This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
lib/Fuzzer/
-
Fuzzer/
4
CMakeLists.txt
-
FuzzerCorpus.h
4
FuzzerDefs.h
-
FuzzerDictionary.h
-
FuzzerDriver.cpp
-
FuzzerExtFunctionsApple.cpp
-
FuzzerExtFunctionsLinux.cpp
2
FuzzerExtFunctionsWindows.cpp
-
FuzzerIO.h
-
FuzzerIO.cpp
-
FuzzerIOPlatform.h
1
FuzzerIOPosix.cpp
18
FuzzerIOWindows.cpp
-
FuzzerInternal.h
-
FuzzerLoop.cpp
-
FuzzerMutate.cpp
-
FuzzerSHA1.h
-
FuzzerSHA1.cpp
-
FuzzerTracePC.cpp
-
FuzzerTraceState.cpp
-
FuzzerUtil.h
-
FuzzerUtil.cpp
-
FuzzerUtilDarwin.cpp
-
FuzzerUtilLinux.cpp
-
FuzzerUtilPosix.cpp
7
FuzzerUtilWindows.cpp

Differential D26956

Initial changes for porting libFuzzer to Windows.
AbandonedPublic

Authored by mpividori on Nov 21 2016, 9:59 PM.

Download Raw Diff

Details

Reviewers

kcc
zturner
rnk

Summary

+ Divide the IO functions's implementation in 2 different files for differences between POSIX and Windows API.
+ Implement external functions for Windows using weak symbols with alias.
+ Implement utils functions for Windows, using vectored exception handlers as equivalent of POSIX signals. Implementation of timers is incomplete.
+ Implement memmem, missing in Windows.

Diff Detail

Repository: rL LLVM

Event Timeline

mpividori updated this revision to Diff 78833.Nov 21 2016, 9:59 PM

mpividori retitled this revision from to Initial changes for porting libFuzzer to Windows..

mpividori updated this object.

mpividori added a reviewer: zturner.

mpividori set the repository for this revision to rL LLVM.

mpividori added a subscriber: llvm-commits.

Herald added a subscriber: mgorny. · View Herald TranscriptNov 21 2016, 9:59 PM

+kcc for general stuff
+rnk for the exception handling stuff.

In the future, when you generate patches, you should pass -U 999999 to git. This way it will generate full context for the diff.

lib/Fuzzer/CMakeLists.txt
12	I mentioned below that we should not have the preprocessor definitions use to conditionally compile code or not, but instead use CMake. Here is how you would do it. You might want to skip thsi comment for now and come back to it after you read the rest of the comments. set(FUZZER_SOURCES FuzzerCrossOver.cpp FuzzerDriver.cpp FuzzerIO.cpp FuzzerLoop.cpp FuzzerMutate.cpp FuzzerSHA1.cpp FuzzerTracePC.cpp FuzzerTraceState.cpp FuzzerUtil.cpp ) if (CMAKE_SYSTEM_NAME MATCHES "Windows") list(APPEND FUZZER_SOURCES FuzzerUtilWindows.cpp FuzzerIOWindows.cpp FuzzerExtFunctionsWindows.cpp ) else() list(APPEND FUZZER_SOURCES FuzzerUtilPosix.cpp FuzzerIOPosix.cpp ) if (CMAKE_SYSTEM_NAME MATCHES "Linux") FuzzerUtilLinux.cpp FuzzerExtFunctionsLinux.cpp elseif(CMAKE_SYSTEM_NAME MATCHES "Darwin") FuzzerUtilDarwin.cpp FuzzerExtFunctionsApple.cpp endif() endif() add_library(LLVMFuzzerNoMainObjects OBJECT ${FUZZER_SOURCES}) This way you can remove all the `#if <foo>` from the individual source files.
lib/Fuzzer/FuzzerDefs.h
31	I think you will need to add #define LIBFUZZER_POSIX 0 #define LIBFUZZER_LINUX 0 #define LIBFUZZER_APPLE 0 similarly, in the previous 2 branches of the `#if`, you will need to `#define LIBFUZZER_WINDOWS 0`
lib/Fuzzer/FuzzerExtFunctionsWindows.cpp
13	Can you remove this and do it at the CMake level instead? It seems that the other 2 files were already working this way, but maybe we should clean it all up. I'll have more specific comments later on in the `CMakeLists.txt` file.
lib/Fuzzer/FuzzerIOPosix.cpp
14	Same thing here, this file should not even be sent to the compiler if it's not a posix system. More comments later in `CMakeLists.txt`
lib/Fuzzer/FuzzerIOWindows.cpp
30	Check the code in `llvm/lib/Support/Windows/Path.inc` for the `status()` function. There are some subtleties that you should be aware of that this code doesn't handle. You can probably just rip the code straight from there, changing `W` to `A` so we don't have to worry about widening the paths.
58–65	This looks wrong to me. We should be expecting a path that ends with either a slash or that doesn't end with a slash. It looks like you're trying to check here "is this the root directory". But I'm not sure why that matters. For example, we should translate all of the following: D:\ -> D:\* D:\foo -> D:\foo\* d:\foo\ -> D:\foo\* And I also think we should be asserting that the path is not empty, because that wouldn't make any sense. So I think the correct check should be something like: assert(!Path.empty()); if (Path.back() != '\\') Path.push_back('\\'); Path.push_back('*'); Let me know if I'm misunderstood though.
69	Some Windows api functions return `nullptr` if it fails, and some return `INVALID_HANDLE_VALUE`. You need to always check which one is returned to indicate an error. This one returns `INVALID_HANDLE_VALUE`, so the check here is incorrect.
85–95	The same comment here applies as above. We shouldn't be opening a handle to the file unless we really need to, because that can lead to sharing violations if someone else is using the file. If you move the code for `IsFile()` (which I commented on above) into a separate function called `Stat()` or something that returns the file type, then you could call that function both here and in `IsFile()`.
114–134	It doesn't seem good to me that we're copying all these functions and only making very slight modifications. I would suggest handling it like this: In `FuzzerIO.h`, make the following declarations: char getSeparator(); FILE OpenFile(int Fd, const char Mode); int DuplicateFile(int fd); int CloseFile(int fd); Also in `FuzzerIO.h`, copy `DirPlusFile`, `DupAndCloseStderr`, and `CloseStdout` to the common location, and use these functions. Implement the above functions in `FileIOPosix.cpp` and `FileIOWindows.cpp` as one-liners. For example, on Windows, you have something like this: char getSeparator() { return `\\`; } FILE OpenFile(int Fd, const char Mode) { return _fdopen(Fd, Mode); } You could also do it with `#define`s, but this way seems safer.
136	Printf code is exactly the same in both places, so this function should just be declared and implemented in `FuzzerIO.h` and `FuzzerIO.cpp`, there is no reason to copy it.
lib/Fuzzer/FuzzerUtilWindows.cpp
157–165	Is there any reason we can't use this implementation on all platforms? The Posix implementation seems unnecessarily complicated, when this will work just fine.
180–188	In the future we should change this to use `CreateProcessA`, but for now this is probably fine.

rnk added inline comments.Nov 22 2016, 11:02 AM

lib/Fuzzer/CMakeLists.txt
12	FWIW, the sanitizer code takes the opposite approach, specifically to simplify build logic.
lib/Fuzzer/FuzzerUtilWindows.cpp
33	I think it would be better to draw this interface boundary at a higher level. Something where we pass in the handle_* flags, install a single exception handler, have one switch, and let it dispatch based on whether it's supposed to catch that type of exception. Then the cross-platform API would be something like InitializeSignalHandlers(). This would require hosting the Flags code out of FuzzerDriver.cpp, so we should ask @kcc about it.
149	For example, this handler is completely redundant with the SigInt handler. Only one will actually be called.

mpividori added inline comments.Nov 22 2016, 12:44 PM

lib/Fuzzer/CMakeLists.txt
12	Thanks! Yes, I completely agree. I continued with the current approach in the implementation and left it as a future modification, because I wanted to know your opinion. I see that there is a bash script: "build.sh" that simply compiles all .cpp files and generates the LLVM library. If we remove the macros guards, then that script will not work. I guess the purpose of that script is to make libFuzzer independent of the rest of the LLVM repository. Would you agree if I simply remove that script? Also, I can modify it to ignore files ending in "Windows".
lib/Fuzzer/FuzzerDefs.h
31	Hi, I omitted them to simplify the code. (when not defined, the macros assume value 0). If you think it is clearer, I can include them.
lib/Fuzzer/FuzzerExtFunctionsWindows.cpp
13	Yes, I completely agree.
lib/Fuzzer/FuzzerIOWindows.cpp
30	Hi, Thanks. Yes, I based my implementation in the implementation of `status()` / `getStatus()` from the Support Library. What I haven't included is the function `isReservedName`, because I assumed that reserved names would return `GetFileType()` different to `FILE_TYPE_DISK` (probably `FILE_TYPE_CHAR` ?). Do you think I should include check for reserved names? The rest of the code is similar to the implementation of `status()`.
58–65	Hi, I took that code from `directory_iterator_construct(..)` implementation in `llvm/lib/Support/Windows/Path.inc`. I don't know why it check for `:` character, I thought this was a special case to be considered... Ok, I agree with the code you proposed. It makes more sense for me too.
69	Thanks, Ok. I took that code from `directory_iterator_construct(..)` implementation in `llvm/lib/Support/Windows/Path.inc`, so I think I should update that implementation too :).
85–95	Hi. I am not sure I understand properly. The `status()` implementation in `llvm/lib/Support/Windows/Path.inc`, opens a handle to get the file type, so I think it would be the same that current implementation. As far as I understand, it is not possible to know the file type without opening a handle. Am I missing something? Thanks.
114–134	Thanks, I completely agree.
136	Yes, it is repeated because I included all functions working with the global variable `OutputFile` in the same .cpp file where it is defined. I can declare `OutputFile` as extern variable in `FuzzerDefs.h` and move Printf code to `FuzzerIO.cpp`.
lib/Fuzzer/FuzzerUtilWindows.cpp
157–165	Yes, I think we can. I will update the code. I could add this as the first option. If it fails (returns 0), then consider the commands `npos`/`sysctl`. Or directly simplify the code to only use: `std::thread::hardware_concurrency()`.

zturner added inline comments.Nov 22 2016, 12:57 PM

lib/Fuzzer/CMakeLists.txt
12	Let's wait and see what kcc has to say on this.
lib/Fuzzer/FuzzerDefs.h
31	As long as we're consistent it's fine. If we're going to remove the 0 values, then remove them from the other cases too.
lib/Fuzzer/FuzzerIOWindows.cpp
30	Hmm. The function I'm looking at first calls `GetFileAttributes()`, and then only if it is a reparse point (kinda like a symlink) does it open the handle. This allows it to "follow the symlink" to get info about the target. But the advantage of that approach is that `GetFileAttributes()` doesn't actually open the handle -- which can fail in certain scenarios -- unless it has to. Are we looking at the same function? The one I'm looking at is `lib/Support/Windows/Path.inc` line 464.
69	Interesting, yea that looks like a bug in the original code. Please submit that in a separate patch though since it's unrelated to libfuzzer.
85–95	You are right, I looked over that function again. But I still think we can do better. I think the status function there is intended to be more general. It retrieves more information than just whether or not it is a regular file or directory. For example, if you call `GetFileAttributesA()` and the output parameter is equal to `FILE_ATTRIBUTE_NORMAL`, you can return true immediately. Only if it contains `FILE_ATTRIBUTE_REPARSE_POINT` do you need to open the handle and do the more complicated aproach. This will allow it to work in more scenarios, as opening a handle can fail in strange situations.
136	Maybe just have Printf take the file as first argument? So that instead of `printf` it's more like `fprintf`?

mpividori added inline comments.Nov 22 2016, 1:10 PM

lib/Fuzzer/FuzzerUtilWindows.cpp
33	Hi, thanks for your comment. I don't see the real advantage of that. Do you see any problem in registering many exception handlers with `AddVectoredExceptionHandler()`? Is it only about the design? Thanks
149	I am not sure I understand what you mean. The handlers `TERMHandler` and `INTHandler` return a boolean value TRUE or FALSE, to know if they have handled the signal. We can register many handlers.

mpividori added inline comments.Nov 22 2016, 1:38 PM

lib/Fuzzer/FuzzerDefs.h
31	Yes, I agree.
lib/Fuzzer/FuzzerIOWindows.cpp
30	Hi, in fact the: `if (attr & FILE_ATTRIBUTE_REPARSE_POINT)` in `lib/Support/Windows/Path.inc` line 482, doesn't make sense. It does exactly the same when it is a reparse point than when it isn't ..... If it is not a reparse point, it also uses `CreateFileView` to open a handle... I think there are some errors in that code, or the `if` statement is redundant...

zturner added inline comments.Nov 22 2016, 3:00 PM

lib/Fuzzer/FuzzerIOWindows.cpp
30	Hmm, you are right. That's some bad code :) Anyway, for just returning true / false, it's slightly better to only open the file if it's a reparse point. If it's not a reparse point, you can just return `attr == FILE_ATTRIBUTE_NORMAL` and it will work.

+ Update code to include proposed changes. In particular IsFile() and ListFilesInDirRecursive for Windows.
+ Split the declarations in FuzzerDefs.h into the files: FuzzerIO.h, FuzzerUtil.h and FuzzerSHA1.h.
+ Improve lexicographical order of system headers in #includes (a detail).

I updated the code to include proposed changes.

First comment, w/o looking in much detail: consider the complexity of the code review process is N^2 (N=size of the patch)
please try to split the change into as many smaller independent changes as you can.

@kcc Ok. Thanks for your comment. I will split this diff in smaller changes.

mpividori abandoned this revision.Nov 29 2016, 5:28 PM

Revision Contents

Path

Size

lib/

Fuzzer/

11 lines

3 lines

70 lines

5 lines

5 lines

FuzzerExtFunctionsApple.cpp

4 lines

FuzzerExtFunctionsLinux.cpp

4 lines

FuzzerExtFunctionsWindows.cpp

53 lines

45 lines

54 lines

34 lines

74 lines

142 lines

1 line

3 lines

3 lines

31 lines

22 lines

8 lines

4 lines

70 lines

138 lines

1 line

2 lines

105 lines

FuzzerUtilWindows.cpp

205 lines

Diff 79097

lib/Fuzzer/CMakeLists.txt

	set(LIBFUZZER_FLAGS_BASE "${CMAKE_CXX_FLAGS}")			set(LIBFUZZER_FLAGS_BASE "${CMAKE_CXX_FLAGS}")
	# Disable the coverage and sanitizer instrumentation for the fuzzer itself.			# Disable the coverage and sanitizer instrumentation for the fuzzer itself.
	set(CMAKE_CXX_FLAGS "${LIBFUZZER_FLAGS_BASE} -fno-sanitize=all -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters -Werror")			set(CMAKE_CXX_FLAGS "${LIBFUZZER_FLAGS_BASE} -fno-sanitize=all -fno-sanitize-coverage=edge,trace-cmp,indirect-calls,8bit-counters -Werror")
	if( LLVM_USE_SANITIZE_COVERAGE )			if( LLVM_USE_SANITIZE_COVERAGE )
	if(NOT "${LLVM_USE_SANITIZER}" STREQUAL "Address")			if(NOT "${LLVM_USE_SANITIZER}" STREQUAL "Address")
	message(FATAL_ERROR			message(FATAL_ERROR
	"LibFuzzer and its tests require LLVM_USE_SANITIZER=Address and "			"LibFuzzer and its tests require LLVM_USE_SANITIZER=Address and "
	"LLVM_USE_SANITIZE_COVERAGE=YES to be set."			"LLVM_USE_SANITIZE_COVERAGE=YES to be set."
	)			)
	endif()			endif()
	add_library(LLVMFuzzerNoMainObjects OBJECT			add_library(LLVMFuzzerNoMainObjects OBJECT
	FuzzerCrossOver.cpp			FuzzerCrossOver.cpp
				zturnerUnsubmitted Not Done Reply Inline Actions I mentioned below that we should not have the preprocessor definitions use to conditionally compile code or not, but instead use CMake. Here is how you would do it. You might want to skip thsi comment for now and come back to it after you read the rest of the comments. set(FUZZER_SOURCES FuzzerCrossOver.cpp FuzzerDriver.cpp FuzzerIO.cpp FuzzerLoop.cpp FuzzerMutate.cpp FuzzerSHA1.cpp FuzzerTracePC.cpp FuzzerTraceState.cpp FuzzerUtil.cpp ) if (CMAKE_SYSTEM_NAME MATCHES "Windows") list(APPEND FUZZER_SOURCES FuzzerUtilWindows.cpp FuzzerIOWindows.cpp FuzzerExtFunctionsWindows.cpp ) else() list(APPEND FUZZER_SOURCES FuzzerUtilPosix.cpp FuzzerIOPosix.cpp ) if (CMAKE_SYSTEM_NAME MATCHES "Linux") FuzzerUtilLinux.cpp FuzzerExtFunctionsLinux.cpp elseif(CMAKE_SYSTEM_NAME MATCHES "Darwin") FuzzerUtilDarwin.cpp FuzzerExtFunctionsApple.cpp endif() endif() add_library(LLVMFuzzerNoMainObjects OBJECT ${FUZZER_SOURCES}) This way you can remove all the `#if <foo>` from the individual source files. zturner: I mentioned below that we should not have the preprocessor definitions use to conditionally…
				mpividoriAuthorUnsubmitted Not Done Reply Inline Actions Thanks! Yes, I completely agree. I continued with the current approach in the implementation and left it as a future modification, because I wanted to know your opinion. I see that there is a bash script: "build.sh" that simply compiles all .cpp files and generates the LLVM library. If we remove the macros guards, then that script will not work. I guess the purpose of that script is to make libFuzzer independent of the rest of the LLVM repository. Would you agree if I simply remove that script? Also, I can modify it to ignore files ending in "Windows". mpividori: Thanks! Yes, I completely agree. I continued with the current approach in the implementation…
				zturnerUnsubmitted Not Done Reply Inline Actions Let's wait and see what kcc has to say on this. zturner: Let's wait and see what kcc has to say on this.
				rnkUnsubmitted Not Done Reply Inline Actions FWIW, the sanitizer code takes the opposite approach, specifically to simplify build logic. rnk: FWIW, the sanitizer code takes the opposite approach, specifically to simplify build logic.
	FuzzerTraceState.cpp
	FuzzerDriver.cpp			FuzzerDriver.cpp
	FuzzerExtFunctionsDlsym.cpp			FuzzerExtFunctionsApple.cpp
	FuzzerExtFunctionsWeak.cpp			FuzzerExtFunctionsLinux.cpp
				FuzzerExtFunctionsWindows.cpp
	FuzzerIO.cpp			FuzzerIO.cpp
				FuzzerIOPosix.cpp
				FuzzerIOWindows.cpp
	FuzzerLoop.cpp			FuzzerLoop.cpp
	FuzzerMutate.cpp			FuzzerMutate.cpp
	FuzzerSHA1.cpp			FuzzerSHA1.cpp
	FuzzerTracePC.cpp			FuzzerTracePC.cpp
				FuzzerTraceState.cpp
	FuzzerUtil.cpp			FuzzerUtil.cpp
	FuzzerUtilDarwin.cpp			FuzzerUtilDarwin.cpp
	FuzzerUtilLinux.cpp			FuzzerUtilLinux.cpp
				FuzzerUtilPosix.cpp
				FuzzerUtilWindows.cpp
	)			)
	add_library(LLVMFuzzerNoMain STATIC			add_library(LLVMFuzzerNoMain STATIC
	$<TARGET_OBJECTS:LLVMFuzzerNoMainObjects>			$<TARGET_OBJECTS:LLVMFuzzerNoMainObjects>
	)			)
	target_link_libraries(LLVMFuzzerNoMain ${PTHREAD_LIB})			target_link_libraries(LLVMFuzzerNoMain ${PTHREAD_LIB})
	add_library(LLVMFuzzer STATIC			add_library(LLVMFuzzer STATIC
	FuzzerMain.cpp			FuzzerMain.cpp
	$<TARGET_OBJECTS:LLVMFuzzerNoMainObjects>			$<TARGET_OBJECTS:LLVMFuzzerNoMainObjects>
	)			)
	target_link_libraries(LLVMFuzzer ${PTHREAD_LIB})			target_link_libraries(LLVMFuzzer ${PTHREAD_LIB})

	if( LLVM_INCLUDE_TESTS )			if( LLVM_INCLUDE_TESTS )
	add_subdirectory(test)			add_subdirectory(test)
	endif()			endif()
	endif()			endif()

lib/Fuzzer/FuzzerCorpus.h

	//===- FuzzerCorpus.h - Internal header for the Fuzzer ----------- C++ - ===//			//===- FuzzerCorpus.h - Internal header for the Fuzzer ----------- C++ - ===//
	//			//
	// The LLVM Compiler Infrastructure			// The LLVM Compiler Infrastructure
	//			//
	// This file is distributed under the University of Illinois Open Source			// This file is distributed under the University of Illinois Open Source
	// License. See LICENSE.TXT for details.			// License. See LICENSE.TXT for details.
	//			//
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//
	// fuzzer::InputCorpus			// fuzzer::InputCorpus
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//

	#ifndef LLVM_FUZZER_CORPUS			#ifndef LLVM_FUZZER_CORPUS
	#define LLVM_FUZZER_CORPUS			#define LLVM_FUZZER_CORPUS

	#include <random>			#include <random>
	#include <unordered_set>			#include <unordered_set>
				#include <numeric>

	#include "FuzzerDefs.h"			#include "FuzzerDefs.h"
				#include "FuzzerIO.h"
				#include "FuzzerSHA1.h"
	#include "FuzzerRandom.h"			#include "FuzzerRandom.h"
	#include "FuzzerTracePC.h"			#include "FuzzerTracePC.h"

	namespace fuzzer {			namespace fuzzer {

	struct InputInfo {			struct InputInfo {
	Unit U; // The actual input data.			Unit U; // The actual input data.
	uint8_t Sha1[kSHA1NumBytes]; // Checksum.			uint8_t Sha1[kSHA1NumBytes]; // Checksum.
	▲ Show 20 Lines • Show All 189 Lines • Show Last 20 Lines

lib/Fuzzer/FuzzerDefs.h

	Show All 14 Lines
	#include <cstddef>			#include <cstddef>
	#include <cstdint>			#include <cstdint>
	#include <cstring>			#include <cstring>
	#include <string>			#include <string>
	#include <vector>			#include <vector>

	// Platform detection.			// Platform detection.
	#ifdef __linux__			#ifdef __linux__
	#define LIBFUZZER_LINUX 1
	#define LIBFUZZER_APPLE 0			#define LIBFUZZER_APPLE 0
				#define LIBFUZZER_LINUX 1
				#define LIBFUZZER_WINDOWS 0
	#elif __APPLE__			#elif __APPLE__
	#define LIBFUZZER_LINUX 0
	#define LIBFUZZER_APPLE 1			#define LIBFUZZER_APPLE 1
				#define LIBFUZZER_LINUX 0
				#define LIBFUZZER_WINDOWS 0
				#elif _WIN32
				#define LIBFUZZER_APPLE 0
				zturnerUnsubmitted Not Done Reply Inline Actions I think you will need to add #define LIBFUZZER_POSIX 0 #define LIBFUZZER_LINUX 0 #define LIBFUZZER_APPLE 0 similarly, in the previous 2 branches of the `#if`, you will need to `#define LIBFUZZER_WINDOWS 0` zturner: I think you will need to add ``` #define LIBFUZZER_POSIX 0 #define LIBFUZZER_LINUX 0 #define…
				mpividoriAuthorUnsubmitted Not Done Reply Inline Actions Hi, I omitted them to simplify the code. (when not defined, the macros assume value 0). If you think it is clearer, I can include them. mpividori: Hi, I omitted them to simplify the code. (when not defined, the macros assume value 0). If you…
				zturnerUnsubmitted Not Done Reply Inline Actions As long as we're consistent it's fine. If we're going to remove the 0 values, then remove them from the other cases too. zturner: As long as we're consistent it's fine. If we're going to remove the 0 values, then remove them…
				mpividoriAuthorUnsubmitted Not Done Reply Inline Actions Yes, I agree. mpividori: Yes, I agree.
				#define LIBFUZZER_LINUX 0
				#define LIBFUZZER_WINDOWS 1
	#else			#else
	#error "Support for your platform has not been implemented"			#error "Support for your platform has not been implemented"
	#endif			#endif

				#define LIBFUZZER_POSIX LIBFUZZER_APPLE \|\| LIBFUZZER_LINUX

	#ifdef __x86_64			#ifdef __x86_64
	#define ATTRIBUTE_TARGET_POPCNT __attribute__((target("popcnt")))			#define ATTRIBUTE_TARGET_POPCNT __attribute__((target("popcnt")))
	#else			#else
	#define ATTRIBUTE_TARGET_POPCNT			#define ATTRIBUTE_TARGET_POPCNT
	#endif			#endif

	namespace fuzzer {			namespace fuzzer {

	Show All 10 Lines
	struct ExternalFunctions;			struct ExternalFunctions;

	// Global interface to functions that may or may not be available.			// Global interface to functions that may or may not be available.
	extern ExternalFunctions *EF;			extern ExternalFunctions *EF;

	typedef std::vector<uint8_t> Unit;			typedef std::vector<uint8_t> Unit;
	typedef std::vector<Unit> UnitVector;			typedef std::vector<Unit> UnitVector;
	typedef int (UserCallback)(const uint8_t Data, size_t Size);			typedef int (UserCallback)(const uint8_t Data, size_t Size);
	int FuzzerDriver(int argc, char **argv, UserCallback Callback);

	bool IsFile(const std::string &Path);
	long GetEpoch(const std::string &Path);
	std::string FileToString(const std::string &Path);
	Unit FileToVector(const std::string &Path, size_t MaxSize = 0,
	bool ExitOnError = true);
	void ReadDirToVectorOfUnits(const char Path, std::vector<Unit> V,
	long *Epoch, size_t MaxSize, bool ExitOnError);
	void WriteToFile(const Unit &U, const std::string &Path);
	void CopyFileToErr(const std::string &Path);
	void DeleteFile(const std::string &Path);
	// Returns "Dir/FileName" or equivalent for the current OS.
	std::string DirPlusFile(const std::string &DirPath,
	const std::string &FileName);

	void DupAndCloseStderr();
	void CloseStdout();
	void Printf(const char *Fmt, ...);
	void PrintHexArray(const Unit &U, const char *PrintAfter = "");
	void PrintHexArray(const uint8_t *Data, size_t Size,
	const char *PrintAfter = "");
	void PrintASCII(const uint8_t Data, size_t Size, const char PrintAfter = "");
	void PrintASCII(const Unit &U, const char *PrintAfter = "");

	void PrintPC(const char SymbolizedFMT, const char FallbackFMT, uintptr_t PC);
	std::string DescribePC(const char *SymbolizedFMT, uintptr_t PC);
	std::string Hash(const Unit &U);
	void SetTimer(int Seconds);
	void SetSigSegvHandler();
	void SetSigBusHandler();
	void SetSigAbrtHandler();
	void SetSigIllHandler();
	void SetSigFpeHandler();
	void SetSigIntHandler();
	void SetSigTermHandler();
	std::string Base64(const Unit &U);
	int ExecuteCommand(const std::string &Command);
	bool ExecuteCommandAndReadOutput(const std::string &Command, std::string *Out);

	size_t GetPeakRSSMb();

	// Private copy of SHA1 implementation.
	static const int kSHA1NumBytes = 20;
	// Computes SHA1 hash of 'Len' bytes in 'Data', writes kSHA1NumBytes to 'Out'.
	void ComputeSHA1(const uint8_t Data, size_t Len, uint8_t Out);
	std::string Sha1ToString(const uint8_t Sha1[kSHA1NumBytes]);

	// Changes U to contain only ASCII (isprint+isspace) characters.
	// Returns true iff U has been changed.
	bool ToASCII(uint8_t *Data, size_t Size);
	bool IsASCII(const Unit &U);
	bool IsASCII(const uint8_t *Data, size_t Size);

	int NumberOfCpuCores();
	int GetPid();
	void SleepSeconds(int Seconds);

				int FuzzerDriver(int argc, char **argv, UserCallback Callback);

	struct ScopedDoingMyOwnMemmem {			struct ScopedDoingMyOwnMemmem {
	ScopedDoingMyOwnMemmem();			ScopedDoingMyOwnMemmem();
	~ScopedDoingMyOwnMemmem();			~ScopedDoingMyOwnMemmem();
	};			};

	inline uint8_t Bswap(uint8_t x) { return x; }			inline uint8_t Bswap(uint8_t x) { return x; }
	inline uint16_t Bswap(uint16_t x) { return __builtin_bswap16(x); }			inline uint16_t Bswap(uint16_t x) { return __builtin_bswap16(x); }
	inline uint32_t Bswap(uint32_t x) { return __builtin_bswap32(x); }			inline uint32_t Bswap(uint32_t x) { return __builtin_bswap32(x); }
	inline uint64_t Bswap(uint64_t x) { return __builtin_bswap64(x); }			inline uint64_t Bswap(uint64_t x) { return __builtin_bswap64(x); }

	} // namespace fuzzer			} // namespace fuzzer
	#endif // LLVM_FUZZER_DEFS_H			#endif // LLVM_FUZZER_DEFS_H

lib/Fuzzer/FuzzerDictionary.h

	//===- FuzzerDictionary.h - Internal header for the Fuzzer ------- C++ - ===//			//===- FuzzerDictionary.h - Internal header for the Fuzzer ------- C++ - ===//
	//			//
	// The LLVM Compiler Infrastructure			// The LLVM Compiler Infrastructure
	//			//
	// This file is distributed under the University of Illinois Open Source			// This file is distributed under the University of Illinois Open Source
	// License. See LICENSE.TXT for details.			// License. See LICENSE.TXT for details.
	//			//
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//
	// fuzzer::Dictionary			// fuzzer::Dictionary
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//

	#ifndef LLVM_FUZZER_DICTIONARY_H			#ifndef LLVM_FUZZER_DICTIONARY_H
	#define LLVM_FUZZER_DICTIONARY_H			#define LLVM_FUZZER_DICTIONARY_H

				#include "FuzzerUtil.h"
				#include "FuzzerIO.h"
				#include "FuzzerDefs.h"
	#include <algorithm>			#include <algorithm>
	#include <limits>			#include <limits>

	#include "FuzzerDefs.h"

	namespace fuzzer {			namespace fuzzer {
	// A simple POD sized array of bytes.			// A simple POD sized array of bytes.
	template <size_t kMaxSize> class FixedWord {			template <size_t kMaxSize> class FixedWord {
	public:			public:
	FixedWord() {}			FixedWord() {}
	FixedWord(const uint8_t *B, uint8_t S) { Set(B, S); }			FixedWord(const uint8_t *B, uint8_t S) { Set(B, S); }

	void Set(const uint8_t *B, uint8_t S) {			void Set(const uint8_t *B, uint8_t S) {
	▲ Show 20 Lines • Show All 97 Lines • Show Last 20 Lines

lib/Fuzzer/FuzzerDriver.cpp

//===- FuzzerDriver.cpp - FuzzerDriver function and flags -----------------===//		//===- FuzzerDriver.cpp - FuzzerDriver function and flags -----------------===//
//		//
// The LLVM Compiler Infrastructure		// The LLVM Compiler Infrastructure
//		//
// This file is distributed under the University of Illinois Open Source		// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.		// License. See LICENSE.TXT for details.
//		//
//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//
// FuzzerDriver and flag parsing.		// FuzzerDriver and flag parsing.
//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//

#include "FuzzerCorpus.h"		#include "FuzzerCorpus.h"
#include "FuzzerInterface.h"		#include "FuzzerInterface.h"
#include "FuzzerInternal.h"		#include "FuzzerInternal.h"
		#include "FuzzerIO.h"
		#include "FuzzerIOPlatform.h"
#include "FuzzerMutate.h"		#include "FuzzerMutate.h"
#include "FuzzerRandom.h"		#include "FuzzerRandom.h"

#include <algorithm>		#include <algorithm>
#include <atomic>		#include <atomic>
#include <chrono>		#include <chrono>
#include <cstring>		#include <cstring>
#include <mutex>		#include <mutex>
#include <string>		#include <string>
#include <thread>		#include <thread>
#include <unistd.h>

// This function should be present in the libFuzzer so that the client		// This function should be present in the libFuzzer so that the client
// binary can test for its existence.		// binary can test for its existence.
extern "C" __attribute__((used)) void __libfuzzer_is_present() {}		extern "C" __attribute__((used)) void __libfuzzer_is_present() {}

namespace fuzzer {		namespace fuzzer {

// Program arguments.		// Program arguments.
▲ Show 20 Lines • Show All 402 Lines • ▼ Show 20 Lines	if (Flags.exit_on_src_pos)
Options.ExitOnSrcPos = Flags.exit_on_src_pos;		Options.ExitOnSrcPos = Flags.exit_on_src_pos;
if (Flags.exit_on_item)		if (Flags.exit_on_item)
Options.ExitOnItem = Flags.exit_on_item;		Options.ExitOnItem = Flags.exit_on_item;

unsigned Seed = Flags.seed;		unsigned Seed = Flags.seed;
// Initialize Seed.		// Initialize Seed.
if (Seed == 0)		if (Seed == 0)
Seed = (std::chrono::system_clock::now().time_since_epoch().count() << 10) +		Seed = (std::chrono::system_clock::now().time_since_epoch().count() << 10) +
getpid();		GetPid();
if (Flags.verbosity)		if (Flags.verbosity)
Printf("INFO: Seed: %u\n", Seed);		Printf("INFO: Seed: %u\n", Seed);

Random Rand(Seed);		Random Rand(Seed);
auto *MD = new MutationDispatcher(Rand, Options);		auto *MD = new MutationDispatcher(Rand, Options);
auto *Corpus = new InputCorpus(Options.OutputCorpus);		auto *Corpus = new InputCorpus(Options.OutputCorpus);
auto F = new Fuzzer(Callback, Corpus, *MD, Options);		auto F = new Fuzzer(Callback, Corpus, *MD, Options);

▲ Show 20 Lines • Show All 86 Lines • Show Last 20 Lines

lib/Fuzzer/FuzzerExtFunctionsApple.cpp

	//===- FuzzerExtFunctionsDlsym.cpp - Interface to external functions ------===//			//===- FuzzerExtFunctionsApple.cpp - Interface to external functions ------===//
	//			//
	// The LLVM Compiler Infrastructure			// The LLVM Compiler Infrastructure
	//			//
	// This file is distributed under the University of Illinois Open Source			// This file is distributed under the University of Illinois Open Source
	// License. See LICENSE.TXT for details.			// License. See LICENSE.TXT for details.
	//			//
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//
	// Implementation for operating systems that support dlsym(). We only use it on			// Implementation for operating systems that support dlsym(). We only use it on
	// Apple platforms for now. We don't use this approach on Linux because it			// Apple platforms for now. We don't use this approach on Linux because it
	// requires that clients of LibFuzzer pass ``--export-dynamic`` to the linker.			// requires that clients of LibFuzzer pass ``--export-dynamic`` to the linker.
	// That is a complication we don't wish to expose to clients right now.			// That is a complication we don't wish to expose to clients right now.
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//
	#include "FuzzerDefs.h"			#include "FuzzerDefs.h"
	#if LIBFUZZER_APPLE			#if LIBFUZZER_APPLE

	#include "FuzzerExtFunctions.h"			#include "FuzzerExtFunctions.h"
				#include "FuzzerIO.h"
	#include <dlfcn.h>			#include <dlfcn.h>

	using namespace fuzzer;			using namespace fuzzer;

	template <typename T>			template <typename T>
	static T GetFnPtr(const char *FnName, bool WarnIfMissing) {			static T GetFnPtr(const char *FnName, bool WarnIfMissing) {
	dlerror(); // Clear any previous errors.			dlerror(); // Clear any previous errors.
	void *Fn = dlsym(RTLD_DEFAULT, FnName);			void *Fn = dlsym(RTLD_DEFAULT, FnName);
	Show All 24 Lines

lib/Fuzzer/FuzzerExtFunctionsLinux.cpp

	//===- FuzzerExtFunctionsWeak.cpp - Interface to external functions -------===//			//===- FuzzerExtFunctionsLinux.cpp - Interface to external functions ------===//
	//			//
	// The LLVM Compiler Infrastructure			// The LLVM Compiler Infrastructure
	//			//
	// This file is distributed under the University of Illinois Open Source			// This file is distributed under the University of Illinois Open Source
	// License. See LICENSE.TXT for details.			// License. See LICENSE.TXT for details.
	//			//
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//
	// Implementation for Linux. This relies on the linker's support for weak			// Implementation for Linux. This relies on the linker's support for weak
	// symbols. We don't use this approach on Apple platforms because it requires			// symbols. We don't use this approach on Apple platforms because it requires
	// clients of LibFuzzer to pass ``-U _<symbol_name>`` to the linker to allow			// clients of LibFuzzer to pass ``-U _<symbol_name>`` to the linker to allow
	// weak symbols to be undefined. That is a complication we don't want to expose			// weak symbols to be undefined. That is a complication we don't want to expose
	// to clients right now.			// to clients right now.
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//
	#include "FuzzerDefs.h"			#include "FuzzerDefs.h"
	#if LIBFUZZER_LINUX			#if LIBFUZZER_LINUX

	#include "FuzzerExtFunctions.h"			#include "FuzzerExtFunctions.h"
				#include "FuzzerIO.h"

	extern "C" {			extern "C" {
	// Declare these symbols as weak to allow them to be optionally defined.			// Declare these symbols as weak to allow them to be optionally defined.
	#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN) \			#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN) \
	__attribute__((weak)) RETURN_TYPE NAME FUNC_SIG			__attribute__((weak)) RETURN_TYPE NAME FUNC_SIG

	#include "FuzzerExtFunctions.def"			#include "FuzzerExtFunctions.def"

	Show All 24 Lines

lib/Fuzzer/FuzzerExtFunctionsWindows.cpp

				//===- FuzzerExtFunctionsWindows.cpp - Interface to external functions ----===//
				//
				// The LLVM Compiler Infrastructure
				//
				// This file is distributed under the University of Illinois Open Source
				// License. See LICENSE.TXT for details.
				//
				//===----------------------------------------------------------------------===//
				// Implementation for Windows.
				//===----------------------------------------------------------------------===//
				#include "FuzzerDefs.h"
				#if LIBFUZZER_WINDOWS
				#include "FuzzerExtFunctions.h"
				zturnerUnsubmitted Not Done Reply Inline Actions Can you remove this and do it at the CMake level instead? It seems that the other 2 files were already working this way, but maybe we should clean it all up. I'll have more specific comments later on in the `CMakeLists.txt` file. zturner: Can you remove this and do it at the CMake level instead? It seems that the other 2 files were…
				mpividoriAuthorUnsubmitted Not Done Reply Inline Actions Yes, I completely agree. mpividori: Yes, I completely agree.
				#include "FuzzerIO.h"

				using namespace fuzzer;

				extern "C" {
				// Declare these symbols as weak to allow them to be optionally defined.
				#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN) \
				RETURN_TYPE NAME ## Def FUNC_SIG { \
				Printf("ERROR: Function \"%s\" not defined.\n", #NAME); \
				exit(1); \
				} \
				RETURN_TYPE NAME FUNC_SIG __attribute__ ((weak, alias (#NAME "Def")));

				#include "FuzzerExtFunctions.def"

				#undef EXT_FUNC
				}

				template <typename T>
				static T* GetFnPtr(T Fun, T FunDef, const char *FnName, bool WarnIfMissing) {
				if (Fun == FunDef) {
				if (WarnIfMissing)
				Printf("WARNING: Failed to find function \"%s\".\n", FnName);
				return nullptr;
				}
				return Fun;
				}

				namespace fuzzer {

				ExternalFunctions::ExternalFunctions() {
				#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN) \
				this->NAME = GetFnPtr<decltype(::NAME)>(::NAME, ::NAME ## Def, #NAME, WARN);

				#include "FuzzerExtFunctions.def"

				#undef EXT_FUNC
				}
				} // namespace fuzzer
				#endif // LIBFUZZER_WINDOWS

lib/Fuzzer/FuzzerIO.h

				//===- FuzzerIO.h - Internal header for IO utils ----------------- C++ - ===//
				//
				// The LLVM Compiler Infrastructure
				//
				// This file is distributed under the University of Illinois Open Source
				// License. See LICENSE.TXT for details.
				//
				//===----------------------------------------------------------------------===//
				// IO interface.
				//===----------------------------------------------------------------------===//
				#ifndef LLVM_FUZZER_IO_H
				#define LLVM_FUZZER_IO_H

				#include "FuzzerDefs.h"

				namespace fuzzer {

				long GetEpoch(const std::string &Path);

				Unit FileToVector(const std::string &Path, size_t MaxSize = 0,
				bool ExitOnError = true);

				void DeleteFile(const std::string &Path);

				std::string FileToString(const std::string &Path);

				void CopyFileToErr(const std::string &Path);

				void WriteToFile(const Unit &U, const std::string &Path);

				void ReadDirToVectorOfUnits(const char Path, std::vector<Unit> V,
				long *Epoch, size_t MaxSize, bool ExitOnError);

				// Returns "Dir/FileName" or equivalent for the current OS.
				std::string DirPlusFile(const std::string &DirPath,
				const std::string &FileName);

				void DupAndCloseStderr();

				void CloseStdout();

				void Printf(const char *Fmt, ...);

				} // namespace fuzzer
				#endif // LLVM_FUZZER_IO_H

lib/Fuzzer/FuzzerIO.cpp

//===- FuzzerIO.cpp - IO utils. -------------------------------------------===//		//===- FuzzerIO.cpp - IO utils. -------------------------------------------===//
//		//
// The LLVM Compiler Infrastructure		// The LLVM Compiler Infrastructure
//		//
// This file is distributed under the University of Illinois Open Source		// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.		// License. See LICENSE.TXT for details.
//		//
//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//
// IO functions.		// IO functions.
//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//
		#include "FuzzerIOPlatform.h"
		#include "FuzzerIO.h"
#include "FuzzerExtFunctions.h"		#include "FuzzerExtFunctions.h"
#include "FuzzerDefs.h"		#include "FuzzerDefs.h"
#include <iterator>		#include <algorithm>
		#include <cstdarg>
		#include <cstdio>
#include <fstream>		#include <fstream>
#include <dirent.h>		#include <iterator>
#include <sys/types.h>		#include <sys/types.h>
#include <sys/stat.h>		#include <sys/stat.h>
		#if LIBFUZZER_POSIX
#include <unistd.h>		#include <unistd.h>
#include <cstdarg>		#endif
#include <cstdio>

namespace fuzzer {		namespace fuzzer {

static FILE *OutputFile = stderr;		static FILE *OutputFile = stderr;

bool IsFile(const std::string &Path) {
struct stat St;
if (stat(Path.c_str(), &St))
return false;
return S_ISREG(St.st_mode);
}

long GetEpoch(const std::string &Path) {		long GetEpoch(const std::string &Path) {
struct stat St;		struct stat St;
if (stat(Path.c_str(), &St))		if (stat(Path.c_str(), &St))
return 0; // Can't stat, be conservative.		return 0; // Can't stat, be conservative.
return St.st_mtime;		return St.st_mtime;
}		}

static void ListFilesInDirRecursive(const std::string &Dir, long *Epoch,
std::vector<std::string> *V, bool TopDir) {
auto E = GetEpoch(Dir);
if (Epoch)
if (E && *Epoch >= E) return;

DIR *D = opendir(Dir.c_str());
if (!D) {
Printf("No such directory: %s; exiting\n", Dir.c_str());
exit(1);
}
while (auto E = readdir(D)) {
std::string Path = DirPlusFile(Dir, E->d_name);
if (E->d_type == DT_REG \|\| E->d_type == DT_LNK)
V->push_back(Path);
else if (E->d_type == DT_DIR && *E->d_name != '.')
ListFilesInDirRecursive(Path, Epoch, V, false);
}
closedir(D);
if (Epoch && TopDir)
*Epoch = E;
}

Unit FileToVector(const std::string &Path, size_t MaxSize, bool ExitOnError) {		Unit FileToVector(const std::string &Path, size_t MaxSize, bool ExitOnError) {
std::ifstream T(Path);		std::ifstream T(Path);
if (ExitOnError && !T) {		if (ExitOnError && !T) {
Printf("No such directory: %s; exiting\n", Path.c_str());		Printf("No such directory: %s; exiting\n", Path.c_str());
exit(1);		exit(1);
}		}

T.seekg(0, T.end);		T.seekg(0, T.end);
▲ Show 20 Lines • Show All 44 Lines • ▼ Show 20 Lines	for (size_t i = 0; i < Files.size(); i++) {
auto S = FileToVector(X, MaxSize, ExitOnError);		auto S = FileToVector(X, MaxSize, ExitOnError);
if (!S.empty())		if (!S.empty())
V->push_back(S);		V->push_back(S);
}		}
}		}

std::string DirPlusFile(const std::string &DirPath,		std::string DirPlusFile(const std::string &DirPath,
const std::string &FileName) {		const std::string &FileName) {
return DirPath + "/" + FileName;		return DirPath + GetSeparator() + FileName;
}		}

void DupAndCloseStderr() {		void DupAndCloseStderr() {
int OutputFd = dup(2);		int OutputFd = DuplicateFile(2);
if (OutputFd > 0) {		if (OutputFd > 0) {
FILE *NewOutputFile = fdopen(OutputFd, "w");		FILE *NewOutputFile = OpenFile(OutputFd, "w");
if (NewOutputFile) {		if (NewOutputFile) {
OutputFile = NewOutputFile;		OutputFile = NewOutputFile;
if (EF->__sanitizer_set_report_fd)		if (EF->__sanitizer_set_report_fd)
EF->__sanitizer_set_report_fd(reinterpret_cast<void *>(OutputFd));		EF->__sanitizer_set_report_fd(reinterpret_cast<void *>(OutputFd));
close(2);		CloseFile(2);
}		}
}		}
}		}

void CloseStdout() { close(1); }		void CloseStdout() {
		CloseFile(1);
		}

void Printf(const char *Fmt, ...) {		void Printf(const char *Fmt, ...) {
va_list ap;		va_list ap;
va_start(ap, Fmt);		va_start(ap, Fmt);
vfprintf(OutputFile, Fmt, ap);		vfprintf(OutputFile, Fmt, ap);
va_end(ap);		va_end(ap);
fflush(OutputFile);		fflush(OutputFile);
}		}

} // namespace fuzzer		} // namespace fuzzer

lib/Fuzzer/FuzzerIOPlatform.h

				//===- FuzzerIOPlatform.h - Internal header for IO plat. utils --- C++ - ===//
				//
				// The LLVM Compiler Infrastructure
				//
				// This file is distributed under the University of Illinois Open Source
				// License. See LICENSE.TXT for details.
				//
				//===----------------------------------------------------------------------===//
				// Interface for IO platform specific functions.
				//===----------------------------------------------------------------------===//
				#ifndef LLVM_FUZZER_IO_PLATFORM_H
				#define LLVM_FUZZER_IO_PLATFORM_H

				#include <string>
				#include <vector>

				namespace fuzzer {

				// Platform specific functions.
				bool IsFile(const std::string &Path);

				void ListFilesInDirRecursive(const std::string &Dir, long *Epoch,
				std::vector<std::string> *V, bool TopDir);

				char GetSeparator();

				FILE* OpenFile(int Fd, const char *Mode);

				int CloseFile(int Fd);

				int DuplicateFile(int Fd);

				} // namespace fuzzer
				#endif // LLVM_FUZZER_IO_PLATFORM_H

lib/Fuzzer/FuzzerIOPosix.cpp

				//===- FuzzerIOPosix.cpp - IO utils for Posix. ----------------------------===//
				//
				// The LLVM Compiler Infrastructure
				//
				// This file is distributed under the University of Illinois Open Source
				// License. See LICENSE.TXT for details.
				//
				//===----------------------------------------------------------------------===//
				// IO functions implementation using Posix API.
				//===----------------------------------------------------------------------===//

				#include "FuzzerDefs.h"
				#if LIBFUZZER_POSIX
				#include "FuzzerExtFunctions.h"
				zturnerUnsubmitted Not Done Reply Inline Actions Same thing here, this file should not even be sent to the compiler if it's not a posix system. More comments later in `CMakeLists.txt` zturner: Same thing here, this file should not even be sent to the compiler if it's not a posix system.
				#include "FuzzerIO.h"
				#include <cstdarg>
				#include <cstdio>
				#include <dirent.h>
				#include <fstream>
				#include <iterator>
				#include <sys/types.h>
				#include <sys/stat.h>
				#include <unistd.h>

				namespace fuzzer {

				bool IsFile(const std::string &Path) {
				struct stat St;
				if (stat(Path.c_str(), &St))
				return false;
				return S_ISREG(St.st_mode);
				}

				void ListFilesInDirRecursive(const std::string &Dir, long *Epoch,
				std::vector<std::string> *V, bool TopDir) {
				auto E = GetEpoch(Dir);
				if (Epoch)
				if (E && *Epoch >= E) return;

				DIR *D = opendir(Dir.c_str());
				if (!D) {
				Printf("No such directory: %s; exiting\n", Dir.c_str());
				exit(1);
				}
				while (auto E = readdir(D)) {
				std::string Path = DirPlusFile(Dir, E->d_name);
				if (E->d_type == DT_REG \|\| E->d_type == DT_LNK)
				V->push_back(Path);
				else if (E->d_type == DT_DIR && *E->d_name != '.')
				ListFilesInDirRecursive(Path, Epoch, V, false);
				}
				closedir(D);
				if (Epoch && TopDir)
				*Epoch = E;
				}

				char GetSeparator() {
				return '/';
				}

				FILE* OpenFile(int Fd, const char* Mode) {
				return fdopen(Fd, Mode);
				}

				int CloseFile(int fd) {
				return close(fd);
				}

				int DuplicateFile(int Fd) {
				return dup(Fd);
				}

				} // namespace fuzzer
				#endif // LIBFUZZER_POSIX

lib/Fuzzer/FuzzerIOWindows.cpp

				//===- FuzzerIOWindows.cpp - IO utils for Windows. ------------------------===//
				//
				// The LLVM Compiler Infrastructure
				//
				// This file is distributed under the University of Illinois Open Source
				// License. See LICENSE.TXT for details.
				//
				//===----------------------------------------------------------------------===//
				// IO functions implementation for Windows.
				//===----------------------------------------------------------------------===//

				#include "FuzzerDefs.h"
				#if LIBFUZZER_WINDOWS
				#include "FuzzerExtFunctions.h"
				#include "FuzzerIO.h"
				#include <cstdarg>
				#include <cstdio>
				#include <fstream>
				#include <io.h>
				#include <iterator>
				#include <sys/types.h>
				#include <sys/stat.h>
				#include <windows.h>

				namespace fuzzer {

				bool IsFile(const std::string &Path) {
				DWORD Att = GetFileAttributesA(Path.c_str());

				if (Att == INVALID_FILE_ATTRIBUTES) {
				zturnerUnsubmitted Not Done Reply Inline Actions Check the code in `llvm/lib/Support/Windows/Path.inc` for the `status()` function. There are some subtleties that you should be aware of that this code doesn't handle. You can probably just rip the code straight from there, changing `W` to `A` so we don't have to worry about widening the paths. zturner: Check the code in `llvm/lib/Support/Windows/Path.inc` for the `status()` function. There are…
				mpividoriAuthorUnsubmitted Not Done Reply Inline Actions Hi, Thanks. Yes, I based my implementation in the implementation of `status()` / `getStatus()` from the Support Library. What I haven't included is the function `isReservedName`, because I assumed that reserved names would return `GetFileType()` different to `FILE_TYPE_DISK` (probably `FILE_TYPE_CHAR` ?). Do you think I should include check for reserved names? The rest of the code is similar to the implementation of `status()`. mpividori: Hi, Thanks. Yes, I based my implementation in the implementation of `status()` / `getStatus()`…
				zturnerUnsubmitted Not Done Reply Inline Actions Hmm. The function I'm looking at first calls `GetFileAttributes()`, and then only if it is a reparse point (kinda like a symlink) does it open the handle. This allows it to "follow the symlink" to get info about the target. But the advantage of that approach is that `GetFileAttributes()` doesn't actually open the handle -- which can fail in certain scenarios -- unless it has to. Are we looking at the same function? The one I'm looking at is `lib/Support/Windows/Path.inc` line 464. zturner: Hmm. The function I'm looking at first calls `GetFileAttributes()`, and then only if it is a…
				mpividoriAuthorUnsubmitted Not Done Reply Inline Actions Hi, in fact the: `if (attr & FILE_ATTRIBUTE_REPARSE_POINT)` in `lib/Support/Windows/Path.inc` line 482, doesn't make sense. It does exactly the same when it is a reparse point than when it isn't ..... If it is not a reparse point, it also uses `CreateFileView` to open a handle... I think there are some errors in that code, or the `if` statement is redundant... mpividori: Hi, in fact the: ` if (attr & FILE_ATTRIBUTE_REPARSE_POINT) ` in `lib/Support/Windows/Path.inc`…
				zturnerUnsubmitted Not Done Reply Inline Actions Hmm, you are right. That's some bad code :) Anyway, for just returning true / false, it's slightly better to only open the file if it's a reparse point. If it's not a reparse point, you can just return `attr == FILE_ATTRIBUTE_NORMAL` and it will work. zturner: Hmm, you are right. That's some bad code :) Anyway, for just returning true / false, it's…
				Printf("GetFileAttributesA() failed for \"%s\" (Error code: %lu).\n",
				Path.c_str(), GetLastError());
				return false;
				}

				if (Att & FILE_ATTRIBUTE_NORMAL)
				return true;

				if (Att & FILE_ATTRIBUTE_DIRECTORY)
				return false;

				HANDLE FileHandle(
				CreateFileA(Path.c_str(), 0, FILE_SHARE_READ, NULL, OPEN_EXISTING,
				FILE_FLAG_BACKUP_SEMANTICS, 0));

				if (FileHandle == INVALID_HANDLE_VALUE) {
				Printf("CreateFileA() failed for \"%s\" (Error code: %lu).\n", Path.c_str(),
				GetLastError());
				return false;
				}

				DWORD FileType = GetFileType(FileHandle);

				if (FileType == FILE_TYPE_UNKNOWN) {
				Printf("GetFileType() failed for \"%s\" (Error code: %lu).\n", Path.c_str(),
				GetLastError());
				CloseHandle(FileHandle);
				return false;
				}

				if (FileType != FILE_TYPE_DISK) {
				CloseHandle(FileHandle);
				return false;
				}

				zturnerUnsubmitted Not Done Reply Inline Actions This looks wrong to me. We should be expecting a path that ends with either a slash or that doesn't end with a slash. It looks like you're trying to check here "is this the root directory". But I'm not sure why that matters. For example, we should translate all of the following: D:\ -> D:\* D:\foo -> D:\foo\* d:\foo\ -> D:\foo\* And I also think we should be asserting that the path is not empty, because that wouldn't make any sense. So I think the correct check should be something like: assert(!Path.empty()); if (Path.back() != '\\') Path.push_back('\\'); Path.push_back(''); Let me know if I'm misunderstood though. zturner:* This looks wrong to me. We should be expecting a path that ends with either a slash or that…
				mpividoriAuthorUnsubmitted Not Done Reply Inline Actions Hi, I took that code from `directory_iterator_construct(..)` implementation in `llvm/lib/Support/Windows/Path.inc`. I don't know why it check for `:` character, I thought this was a special case to be considered... Ok, I agree with the code you proposed. It makes more sense for me too. mpividori: Hi, I took that code from `directory_iterator_construct(..)` implementation in…
				CloseHandle(FileHandle);
				return true;
				}

				zturnerUnsubmitted Not Done Reply Inline Actions Some Windows api functions return `nullptr` if it fails, and some return `INVALID_HANDLE_VALUE`. You need to always check which one is returned to indicate an error. This one returns `INVALID_HANDLE_VALUE`, so the check here is incorrect. zturner: Some Windows api functions return `nullptr` if it fails, and some return `INVALID_HANDLE_VALUE`.
				mpividoriAuthorUnsubmitted Not Done Reply Inline Actions Thanks, Ok. I took that code from `directory_iterator_construct(..)` implementation in `llvm/lib/Support/Windows/Path.inc`, so I think I should update that implementation too :). mpividori: Thanks, Ok. I took that code from `directory_iterator_construct(..)` implementation in…
				zturnerUnsubmitted Not Done Reply Inline Actions Interesting, yea that looks like a bug in the original code. Please submit that in a separate patch though since it's unrelated to libfuzzer. zturner: Interesting, yea that looks like a bug in the original code. Please submit that in a separate…
				void ListFilesInDirRecursive(const std::string &Dir, long *Epoch,
				std::vector<std::string> *V, bool TopDir) {
				auto E = GetEpoch(Dir);
				if (Epoch)
				if (E && *Epoch >= E) return;

				std::string Path(Dir);
				assert(!Path.empty());
				if (Path.back() != '\\')
				Path.push_back('\\');
				Path.push_back('*');

				// Get the first directory entry.
				WIN32_FIND_DATAA FirstFind;
				HANDLE FindHandle(FindFirstFileA(Path.c_str(), &FirstFind));
				if (FindHandle == INVALID_HANDLE_VALUE)
				{
				Printf("No file found in: %s.\n", Dir.c_str());
				return;
				}

				do {
				size_t FilenameLen = strlen(FirstFind.cFileName);
				if ((FilenameLen == 1 && FirstFind.cFileName[0] == '.') \|\|
				(FilenameLen == 2 && FirstFind.cFileName[0] == '.' &&
				FirstFind.cFileName[1] == '.'))
				zturnerUnsubmitted Not Done Reply Inline Actions The same comment here applies as above. We shouldn't be opening a handle to the file unless we really need to, because that can lead to sharing violations if someone else is using the file. If you move the code for `IsFile()` (which I commented on above) into a separate function called `Stat()` or something that returns the file type, then you could call that function both here and in `IsFile()`. zturner: The same comment here applies as above. We shouldn't be opening a handle to the file unless we…
				mpividoriAuthorUnsubmitted Not Done Reply Inline Actions Hi. I am not sure I understand properly. The `status()` implementation in `llvm/lib/Support/Windows/Path.inc`, opens a handle to get the file type, so I think it would be the same that current implementation. As far as I understand, it is not possible to know the file type without opening a handle. Am I missing something? Thanks. mpividori: Hi. I am not sure I understand properly. The `status()` implementation in…
				zturnerUnsubmitted Not Done Reply Inline Actions You are right, I looked over that function again. But I still think we can do better. I think the status function there is intended to be more general. It retrieves more information than just whether or not it is a regular file or directory. For example, if you call `GetFileAttributesA()` and the output parameter is equal to `FILE_ATTRIBUTE_NORMAL`, you can return true immediately. Only if it contains `FILE_ATTRIBUTE_REPARSE_POINT` do you need to open the handle and do the more complicated aproach. This will allow it to work in more scenarios, as opening a handle can fail in strange situations. zturner: You are right, I looked over that function again. But I still think we can do better. I think…
				continue;

				std::string FileName = DirPlusFile(Dir, FirstFind.cFileName);

				DWORD Att = GetFileAttributesA(FileName.c_str());

				if (Att == INVALID_FILE_ATTRIBUTES) {
				Printf("GetFileAttributesA() failed for \"%s\" (Error code: %lu).\n",
				FileName.c_str(), GetLastError());
				FindClose(FindHandle);
				return;
				}

				if (Att & FILE_ATTRIBUTE_DIRECTORY)
				ListFilesInDirRecursive(FileName, Epoch, V, false);
				else if (IsFile(FileName))
				V->push_back(FileName);
				} while (FindNextFileA(FindHandle, &FirstFind));

				DWORD LastError = GetLastError();
				if (LastError != ERROR_NO_MORE_FILES)
				Printf("FindNextFileA failed (Error code: %lu).\n", LastError);

				FindClose(FindHandle);

				if (Epoch && TopDir)
				*Epoch = E;
				}

				char GetSeparator() {
				return '\\';
				}

				FILE* OpenFile(int Fd, const char* Mode) {
				return _fdopen(Fd, Mode);
				}

				int CloseFile(int Fd) {
				return _close(Fd);
				zturnerUnsubmitted Not Done Reply Inline Actions It doesn't seem good to me that we're copying all these functions and only making very slight modifications. I would suggest handling it like this: In `FuzzerIO.h`, make the following declarations: char getSeparator(); FILE OpenFile(int Fd, const char Mode); int DuplicateFile(int fd); int CloseFile(int fd); Also in `FuzzerIO.h`, copy `DirPlusFile`, `DupAndCloseStderr`, and `CloseStdout` to the common location, and use these functions. Implement the above functions in `FileIOPosix.cpp` and `FileIOWindows.cpp` as one-liners. For example, on Windows, you have something like this: char getSeparator() { return `\\`; } FILE OpenFile(int Fd, const char Mode) { return _fdopen(Fd, Mode); } You could also do it with `#define`s, but this way seems safer. zturner: It doesn't seem good to me that we're copying all these functions and only making very slight…
				mpividoriAuthorUnsubmitted Not Done Reply Inline Actions Thanks, I completely agree. mpividori: Thanks, I completely agree.
				}

				zturnerUnsubmitted Not Done Reply Inline Actions Printf code is exactly the same in both places, so this function should just be declared and implemented in `FuzzerIO.h` and `FuzzerIO.cpp`, there is no reason to copy it. zturner: Printf code is exactly the same in both places, so this function should just be declared and…
				mpividoriAuthorUnsubmitted Not Done Reply Inline Actions Yes, it is repeated because I included all functions working with the global variable `OutputFile` in the same .cpp file where it is defined. I can declare `OutputFile` as extern variable in `FuzzerDefs.h` and move Printf code to `FuzzerIO.cpp`. mpividori: Yes, it is repeated because I included all functions working with the global variable…
				zturnerUnsubmitted Not Done Reply Inline Actions Maybe just have Printf take the file as first argument? So that instead of `printf` it's more like `fprintf`? zturner: Maybe just have Printf take the file as first argument? So that instead of `printf` it's more…
				int DuplicateFile(int Fd) {
				return _dup(Fd);
				}

				} // namespace fuzzer
				#endif // LIBFUZZER_WINDOWS

lib/Fuzzer/FuzzerInternal.h

	Show All 17 Lines
	#include <climits>			#include <climits>
	#include <cstdlib>			#include <cstdlib>
	#include <string.h>			#include <string.h>

	#include "FuzzerDefs.h"			#include "FuzzerDefs.h"
	#include "FuzzerExtFunctions.h"			#include "FuzzerExtFunctions.h"
	#include "FuzzerInterface.h"			#include "FuzzerInterface.h"
	#include "FuzzerOptions.h"			#include "FuzzerOptions.h"
				#include "FuzzerSHA1.h"
	#include "FuzzerValueBitMap.h"			#include "FuzzerValueBitMap.h"

	namespace fuzzer {			namespace fuzzer {

	using namespace std::chrono;			using namespace std::chrono;

	class Fuzzer {			class Fuzzer {
	public:			public:
	▲ Show 20 Lines • Show All 143 Lines • Show Last 20 Lines

lib/Fuzzer/FuzzerLoop.cpp

	//===- FuzzerLoop.cpp - Fuzzer's main loop --------------------------------===//			//===- FuzzerLoop.cpp - Fuzzer's main loop --------------------------------===//
	//			//
	// The LLVM Compiler Infrastructure			// The LLVM Compiler Infrastructure
	//			//
	// This file is distributed under the University of Illinois Open Source			// This file is distributed under the University of Illinois Open Source
	// License. See LICENSE.TXT for details.			// License. See LICENSE.TXT for details.
	//			//
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//
	// Fuzzer's main loop.			// Fuzzer's main loop.
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//

	#include "FuzzerInternal.h"			#include "FuzzerInternal.h"
	#include "FuzzerCorpus.h"			#include "FuzzerCorpus.h"
				#include "FuzzerIO.h"
	#include "FuzzerMutate.h"			#include "FuzzerMutate.h"
	#include "FuzzerTracePC.h"			#include "FuzzerTracePC.h"
	#include "FuzzerRandom.h"			#include "FuzzerRandom.h"

	#include <algorithm>			#include <algorithm>
	#include <cstring>			#include <cstring>
	#include <set>
	#include <memory>			#include <memory>
				#include <set>

	#if defined(__has_include)			#if defined(__has_include)
	#if __has_include(<sanitizer / coverage_interface.h>)			#if __has_include(<sanitizer / coverage_interface.h>)
	#include <sanitizer/coverage_interface.h>			#include <sanitizer/coverage_interface.h>
	#endif			#endif
	#if __has_include(<sanitizer / lsan_interface.h>)			#if __has_include(<sanitizer / lsan_interface.h>)
	#include <sanitizer/lsan_interface.h>			#include <sanitizer/lsan_interface.h>
	#endif			#endif
	▲ Show 20 Lines • Show All 735 Lines • Show Last 20 Lines

lib/Fuzzer/FuzzerMutate.cpp

	//===- FuzzerMutate.cpp - Mutate a test input -----------------------------===//			//===- FuzzerMutate.cpp - Mutate a test input -----------------------------===//
	//			//
	// The LLVM Compiler Infrastructure			// The LLVM Compiler Infrastructure
	//			//
	// This file is distributed under the University of Illinois Open Source			// This file is distributed under the University of Illinois Open Source
	// License. See LICENSE.TXT for details.			// License. See LICENSE.TXT for details.
	//			//
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//
	// Mutate a test input.			// Mutate a test input.
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//

	#include <cstring>

	#include "FuzzerCorpus.h"			#include "FuzzerCorpus.h"
	#include "FuzzerDefs.h"			#include "FuzzerDefs.h"
	#include "FuzzerExtFunctions.h"			#include "FuzzerExtFunctions.h"
				#include "FuzzerIO.h"
	#include "FuzzerMutate.h"			#include "FuzzerMutate.h"
	#include "FuzzerOptions.h"			#include "FuzzerOptions.h"

	namespace fuzzer {			namespace fuzzer {

	const size_t Dictionary::kMaxDictSize;			const size_t Dictionary::kMaxDictSize;

	static void PrintASCII(const Word &W, const char *PrintAfter) {			static void PrintASCII(const Word &W, const char *PrintAfter) {
	▲ Show 20 Lines • Show All 504 Lines • Show Last 20 Lines

lib/Fuzzer/FuzzerSHA1.h

				//===- FuzzerSHA1.h - Internal header for the SHA1 utils --------- C++ - ===//
				//
				// The LLVM Compiler Infrastructure
				//
				// This file is distributed under the University of Illinois Open Source
				// License. See LICENSE.TXT for details.
				//
				//===----------------------------------------------------------------------===//
				// SHA1 utils.
				//===----------------------------------------------------------------------===//
				#ifndef LLVM_FUZZER_SHA1_H
				#define LLVM_FUZZER_SHA1_H

				#include "FuzzerDefs.h"
				#include <cstddef>
				#include <stdint.h>

				namespace fuzzer {

				// Private copy of SHA1 implementation.
				static const int kSHA1NumBytes = 20;

				// Computes SHA1 hash of 'Len' bytes in 'Data', writes kSHA1NumBytes to 'Out'.
				void ComputeSHA1(const uint8_t Data, size_t Len, uint8_t Out);

				std::string Sha1ToString(const uint8_t Sha1[kSHA1NumBytes]);

				std::string Hash(const Unit &U);

				} // namespace fuzzer
				#endif // LLVM_FUZZER_SHA1_H

lib/Fuzzer/FuzzerSHA1.cpp

	Show All 10 Lines
	// and modified by adding anonymous namespace, adding an interface			// and modified by adding anonymous namespace, adding an interface
	// function fuzzer::ComputeSHA1() and removing unnecessary code.			// function fuzzer::ComputeSHA1() and removing unnecessary code.
	//			//
	// lib/Fuzzer can not use SHA1 implementation from openssl because			// lib/Fuzzer can not use SHA1 implementation from openssl because
	// openssl may not be available and because we may be fuzzing openssl itself.			// openssl may not be available and because we may be fuzzing openssl itself.
	// For the same reason we do not want to depend on SHA1 from LLVM tree.			// For the same reason we do not want to depend on SHA1 from LLVM tree.
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//

				#include "FuzzerSHA1.h"
	#include "FuzzerDefs.h"			#include "FuzzerDefs.h"

	/* This code is public-domain - it is based on libcrypt			/* This code is public-domain - it is based on libcrypt
	* placed in the public domain by Wei Dai and other contributors.			* placed in the public domain by Wei Dai and other contributors.
	*/			*/

				#include <iomanip>
				#include <sstream>
	#include <stdint.h>			#include <stdint.h>
	#include <string.h>			#include <string.h>

	namespace { // Added for LibFuzzer			namespace { // Added for LibFuzzer

	#ifdef __BIG_ENDIAN__			#ifdef __BIG_ENDIAN__
	# define SHA_BIG_ENDIAN			# define SHA_BIG_ENDIAN
	#elif defined __LITTLE_ENDIAN__			#elif defined __LITTLE_ENDIAN__
	▲ Show 20 Lines • Show All 155 Lines • ▼ Show 20 Lines
	#endif			#endif

	// Return pointer to hash (20 characters)			// Return pointer to hash (20 characters)
	return (uint8_t*) s->state;			return (uint8_t*) s->state;
	}			}

	} // namespace; Added for LibFuzzer			} // namespace; Added for LibFuzzer

				namespace fuzzer {

	// The rest is added for LibFuzzer			// The rest is added for LibFuzzer
	void fuzzer::ComputeSHA1(const uint8_t Data, size_t Len, uint8_t Out) {			void ComputeSHA1(const uint8_t Data, size_t Len, uint8_t Out) {
	sha1nfo s;			sha1nfo s;
	sha1_init(&s);			sha1_init(&s);
	sha1_write(&s, (const char*)Data, Len);			sha1_write(&s, (const char*)Data, Len);
	memcpy(Out, sha1_result(&s), HASH_LENGTH);			memcpy(Out, sha1_result(&s), HASH_LENGTH);
	}			}

				std::string Sha1ToString(const uint8_t Sha1[kSHA1NumBytes]) {
				std::stringstream SS;
				for (int i = 0; i < kSHA1NumBytes; i++)
				SS << std::hex << std::setfill('0') << std::setw(2) << (unsigned)Sha1[i];
				return SS.str();
				}

				std::string Hash(const Unit &U) {
				uint8_t Hash[kSHA1NumBytes];
				ComputeSHA1(U.data(), U.size(), Hash);
				return Sha1ToString(Hash);
				}

				}

lib/Fuzzer/FuzzerTracePC.cpp

	//===- FuzzerTracePC.cpp - PC tracing--------------------------------------===//			//===- FuzzerTracePC.cpp - PC tracing--------------------------------------===//
	//			//
	// The LLVM Compiler Infrastructure			// The LLVM Compiler Infrastructure
	//			//
	// This file is distributed under the University of Illinois Open Source			// This file is distributed under the University of Illinois Open Source
	// License. See LICENSE.TXT for details.			// License. See LICENSE.TXT for details.
	//			//
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//
	// Trace PCs.			// Trace PCs.
	// This module implements __sanitizer_cov_trace_pc_guard[_init],			// This module implements __sanitizer_cov_trace_pc_guard[_init],
	// the callback required for -fsanitize-coverage=trace-pc-guard instrumentation.			// the callback required for -fsanitize-coverage=trace-pc-guard instrumentation.
	//			//
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//

	#include <map>
	#include <set>
	#include <sstream>

	#include "FuzzerCorpus.h"			#include "FuzzerCorpus.h"
	#include "FuzzerDefs.h"			#include "FuzzerDefs.h"
	#include "FuzzerDictionary.h"			#include "FuzzerDictionary.h"
	#include "FuzzerExtFunctions.h"			#include "FuzzerExtFunctions.h"
				#include "FuzzerIO.h"
	#include "FuzzerTracePC.h"			#include "FuzzerTracePC.h"
	#include "FuzzerValueBitMap.h"			#include "FuzzerValueBitMap.h"
				#include <map>
				#include <set>
				#include <sstream>

	namespace fuzzer {			namespace fuzzer {

	TracePC TPC;			TracePC TPC;

	void TracePC::HandleTrace(uint32_t *Guard, uintptr_t PC) {			void TracePC::HandleTrace(uint32_t *Guard, uintptr_t PC) {
	uint32_t Idx = *Guard;			uint32_t Idx = *Guard;
	if (!Idx) return;			if (!Idx) return;
	▲ Show 20 Lines • Show All 303 Lines • Show Last 20 Lines

lib/Fuzzer/FuzzerTraceState.cpp

	//===- FuzzerTraceState.cpp - Trace-based fuzzer mutator ------------------===//			//===- FuzzerTraceState.cpp - Trace-based fuzzer mutator ------------------===//
	//			//
	// The LLVM Compiler Infrastructure			// The LLVM Compiler Infrastructure
	//			//
	// This file is distributed under the University of Illinois Open Source			// This file is distributed under the University of Illinois Open Source
	// License. See LICENSE.TXT for details.			// License. See LICENSE.TXT for details.
	//			//
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//
	// Data tracing.			// Data tracing.
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//

	#include "FuzzerInternal.h"			#include "FuzzerInternal.h"
	#include "FuzzerDictionary.h"			#include "FuzzerDictionary.h"
				#include "FuzzerIO.h"
	#include "FuzzerMutate.h"			#include "FuzzerMutate.h"
	#include "FuzzerRandom.h"			#include "FuzzerRandom.h"
	#include "FuzzerTracePC.h"			#include "FuzzerTracePC.h"

	#include <algorithm>			#include <algorithm>
	#include <cstring>			#include <cstring>
	#include <thread>
	#include <map>			#include <map>
	#include <set>			#include <set>
				#include <thread>

	namespace fuzzer {			namespace fuzzer {

	// For now, very simple: put Size bytes of Data at position Pos.			// For now, very simple: put Size bytes of Data at position Pos.
	struct TraceBasedMutation {			struct TraceBasedMutation {
	uint32_t Pos;			uint32_t Pos;
	Word W;			Word W;
	};			};
	▲ Show 20 Lines • Show All 295 Lines • Show Last 20 Lines

lib/Fuzzer/FuzzerUtil.h

				//===- FuzzerUtil.h - Internal header for the Fuzzer Utils ------- C++ - ===//
				//
				// The LLVM Compiler Infrastructure
				//
				// This file is distributed under the University of Illinois Open Source
				// License. See LICENSE.TXT for details.
				//
				//===----------------------------------------------------------------------===//
				// Util functions.
				//===----------------------------------------------------------------------===//
				#ifndef LLVM_FUZZER_UTIL_H
				#define LLVM_FUZZER_UTIL_H

				#include "FuzzerDefs.h"

				namespace fuzzer {

				void PrintHexArray(const Unit &U, const char *PrintAfter = "");

				void PrintHexArray(const uint8_t *Data, size_t Size,
				const char *PrintAfter = "");

				void PrintASCII(const uint8_t Data, size_t Size, const char PrintAfter = "");

				void PrintASCII(const Unit &U, const char *PrintAfter = "");

				// Changes U to contain only ASCII (isprint+isspace) characters.
				// Returns true iff U has been changed.
				bool ToASCII(uint8_t *Data, size_t Size);

				bool IsASCII(const Unit &U);

				bool IsASCII(const uint8_t *Data, size_t Size);

				std::string Base64(const Unit &U);

				void PrintPC(const char SymbolizedFMT, const char FallbackFMT, uintptr_t PC);

				std::string DescribePC(const char *SymbolizedFMT, uintptr_t PC);

				int NumberOfCpuCores();

				// Platform specific functions.
				void SetTimer(int Seconds);

				void SetSigSegvHandler();
				void SetSigBusHandler();
				void SetSigAbrtHandler();
				void SetSigIllHandler();
				void SetSigFpeHandler();
				void SetSigIntHandler();
				void SetSigTermHandler();

				void SleepSeconds(int Seconds);

				int GetPid();

				size_t GetPeakRSSMb();

				bool ExecuteCommandAndReadOutput(const std::string &Command, std::string *Out);

				int ExecuteCommand(const std::string &Command);

				#if LIBFUZZER_WINDOWS
				const void memmem(const void haystack, size_t haystacklen,
				const void *needle, size_t needlelen);
				#endif

				} // namespace fuzzer
				#endif // LLVM_FUZZER_UTIL_H

lib/Fuzzer/FuzzerUtil.cpp

//===- FuzzerUtil.cpp - Misc utils ----------------------------------------===//		//===- FuzzerUtil.cpp - Misc utils ----------------------------------------===//
//		//
// The LLVM Compiler Infrastructure		// The LLVM Compiler Infrastructure
//		//
// This file is distributed under the University of Illinois Open Source		// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.		// License. See LICENSE.TXT for details.
//		//
//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//
// Misc utils.		// Misc utils.
//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//

		#include "FuzzerUtil.h"
#include "FuzzerInternal.h"		#include "FuzzerInternal.h"
#include <sstream>		#include "FuzzerIO.h"
#include <iomanip>
#include <sys/resource.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/syscall.h>
#include <cassert>		#include <cassert>
#include <chrono>		#include <chrono>
#include <cstring>		#include <cstring>
#include <stdio.h>		#include <errno.h>
#include <signal.h>		#include <signal.h>
#include <sstream>		#include <sstream>
#include <unistd.h>		#include <stdio.h>
#include <errno.h>		#include <sys/types.h>
#include <thread>		#include <thread>

namespace fuzzer {		namespace fuzzer {

void PrintHexArray(const uint8_t *Data, size_t Size,		void PrintHexArray(const uint8_t *Data, size_t Size,
const char *PrintAfter) {		const char *PrintAfter) {
for (size_t i = 0; i < Size; i++)		for (size_t i = 0; i < Size; i++)
Printf("0x%x,", (unsigned)Data[i]);		Printf("0x%x,", (unsigned)Data[i]);
Show All 20 Lines	for (size_t i = 0; i < Size; i++)
PrintASCIIByte(Data[i]);		PrintASCIIByte(Data[i]);
Printf("%s", PrintAfter);		Printf("%s", PrintAfter);
}		}

void PrintASCII(const Unit &U, const char *PrintAfter) {		void PrintASCII(const Unit &U, const char *PrintAfter) {
PrintASCII(U.data(), U.size(), PrintAfter);		PrintASCII(U.data(), U.size(), PrintAfter);
}		}

std::string Sha1ToString(const uint8_t Sha1[kSHA1NumBytes]) {
std::stringstream SS;
for (int i = 0; i < kSHA1NumBytes; i++)
SS << std::hex << std::setfill('0') << std::setw(2) << (unsigned)Sha1[i];
return SS.str();
}

std::string Hash(const Unit &U) {
uint8_t Hash[kSHA1NumBytes];
ComputeSHA1(U.data(), U.size(), Hash);
return Sha1ToString(Hash);
}

static void AlarmHandler(int, siginfo_t , void ) {
Fuzzer::StaticAlarmCallback();
}

static void CrashHandler(int, siginfo_t , void ) {
Fuzzer::StaticCrashSignalCallback();
}

static void InterruptHandler(int, siginfo_t , void ) {
Fuzzer::StaticInterruptCallback();
}

static void SetSigaction(int signum,
void (callback)(int, siginfo_t , void *)) {
struct sigaction sigact;
memset(&sigact, 0, sizeof(sigact));
sigact.sa_sigaction = callback;
if (sigaction(signum, &sigact, 0)) {
Printf("libFuzzer: sigaction failed with %d\n", errno);
exit(1);
}
}

void SetTimer(int Seconds) {
struct itimerval T {{Seconds, 0}, {Seconds, 0}};
if (setitimer(ITIMER_REAL, &T, nullptr)) {
Printf("libFuzzer: setitimer failed with %d\n", errno);
exit(1);
}
SetSigaction(SIGALRM, AlarmHandler);
}

void SetSigSegvHandler() { SetSigaction(SIGSEGV, CrashHandler); }
void SetSigBusHandler() { SetSigaction(SIGBUS, CrashHandler); }
void SetSigAbrtHandler() { SetSigaction(SIGABRT, CrashHandler); }
void SetSigIllHandler() { SetSigaction(SIGILL, CrashHandler); }
void SetSigFpeHandler() { SetSigaction(SIGFPE, CrashHandler); }
void SetSigIntHandler() { SetSigaction(SIGINT, InterruptHandler); }
void SetSigTermHandler() { SetSigaction(SIGTERM, InterruptHandler); }

int NumberOfCpuCores() {
const char *CmdLine = nullptr;
if (LIBFUZZER_LINUX) {
CmdLine = "nproc";
} else if (LIBFUZZER_APPLE) {
CmdLine = "sysctl -n hw.ncpu";
} else {
assert(0 && "NumberOfCpuCores() is not implemented for your platform");
}

FILE *F = popen(CmdLine, "r");
int N = 1;
if (!F \|\| fscanf(F, "%d", &N) != 1) {
Printf("WARNING: Failed to parse output of command \"%s\" in %s(). "
"Assuming CPU count of 1.\n",
CmdLine, __func__);
N = 1;
}

if (pclose(F)) {
Printf("WARNING: Executing command \"%s\" failed in %s(). "
"Assuming CPU count of 1.\n",
CmdLine, __func__);
N = 1;
}
if (N < 1) {
Printf("WARNING: Reported CPU count (%d) from command \"%s\" was invalid "
"in %s(). Assuming CPU count of 1.\n",
N, CmdLine, __func__);
N = 1;
}
return N;
}

bool ToASCII(uint8_t *Data, size_t Size) {		bool ToASCII(uint8_t *Data, size_t Size) {
bool Changed = false;		bool Changed = false;
for (size_t i = 0; i < Size; i++) {		for (size_t i = 0; i < Size; i++) {
uint8_t &X = Data[i];		uint8_t &X = Data[i];
auto NewX = X;		auto NewX = X;
NewX &= 127;		NewX &= 127;
if (!isspace(NewX) && !isprint(NewX))		if (!isspace(NewX) && !isprint(NewX))
NewX = ' ';		NewX = ' ';
▲ Show 20 Lines • Show All 79 Lines • ▼ Show 20 Lines	if (ParseOneDictionaryEntry(S, &U)) {
Printf("ParseDictionaryFile: error in line %d\n\t\t%s\n", LineNo,		Printf("ParseDictionaryFile: error in line %d\n\t\t%s\n", LineNo,
S.c_str());		S.c_str());
return false;		return false;
}		}
}		}
return true;		return true;
}		}

void SleepSeconds(int Seconds) {
sleep(Seconds); // Use C API to avoid coverage from instrumented libc++.
}

int GetPid() { return getpid(); }

std::string Base64(const Unit &U) {		std::string Base64(const Unit &U) {
static const char Table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"		static const char Table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"		"abcdefghijklmnopqrstuvwxyz"
"0123456789+/";		"0123456789+/";
std::string Res;		std::string Res;
size_t i;		size_t i;
for (i = 0; i + 2 < U.size(); i += 3) {		for (i = 0; i + 2 < U.size(); i += 3) {
uint32_t x = (U[i] << 16) + (U[i + 1] << 8) + U[i + 2];		uint32_t x = (U[i] << 16) + (U[i + 1] << 8) + U[i + 2];
Show All 12 Lines	if (i + 1 == U.size()) {
Res += Table[(x >> 18) & 63];		Res += Table[(x >> 18) & 63];
Res += Table[(x >> 12) & 63];		Res += Table[(x >> 12) & 63];
Res += Table[(x >> 6) & 63];		Res += Table[(x >> 6) & 63];
Res += "=";		Res += "=";
}		}
return Res;		return Res;
}		}

size_t GetPeakRSSMb() {
struct rusage usage;
if (getrusage(RUSAGE_SELF, &usage))
return 0;
if (LIBFUZZER_LINUX) {
// ru_maxrss is in KiB
return usage.ru_maxrss >> 10;
} else if (LIBFUZZER_APPLE) {
// ru_maxrss is in bytes
return usage.ru_maxrss >> 20;
}
assert(0 && "GetPeakRSSMb() is not implemented for your platform");
return 0;
}

std::string DescribePC(const char *SymbolizedFMT, uintptr_t PC) {		std::string DescribePC(const char *SymbolizedFMT, uintptr_t PC) {
if (!EF->__sanitizer_symbolize_pc) return "<can not symbolize>";		if (!EF->__sanitizer_symbolize_pc) return "<can not symbolize>";
char PcDescr[1024];		char PcDescr[1024];
EF->__sanitizer_symbolize_pc(reinterpret_cast<void*>(PC),		EF->__sanitizer_symbolize_pc(reinterpret_cast<void*>(PC),
SymbolizedFMT, PcDescr, sizeof(PcDescr));		SymbolizedFMT, PcDescr, sizeof(PcDescr));
PcDescr[sizeof(PcDescr) - 1] = 0; // Just in case.		PcDescr[sizeof(PcDescr) - 1] = 0; // Just in case.
return PcDescr;		return PcDescr;
}		}

void PrintPC(const char SymbolizedFMT, const char FallbackFMT, uintptr_t PC) {		void PrintPC(const char SymbolizedFMT, const char FallbackFMT, uintptr_t PC) {
if (EF->__sanitizer_symbolize_pc)		if (EF->__sanitizer_symbolize_pc)
Printf("%s", DescribePC(SymbolizedFMT, PC).c_str());		Printf("%s", DescribePC(SymbolizedFMT, PC).c_str());
else		else
Printf(FallbackFMT, PC);		Printf(FallbackFMT, PC);
}		}

bool ExecuteCommandAndReadOutput(const std::string &Command, std::string *Out) {		int NumberOfCpuCores() {
FILE *Pipe = popen(Command.c_str(), "r");		unsigned N = std::thread::hardware_concurrency();
if (!Pipe) return false;		if (!N) {
char Buff[1024];		Printf("WARNING: std::thread::hardware_concurrency not well defined for "
size_t N;		"your platform. Assuming CPU count of 1.\n");
while ((N = fread(Buff, 1, sizeof(Buff), Pipe)) > 0)		N = 1;
Out->append(Buff, N);		}
return true;		return N;
}		}

} // namespace fuzzer		} // namespace fuzzer

lib/Fuzzer/FuzzerUtilDarwin.cpp

	//===- FuzzerUtilDarwin.cpp - Misc utils ----------------------------------===//			//===- FuzzerUtilDarwin.cpp - Misc utils ----------------------------------===//
	//			//
	// The LLVM Compiler Infrastructure			// The LLVM Compiler Infrastructure
	//			//
	// This file is distributed under the University of Illinois Open Source			// This file is distributed under the University of Illinois Open Source
	// License. See LICENSE.TXT for details.			// License. See LICENSE.TXT for details.
	//			//
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//
	// Misc utils for Darwin.			// Misc utils for Darwin.
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//
	#include "FuzzerDefs.h"			#include "FuzzerDefs.h"
	#if LIBFUZZER_APPLE			#if LIBFUZZER_APPLE
				#include "FuzzerIO.h"
	#include <mutex>			#include <mutex>
	#include <signal.h>			#include <signal.h>
	#include <spawn.h>			#include <spawn.h>
	#include <sys/wait.h>			#include <sys/wait.h>

	// There is no header for this on macOS so declare here			// There is no header for this on macOS so declare here
	extern "C" char **environ;			extern "C" char **environ;

	▲ Show 20 Lines • Show All 128 Lines • Show Last 20 Lines

lib/Fuzzer/FuzzerUtilLinux.cpp

	//===- FuzzerUtilLinux.cpp - Misc utils -----------------------------------===//			//===- FuzzerUtilLinux.cpp - Misc utils for Linux. ------------------------===//
	//			//
	// The LLVM Compiler Infrastructure			// The LLVM Compiler Infrastructure
	//			//
	// This file is distributed under the University of Illinois Open Source			// This file is distributed under the University of Illinois Open Source
	// License. See LICENSE.TXT for details.			// License. See LICENSE.TXT for details.
	//			//
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//
	// Misc utils for Linux.			// Misc utils for Linux.
	Show All 10 Lines

lib/Fuzzer/FuzzerUtilPosix.cpp

				//===- FuzzerUtilPosix.cpp - Misc utils for Posix. ------------------------===//
				//
				// The LLVM Compiler Infrastructure
				//
				// This file is distributed under the University of Illinois Open Source
				// License. See LICENSE.TXT for details.
				//
				//===----------------------------------------------------------------------===//
				// Misc utils implementation using Posix API.
				//===----------------------------------------------------------------------===//

				#include "FuzzerDefs.h"
				#if LIBFUZZER_POSIX
				#include "FuzzerInternal.h"
				#include "FuzzerIO.h"
				#include <cassert>
				#include <chrono>
				#include <cstring>
				#include <errno.h>
				#include <iomanip>
				#include <signal.h>
				#include <sstream>
				#include <stdio.h>
				#include <sys/resource.h>
				#include <sys/syscall.h>
				#include <sys/time.h>
				#include <sys/types.h>
				#include <thread>
				#include <unistd.h>

				namespace fuzzer {

				static void AlarmHandler(int, siginfo_t , void ) {
				Fuzzer::StaticAlarmCallback();
				}

				static void CrashHandler(int, siginfo_t , void ) {
				Fuzzer::StaticCrashSignalCallback();
				}

				static void InterruptHandler(int, siginfo_t , void ) {
				Fuzzer::StaticInterruptCallback();
				}

				static void SetSigaction(int signum,
				void (callback)(int, siginfo_t , void *)) {
				struct sigaction sigact;
				memset(&sigact, 0, sizeof(sigact));
				sigact.sa_sigaction = callback;
				if (sigaction(signum, &sigact, 0)) {
				Printf("libFuzzer: sigaction failed with %d\n", errno);
				exit(1);
				}
				}

				void SetTimer(int Seconds) {
				struct itimerval T {{Seconds, 0}, {Seconds, 0}};
				if (setitimer(ITIMER_REAL, &T, nullptr)) {
				Printf("libFuzzer: setitimer failed with %d\n", errno);
				exit(1);
				}
				SetSigaction(SIGALRM, AlarmHandler);
				}

				void SetSigSegvHandler() { SetSigaction(SIGSEGV, CrashHandler); }
				void SetSigBusHandler() { SetSigaction(SIGBUS, CrashHandler); }
				void SetSigAbrtHandler() { SetSigaction(SIGABRT, CrashHandler); }
				void SetSigIllHandler() { SetSigaction(SIGILL, CrashHandler); }
				void SetSigFpeHandler() { SetSigaction(SIGFPE, CrashHandler); }
				void SetSigIntHandler() { SetSigaction(SIGINT, InterruptHandler); }
				void SetSigTermHandler() { SetSigaction(SIGTERM, InterruptHandler); }

				void SleepSeconds(int Seconds) {
				sleep(Seconds); // Use C API to avoid coverage from instrumented libc++.
				}

				int GetPid() { return getpid(); }

				size_t GetPeakRSSMb() {
				struct rusage usage;
				if (getrusage(RUSAGE_SELF, &usage))
				return 0;
				if (LIBFUZZER_LINUX) {
				// ru_maxrss is in KiB
				return usage.ru_maxrss >> 10;
				} else if (LIBFUZZER_APPLE) {
				// ru_maxrss is in bytes
				return usage.ru_maxrss >> 20;
				}
				assert(0 && "GetPeakRSSMb() is not implemented for your platform");
				return 0;
				}

				bool ExecuteCommandAndReadOutput(const std::string &Command, std::string *Out) {
				FILE *Pipe = popen(Command.c_str(), "r");
				if (!Pipe) return false;
				char Buff[1024];
				size_t N;
				while ((N = fread(Buff, 1, sizeof(Buff), Pipe)) > 0)
				Out->append(Buff, N);
				return true;
				}

				} // namespace fuzzer
				#endif // LIBFUZZER_POSIX

lib/Fuzzer/FuzzerUtilWindows.cpp

				//===- FuzzerUtilWindows.cpp - Misc utils for Windows. --------------------===//
				//
				// The LLVM Compiler Infrastructure
				//
				// This file is distributed under the University of Illinois Open Source
				// License. See LICENSE.TXT for details.
				//
				//===----------------------------------------------------------------------===//
				// Misc utils implementation for Windows.
				//===----------------------------------------------------------------------===//

				#include "FuzzerDefs.h"
				#if LIBFUZZER_WINDOWS
				#include "FuzzerInternal.h"
				#include "FuzzerIO.h"
				#include <cassert>
				#include <chrono>
				#include <cstring>
				#include <errno.h>
				#include <iomanip>
				#include <signal.h>
				#include <sstream>
				#include <stdio.h>
				#include <sys/types.h>
				#include <windows.h>
				#include <Psapi.h>

				namespace fuzzer {

				LONG WINAPI SEGVHandler(PEXCEPTION_POINTERS ExceptionInfo) {
				switch (ExceptionInfo->ExceptionRecord->ExceptionCode) {
				case EXCEPTION_ACCESS_VIOLATION:
				case EXCEPTION_ARRAY_BOUNDS_EXCEEDED:
				rnkUnsubmitted Not Done Reply Inline Actions I think it would be better to draw this interface boundary at a higher level. Something where we pass in the handle_* flags, install a single exception handler, have one switch, and let it dispatch based on whether it's supposed to catch that type of exception. Then the cross-platform API would be something like InitializeSignalHandlers(). This would require hosting the Flags code out of FuzzerDriver.cpp, so we should ask @kcc about it. rnk: I think it would be better to draw this interface boundary at a higher level. Something where…
				mpividoriAuthorUnsubmitted Not Done Reply Inline Actions Hi, thanks for your comment. I don't see the real advantage of that. Do you see any problem in registering many exception handlers with `AddVectoredExceptionHandler()`? Is it only about the design? Thanks mpividori: Hi, thanks for your comment. I don't see the real advantage of that. Do you see any problem in…
				case EXCEPTION_STACK_OVERFLOW:
				Fuzzer::StaticCrashSignalCallback();
				break;
				}
				return EXCEPTION_CONTINUE_SEARCH;
				}

				LONG WINAPI BUSHandler(PEXCEPTION_POINTERS ExceptionInfo) {
				switch (ExceptionInfo->ExceptionRecord->ExceptionCode) {
				case EXCEPTION_DATATYPE_MISALIGNMENT:
				case EXCEPTION_IN_PAGE_ERROR:
				Fuzzer::StaticCrashSignalCallback();
				break;
				}
				return EXCEPTION_CONTINUE_SEARCH;
				}

				LONG WINAPI ILLHandler(PEXCEPTION_POINTERS ExceptionInfo) {
				switch (ExceptionInfo->ExceptionRecord->ExceptionCode) {
				case EXCEPTION_ILLEGAL_INSTRUCTION:
				case EXCEPTION_PRIV_INSTRUCTION:
				Fuzzer::StaticCrashSignalCallback();
				break;
				}
				return EXCEPTION_CONTINUE_SEARCH;
				}

				LONG WINAPI FPEHandler(PEXCEPTION_POINTERS ExceptionInfo) {
				switch (ExceptionInfo->ExceptionRecord->ExceptionCode) {
				case EXCEPTION_FLT_DENORMAL_OPERAND:
				case EXCEPTION_FLT_DIVIDE_BY_ZERO:
				case EXCEPTION_FLT_INEXACT_RESULT:
				case EXCEPTION_FLT_INVALID_OPERATION:
				case EXCEPTION_FLT_OVERFLOW:
				case EXCEPTION_FLT_STACK_CHECK:
				case EXCEPTION_FLT_UNDERFLOW:
				case EXCEPTION_INT_DIVIDE_BY_ZERO:
				case EXCEPTION_INT_OVERFLOW:
				Fuzzer::StaticCrashSignalCallback();
				break;
				}
				return EXCEPTION_CONTINUE_SEARCH;
				}

				BOOL WINAPI INTHandler(DWORD dwCtrlType) {
				switch (dwCtrlType) {
				case CTRL_C_EVENT:
				Fuzzer::StaticInterruptCallback();
				return TRUE;
				default:
				return FALSE;
				}
				}

				BOOL WINAPI TERMHandler(DWORD dwCtrlType) {
				switch (dwCtrlType) {
				case CTRL_BREAK_EVENT:
				Fuzzer::StaticInterruptCallback();
				return TRUE;
				default:
				return FALSE;
				}
				}

				void SetTimer(int Seconds) {
				// TODO: Complete this implementation.
				return;
				}

				void SetSigSegvHandler() {
				if (!AddVectoredExceptionHandler(1, SEGVHandler)) {
				Printf("libFuzzer: AddVectoredExceptionHandler failed.\n");
				exit(1);
				}
				}

				void SetSigBusHandler() {
				if (!AddVectoredExceptionHandler(1, BUSHandler)) {
				Printf("libFuzzer: AddVectoredExceptionHandler failed.\n");
				exit(1);
				}
				}

				static void CrashHandler(int) {
				Fuzzer::StaticCrashSignalCallback();
				}

				void SetSigAbrtHandler() { signal(SIGABRT, CrashHandler); }

				void SetSigIllHandler() {
				if (!AddVectoredExceptionHandler(1, ILLHandler)) {
				Printf("libFuzzer: AddVectoredExceptionHandler failed.\n");
				exit(1);
				}
				}

				void SetSigFpeHandler() {
				if (!AddVectoredExceptionHandler(1, FPEHandler)) {
				Printf("libFuzzer: AddVectoredExceptionHandler failed.\n");
				exit(1);
				}
				}

				void SetSigIntHandler() {
				if (!SetConsoleCtrlHandler(INTHandler, TRUE)) {
				DWORD LastError = GetLastError();
				Printf("libFuzzer: SetConsoleCtrlHandler failed (Error code: %lu).\n",
				LastError);
				exit(1);
				}
				}

				void SetSigTermHandler() {
				if (!SetConsoleCtrlHandler(TERMHandler, TRUE)) {
				DWORD LastError = GetLastError();
				Printf("libFuzzer: SetConsoleCtrlHandler failed (Error code: %lu).\n",
				rnkUnsubmitted Not Done Reply Inline Actions For example, this handler is completely redundant with the SigInt handler. Only one will actually be called. rnk: For example, this handler is completely redundant with the SigInt handler. Only one will…
				mpividoriAuthorUnsubmitted Not Done Reply Inline Actions I am not sure I understand what you mean. The handlers `TERMHandler` and `INTHandler` return a boolean value TRUE or FALSE, to know if they have handled the signal. We can register many handlers. mpividori: I am not sure I understand what you mean. The handlers `TERMHandler` and `INTHandler` return a…
				LastError);
				exit(1);
				}
				}

				void SleepSeconds(int Seconds) {
				Sleep(Seconds * 1000);
				}

				int GetPid() { return GetCurrentProcessId(); }

				size_t GetPeakRSSMb() {
				PROCESS_MEMORY_COUNTERS info;
				if (!GetProcessMemoryInfo(GetCurrentProcess(), &info, sizeof(info)))
				return 0;
				return info.PeakWorkingSetSize >> 20;
				zturnerUnsubmitted Not Done Reply Inline Actions Is there any reason we can't use this implementation on all platforms? The Posix implementation seems unnecessarily complicated, when this will work just fine. zturner: Is there any reason we can't use this implementation on all platforms? The Posix…
				mpividoriAuthorUnsubmitted Not Done Reply Inline Actions Yes, I think we can. I will update the code. I could add this as the first option. If it fails (returns 0), then consider the commands `npos`/`sysctl`. Or directly simplify the code to only use: `std::thread::hardware_concurrency()`. mpividori: Yes, I think we can. I will update the code. I could add this as the first option. If it fails…
				}

				bool ExecuteCommandAndReadOutput(const std::string &Command, std::string *Out) {
				FILE *Pipe = _popen(Command.c_str(), "r");
				if (!Pipe) return false;
				char Buff[1024];
				size_t N;
				while ((N = fread(Buff, 1, sizeof(Buff), Pipe)) > 0)
				Out->append(Buff, N);
				return true;
				}

				const void memmem(const void Data, size_t DataLen, const void *Patt,
				size_t PattLen)
				{
				//TODO: make this implementation more efficient.
				const char Cdata = (const char) Data;
				const char Cpatt = (const char) Patt;

				if (!Data \|\| !Patt \|\| DataLen == 0 \|\| PattLen == 0 \|\| DataLen < PattLen)
				return NULL;

				if (PattLen == 1)
				zturnerUnsubmitted Not Done Reply Inline Actions In the future we should change this to use `CreateProcessA`, but for now this is probably fine. zturner: In the future we should change this to use `CreateProcessA`, but for now this is probably fine.
				return memchr(Data, *Cpatt, DataLen);

				const char *End = Cdata + DataLen - PattLen;

				for (const char *It = Cdata; It < End; ++It)
				if (It[0] == Cpatt[0] && memcmp(It, Cpatt, PattLen) == 0)
				return It;

				return NULL;
				}

				int ExecuteCommand(const std::string &Command) {
				return system(Command.c_str());
				}

				} // namespace fuzzer
				#endif // LIBFUZZER_WINDOWS

This is an archive of the discontinued LLVM Phabricator instance.

Initial changes for porting libFuzzer to Windows.AbandonedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 79097

lib/Fuzzer/CMakeLists.txt

lib/Fuzzer/FuzzerCorpus.h

lib/Fuzzer/FuzzerDefs.h

lib/Fuzzer/FuzzerDictionary.h

lib/Fuzzer/FuzzerDriver.cpp

lib/Fuzzer/FuzzerExtFunctionsApple.cpp

lib/Fuzzer/FuzzerExtFunctionsLinux.cpp

lib/Fuzzer/FuzzerExtFunctionsWindows.cpp

lib/Fuzzer/FuzzerIO.h

lib/Fuzzer/FuzzerIO.cpp

lib/Fuzzer/FuzzerIOPlatform.h

lib/Fuzzer/FuzzerIOPosix.cpp

lib/Fuzzer/FuzzerIOWindows.cpp

lib/Fuzzer/FuzzerInternal.h

lib/Fuzzer/FuzzerLoop.cpp

lib/Fuzzer/FuzzerMutate.cpp

lib/Fuzzer/FuzzerSHA1.h

lib/Fuzzer/FuzzerSHA1.cpp

lib/Fuzzer/FuzzerTracePC.cpp

lib/Fuzzer/FuzzerTraceState.cpp

lib/Fuzzer/FuzzerUtil.h

lib/Fuzzer/FuzzerUtil.cpp

lib/Fuzzer/FuzzerUtilDarwin.cpp

lib/Fuzzer/FuzzerUtilLinux.cpp

lib/Fuzzer/FuzzerUtilPosix.cpp

lib/Fuzzer/FuzzerUtilWindows.cpp

Initial changes for porting libFuzzer to Windows.
AbandonedPublic