6502/llvm-6502
1
0
Fork 0
mirror of https://github.com/c64scene-ar/llvm-6502.git synced 2025-07-22 23:24:59 +00:00
Code Issues Projects Releases Wiki Activity

[lib/Fuzzer] extend the fuzzer interface to allow user-supplied mutators

Browse Source 
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@238059 91177308-0d34-0410-b5e6-96231b3b80d8
This commit is contained in:
Kostya Serebryany
2015-05-22 22:35:31 +00:00
parent d8319655f2
commit ebada2c2bc
12 changed files with 258 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
lib/Fuzzer/FuzzerLoop.cpp
View File

@@ -19,8 +19,8 @@ namespace fuzzer {
// Only one Fuzzer per process.
static Fuzzer *F;
Fuzzer::Fuzzer(UserCallback Callback, FuzzingOptions Options)
: Callback(Callback), Options(Options) {
Fuzzer::Fuzzer(UserSuppliedFuzzer &USF, FuzzingOptions Options)
: USF(USF), Options(Options) {
SetDeathCallback();
InitializeTraceState();
assert(!F);
@@ -207,10 +207,10 @@ Unit Fuzzer::SubstituteTokens(const Unit &U) const {
void Fuzzer::ExecuteCallback(const Unit &U) {
if (Options.Tokens.empty()) {
Callback(U.data(), U.size());
USF.TargetFunction(U.data(), U.size());
} else {
auto T = SubstituteTokens(U);
Callback(T.data(), T.size());
USF.TargetFunction(T.data(), T.size());
}
}
@@ -321,7 +321,11 @@ void Fuzzer::ReportNewCoverage(size_t NewCoverage, const Unit &U) {
void Fuzzer::MutateAndTestOne(Unit *U) {
for (int i = 0; i < Options.MutateDepth; i++) {
StartTraceRecording();
Mutate(U, Options.MaxLen);
size_t Size = U->size();
U->resize(Options.MaxLen);
size_t NewSize = USF.Mutate(U->data(), Size, U->size());
assert(NewSize > 0 && NewSize <= Options.MaxLen);
U->resize(NewSize);
RunOneAndUpdateCorpus(*U);
size_t NumTraceBasedMutations = StopTraceRecording();
for (size_t j = 0; j < NumTraceBasedMutations; j++) {
@@ -344,8 +348,12 @@ void Fuzzer::Loop(size_t NumIterations) {
// Now, cross with others.
if (Options.DoCrossOver) {
for (size_t J2 = 0; J2 < Corpus.size(); J2++) {
CurrentUnit.clear();
CrossOver(Corpus[J1], Corpus[J2], &CurrentUnit, Options.MaxLen);
CurrentUnit.resize(Options.MaxLen);
size_t NewSize = USF.CrossOver(
Corpus[J1].data(), Corpus[J1].size(), Corpus[J2].data(),
Corpus[J2].size(), CurrentUnit.data(), CurrentUnit.size());
assert(NewSize > 0 && NewSize <= Options.MaxLen);
CurrentUnit.resize(NewSize);
MutateAndTestOne(&CurrentUnit);
}
}