MattWindsor91
commented
3 years ago A similar issue is making the expression generator weight towards 'interesting' integer values, eg substituting whatever integer generator we make to fix this issue for this: https://github.com/MattWindsor91/act/blob/1f41f7e7ddb7883cdae53613b35727f6b19f221f/lib/fir_gen/src/expr.ml#L117
The current generation scheme for integer known values is literally 'generate uniform uint32_t'. This feels like a wasted opportunity to introduce tricky relationships between variables, as a lot of the rules the fuzzer knows about involve constants such as 0 and 1.
It would be better if the known value generator was weighted in such a way that it prioritised a few different classes of constant:
(Booleans aren't affected so much here, as
trueandfalseare both interesting constants!)