DFSan-based fuzzer (proof of concept).

Summary: This adds a simple DFSan-based (i.e. taint-guided) fuzzer mutator, see the comments for details. Test Plan: a test added Reviewers: samsonov, pcc Reviewed By: samsonov, pcc Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D8669 git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@233613 91177308-0d34-0410-b5e6-96231b3b80d8
2025-06-21 18:24:23 +00:00 · 2015-03-30 22:09:51 +00:00
parent 5bd9d1e811
commit 29c6bd6e4f
11 changed files with 361 additions and 4 deletions
--- a/lib/Fuzzer/FuzzerLoop.cpp
+++ b/lib/Fuzzer/FuzzerLoop.cpp
@ -192,6 +192,7 @@ size_t Fuzzer::MutateAndTestOne(Unit *U) {
  for (int i = 0; i < Options.MutateDepth; i++) {
    if (TotalNumberOfRuns >= Options.MaxNumberOfRuns)
      return NewUnits;
+    MutateWithDFSan(U);
    Mutate(U, Options.MaxLen);
    size_t NewCoverage = RunOne(*U);
    if (NewCoverage) {