbarbe...@chromium.org
Cc:	kcc@chromium.org mmoroz@chromium.org metzman@chromium.org mbarbe...@chromium.org infe...@chromium.org och...@chromium.org
Components:	Tools>Stability>libFuzzer
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	3
Type:	Bug

Bias in tools/ipc_fuzzer/fuzzer/rand_util.h

Project Member Reported by jyasskin@chromium.org, May 2 2018

Issue description

Using % to narrow the range of a random number produces a slightly non-uniform distribution in the output. For example, ipc_fuzzer::RandInRange(100) produces `0` 1.0000000012% of the time but `99` 0.999999978% of the time.

Using reinterpret_cast to produce a double yields, for example, values between 0.5 and 1 twice as often as values between 1 and 1.5.

I don't know how much of a problem this could be in practice for libFuzzer.

The C++ distributions are designed to avoid this bias: http://en.cppreference.com/w/cpp/numeric/random#Random_number_distributions

►

Issue 838991 link

Issue metadata

Bias in tools/ipc_fuzzer/fuzzer/rand_util.h

Issue description

Sign in to add a comment