[lib/Fuzzer] minor refactoring/simplification, NFC

llvm-svn: 236757
This commit is contained in:
Kostya Serebryany 2015-05-07 18:32:29 +00:00
parent 3f3b3abe2b
commit 7d470cfb0c
3 changed files with 43 additions and 33 deletions

View File

@ -287,4 +287,11 @@ void dfsan_weak_hook_memcmp(void *caller_pc, const void *s1, const void *s2,
dfsan_label L2 = dfsan_read_label(s2, n); dfsan_label L2 = dfsan_read_label(s2, n);
DFSan->DFSanCmpCallback(PC, n, ICMP_EQ, S1, S2, L1, L2); DFSan->DFSanCmpCallback(PC, n, ICMP_EQ, S1, S2, L1, L2);
} }
void __sanitizer_cov_trace_cmp(uint64_t SizeAndType, uint64_t Arg1,
uint64_t Arg2) {
// This symbol will be present if dfsan is disabled on the given function.
// FIXME: implement poor man's taint analysis here (w/o dfsan).
}
} // extern "C" } // extern "C"

View File

@ -61,7 +61,7 @@ class Fuzzer {
}; };
Fuzzer(UserCallback Callback, FuzzingOptions Options); Fuzzer(UserCallback Callback, FuzzingOptions Options);
void AddToCorpus(const Unit &U) { Corpus.push_back(U); } void AddToCorpus(const Unit &U) { Corpus.push_back(U); }
size_t Loop(size_t NumIterations); void Loop(size_t NumIterations);
void ShuffleAndMinimize(); void ShuffleAndMinimize();
void InitializeDFSan(); void InitializeDFSan();
size_t CorpusSize() const { return Corpus.size(); } size_t CorpusSize() const { return Corpus.size(); }
@ -85,8 +85,10 @@ class Fuzzer {
private: private:
void AlarmCallback(); void AlarmCallback();
void ExecuteCallback(const Unit &U); void ExecuteCallback(const Unit &U);
size_t MutateAndTestOne(Unit *U); void MutateAndTestOne(Unit *U);
void ReportNewCoverage(size_t NewCoverage, const Unit &U);
size_t RunOne(const Unit &U); size_t RunOne(const Unit &U);
void RunOneAndUpdateCorpus(const Unit &U);
size_t RunOneMaximizeTotalCoverage(const Unit &U); size_t RunOneMaximizeTotalCoverage(const Unit &U);
size_t RunOneMaximizeFullCoverageSet(const Unit &U); size_t RunOneMaximizeFullCoverageSet(const Unit &U);
size_t RunOneMaximizeCoveragePairs(const Unit &U); size_t RunOneMaximizeCoveragePairs(const Unit &U);

View File

@ -143,6 +143,12 @@ size_t Fuzzer::RunOne(const Unit &U) {
return Res; return Res;
} }
void Fuzzer::RunOneAndUpdateCorpus(const Unit &U) {
if (TotalNumberOfRuns >= Options.MaxNumberOfRuns)
return;
ReportNewCoverage(RunOne(U), U);
}
static uintptr_t HashOfArrayOfPCs(uintptr_t *PCs, uintptr_t NumPCs) { static uintptr_t HashOfArrayOfPCs(uintptr_t *PCs, uintptr_t NumPCs) {
uintptr_t Res = 0; uintptr_t Res = 0;
for (uintptr_t i = 0; i < NumPCs; i++) { for (uintptr_t i = 0; i < NumPCs; i++) {
@ -259,55 +265,50 @@ void Fuzzer::SaveCorpus() {
<< Options.OutputCorpus << "\n"; << Options.OutputCorpus << "\n";
} }
size_t Fuzzer::MutateAndTestOne(Unit *U) { void Fuzzer::ReportNewCoverage(size_t NewCoverage, const Unit &U) {
size_t NewUnits = 0; if (!NewCoverage) return;
for (int i = 0; i < Options.MutateDepth; i++) { Corpus.push_back(U);
if (TotalNumberOfRuns >= Options.MaxNumberOfRuns)
return NewUnits;
MutateWithDFSan(U);
Mutate(U, Options.MaxLen);
size_t NewCoverage = RunOne(*U);
if (NewCoverage) {
Corpus.push_back(*U);
NewUnits++;
PrintStats("NEW ", NewCoverage, ""); PrintStats("NEW ", NewCoverage, "");
if (Options.Verbosity) { if (Options.Verbosity) {
std::cerr << " L: " << U->size(); std::cerr << " L: " << U.size();
if (U->size() < 30) { if (U.size() < 30) {
std::cerr << " "; std::cerr << " ";
PrintUnitInASCIIOrTokens(*U, "\t"); PrintUnitInASCIIOrTokens(U, "\t");
Print(*U); Print(U);
} }
std::cerr << "\n"; std::cerr << "\n";
} }
WriteToOutputCorpus(*U); WriteToOutputCorpus(U);
if (Options.ExitOnFirst) if (Options.ExitOnFirst)
exit(0); exit(0);
}
}
return NewUnits;
} }
size_t Fuzzer::Loop(size_t NumIterations) { void Fuzzer::MutateAndTestOne(Unit *U) {
size_t NewUnits = 0; for (int i = 0; i < Options.MutateDepth; i++) {
MutateWithDFSan(U);
Mutate(U, Options.MaxLen);
RunOneAndUpdateCorpus(*U);
}
}
void Fuzzer::Loop(size_t NumIterations) {
for (size_t i = 1; i <= NumIterations; i++) { for (size_t i = 1; i <= NumIterations; i++) {
for (size_t J1 = 0; J1 < Corpus.size(); J1++) { for (size_t J1 = 0; J1 < Corpus.size(); J1++) {
if (TotalNumberOfRuns >= Options.MaxNumberOfRuns) if (TotalNumberOfRuns >= Options.MaxNumberOfRuns)
return NewUnits; return;
// First, simply mutate the unit w/o doing crosses. // First, simply mutate the unit w/o doing crosses.
CurrentUnit = Corpus[J1]; CurrentUnit = Corpus[J1];
NewUnits += MutateAndTestOne(&CurrentUnit); MutateAndTestOne(&CurrentUnit);
// Now, cross with others. // Now, cross with others.
if (Options.DoCrossOver) { if (Options.DoCrossOver) {
for (size_t J2 = 0; J2 < Corpus.size(); J2++) { for (size_t J2 = 0; J2 < Corpus.size(); J2++) {
CurrentUnit.clear(); CurrentUnit.clear();
CrossOver(Corpus[J1], Corpus[J2], &CurrentUnit, Options.MaxLen); CrossOver(Corpus[J1], Corpus[J2], &CurrentUnit, Options.MaxLen);
NewUnits += MutateAndTestOne(&CurrentUnit); MutateAndTestOne(&CurrentUnit);
} }
} }
} }
} }
return NewUnits;
} }
} // namespace fuzzer } // namespace fuzzer