Index: lib/fuzzer/FuzzerCorpus.h =================================================================== --- lib/fuzzer/FuzzerCorpus.h +++ lib/fuzzer/FuzzerCorpus.h @@ -35,7 +35,7 @@ size_t NumSuccessfullMutations = 0; bool MayDeleteFile = false; bool Reduced = false; - std::vector UniqFeatureSet; + fuzzer::vector UniqFeatureSet; }; class InputCorpus { @@ -71,7 +71,7 @@ bool empty() const { return Inputs.empty(); } const Unit &operator[] (size_t Idx) const { return Inputs[Idx]->U; } void AddToCorpus(const Unit &U, size_t NumFeatures, bool MayDeleteFile, - const std::vector &FeatureSet) { + const fuzzer::vector &FeatureSet) { assert(!U.empty()); if (FeatureDebug) Printf("ADD_TO_CORPUS %zd NF %zd\n", Inputs.size(), NumFeatures); @@ -100,7 +100,7 @@ } // Debug-only - void PrintFeatureSet(const std::vector &FeatureSet) { + void PrintFeatureSet(const fuzzer::vector &FeatureSet) { if (!FeatureDebug) return; Printf("{"); for (uint32_t Feature: FeatureSet) @@ -256,11 +256,11 @@ } std::piecewise_constant_distribution CorpusDistribution; - std::vector Intervals; - std::vector Weights; + fuzzer::vector Intervals; + fuzzer::vector Weights; std::unordered_set Hashes; - std::vector Inputs; + fuzzer::vector Inputs; size_t NumAddedFeatures = 0; size_t NumUpdatedFeatures = 0; Index: lib/fuzzer/FuzzerDefs.h =================================================================== --- lib/fuzzer/FuzzerDefs.h +++ lib/fuzzer/FuzzerDefs.h @@ -18,6 +18,8 @@ #include #include #include +#include +#include // Platform detection. #ifdef __linux__ @@ -102,8 +104,19 @@ // Global interface to functions that may or may not be available. extern ExternalFunctions *EF; -typedef std::vector Unit; -typedef std::vector UnitVector; +// We are using a custom allocator to give a different symbol name to STL +// containers in order to avoid ODR violations. +template +class fuzzer_allocator: public std::allocator {}; + +template +using vector = std::vector>; + +template +using set = std::set, fuzzer_allocator>; + +typedef fuzzer::vector Unit; +typedef fuzzer::vector UnitVector; typedef int (*UserCallback)(const uint8_t *Data, size_t Size); int FuzzerDriver(int *argc, char ***argv, UserCallback Callback); @@ -127,6 +140,7 @@ uint64_t *ClangCountersEnd(); void ClearClangCounters(); + } // namespace fuzzer #endif // LLVM_FUZZER_DEFS_H Index: lib/fuzzer/FuzzerDictionary.h =================================================================== --- lib/fuzzer/FuzzerDictionary.h +++ lib/fuzzer/FuzzerDictionary.h @@ -120,7 +120,7 @@ bool ParseOneDictionaryEntry(const std::string &Str, Unit *U); // Parses the dictionary file, fills Units, returns true iff all lines // were parsed succesfully. -bool ParseDictionaryFile(const std::string &Text, std::vector *Units); +bool ParseDictionaryFile(const std::string &Text, fuzzer::vector *Units); } // namespace fuzzer Index: lib/fuzzer/FuzzerDriver.cpp =================================================================== --- lib/fuzzer/FuzzerDriver.cpp +++ lib/fuzzer/FuzzerDriver.cpp @@ -74,7 +74,7 @@ static const size_t kNumFlags = sizeof(FlagDescriptions) / sizeof(FlagDescriptions[0]); -static std::vector *Inputs; +static fuzzer::vector *Inputs; static std::string *ProgName; static void PrintHelp() { @@ -175,7 +175,7 @@ } // We don't use any library to minimize dependencies. -static void ParseFlags(const std::vector &Args) { +static void ParseFlags(const fuzzer::vector &Args) { for (size_t F = 0; F < kNumFlags; F++) { if (FlagDescriptions[F].IntFlag) *FlagDescriptions[F].IntFlag = FlagDescriptions[F].Default; @@ -185,7 +185,7 @@ if (FlagDescriptions[F].StrFlag) *FlagDescriptions[F].StrFlag = nullptr; } - Inputs = new std::vector; + Inputs = new fuzzer::vector; for (size_t A = 1; A < Args.size(); A++) { if (ParseOneFlag(Args[A].c_str())) { if (Flags.ignore_remaining_args) @@ -225,7 +225,7 @@ } } -std::string CloneArgsWithoutX(const std::vector &Args, +std::string CloneArgsWithoutX(const fuzzer::vector &Args, const char *X1, const char *X2) { std::string Cmd; for (auto &S : Args) { @@ -236,12 +236,12 @@ return Cmd; } -static int RunInMultipleProcesses(const std::vector &Args, +static int RunInMultipleProcesses(const fuzzer::vector &Args, unsigned NumWorkers, unsigned NumJobs) { std::atomic Counter(0); std::atomic HasErrors(false); std::string Cmd = CloneArgsWithoutX(Args, "jobs", "workers"); - std::vector V; + fuzzer::vector V; std::thread Pulse(PulseThread); Pulse.detach(); for (unsigned i = 0; i < NumWorkers; i++) @@ -294,7 +294,7 @@ return S.substr(Beg, End - Beg); } -int CleanseCrashInput(const std::vector &Args, +int CleanseCrashInput(const fuzzer::vector &Args, const FuzzingOptions &Options) { if (Inputs->size() != 1 || !Flags.exact_artifact_path) { Printf("ERROR: -cleanse_crash should be given one input file and" @@ -322,7 +322,7 @@ auto U = FileToVector(CurrentFilePath); size_t Size = U.size(); - const std::vector ReplacementBytes = {' ', 0xff}; + const fuzzer::vector ReplacementBytes = {' ', 0xff}; for (int NumAttempts = 0; NumAttempts < 5; NumAttempts++) { bool Changed = false; for (size_t Idx = 0; Idx < Size; Idx++) { @@ -354,7 +354,7 @@ return 0; } -int MinimizeCrashInput(const std::vector &Args, +int MinimizeCrashInput(const fuzzer::vector &Args, const FuzzingOptions &Options) { if (Inputs->size() != 1) { Printf("ERROR: -minimize_crash should be given one input file\n"); @@ -456,17 +456,17 @@ return 0; } -int AnalyzeDictionary(Fuzzer *F, const std::vector& Dict, +int AnalyzeDictionary(Fuzzer *F, const fuzzer::vector& Dict, UnitVector& Corpus) { Printf("Started dictionary minimization (up to %d tests)\n", Dict.size() * Corpus.size() * 2); // Scores and usage count for each dictionary unit. - std::vector Scores(Dict.size()); - std::vector Usages(Dict.size()); + fuzzer::vector Scores(Dict.size()); + fuzzer::vector Usages(Dict.size()); - std::vector InitialFeatures; - std::vector ModifiedFeatures; + fuzzer::vector InitialFeatures; + fuzzer::vector ModifiedFeatures; for (auto &C : Corpus) { // Get coverage for the testcase without modifications. F->ExecuteCallback(C.data(), C.size()); @@ -531,7 +531,7 @@ EF = new ExternalFunctions(); if (EF->LLVMFuzzerInitialize) EF->LLVMFuzzerInitialize(argc, argv); - const std::vector Args(*argv, *argv + *argc); + const fuzzer::vector Args(*argv, *argv + *argc); assert(!Args.empty()); ProgName = new std::string(Args[0]); if (Argv0 != *ProgName) { @@ -593,7 +593,7 @@ Options.ArtifactPrefix = Flags.artifact_prefix; if (Flags.exact_artifact_path) Options.ExactArtifactPath = Flags.exact_artifact_path; - std::vector Dictionary; + fuzzer::vector Dictionary; if (Flags.dict) if (!ParseDictionaryFile(FileToString(Flags.dict), &Dictionary)) return 1; Index: lib/fuzzer/FuzzerIO.h =================================================================== --- lib/fuzzer/FuzzerIO.h +++ lib/fuzzer/FuzzerIO.h @@ -27,7 +27,7 @@ void WriteToFile(const Unit &U, const std::string &Path); -void ReadDirToVectorOfUnits(const char *Path, std::vector *V, +void ReadDirToVectorOfUnits(const char *Path, fuzzer::vector *V, long *Epoch, size_t MaxSize, bool ExitOnError); // Returns "Dir/FileName" or equivalent for the current OS. @@ -55,7 +55,7 @@ bool IsFile(const std::string &Path); void ListFilesInDirRecursive(const std::string &Dir, long *Epoch, - std::vector *V, bool TopDir); + fuzzer::vector *V, bool TopDir); char GetSeparator(); Index: lib/fuzzer/FuzzerIO.cpp =================================================================== --- lib/fuzzer/FuzzerIO.cpp +++ lib/fuzzer/FuzzerIO.cpp @@ -68,10 +68,10 @@ fclose(Out); } -void ReadDirToVectorOfUnits(const char *Path, std::vector *V, +void ReadDirToVectorOfUnits(const char *Path, fuzzer::vector *V, long *Epoch, size_t MaxSize, bool ExitOnError) { long E = Epoch ? *Epoch : 0; - std::vector Files; + fuzzer::vector Files; ListFilesInDirRecursive(Path, Epoch, &Files, /*TopDir*/true); size_t NumLoaded = 0; for (size_t i = 0; i < Files.size(); i++) { Index: lib/fuzzer/FuzzerIOPosix.cpp =================================================================== --- lib/fuzzer/FuzzerIOPosix.cpp +++ lib/fuzzer/FuzzerIOPosix.cpp @@ -33,7 +33,7 @@ } void ListFilesInDirRecursive(const std::string &Dir, long *Epoch, - std::vector *V, bool TopDir) { + fuzzer::vector *V, bool TopDir) { auto E = GetEpoch(Dir); if (Epoch) if (E && *Epoch >= E) return; Index: lib/fuzzer/FuzzerIOWindows.cpp =================================================================== --- lib/fuzzer/FuzzerIOWindows.cpp +++ lib/fuzzer/FuzzerIOWindows.cpp @@ -73,7 +73,7 @@ } void ListFilesInDirRecursive(const std::string &Dir, long *Epoch, - std::vector *V, bool TopDir) { + fuzzer::vector *V, bool TopDir) { auto E = GetEpoch(Dir); if (Epoch) if (E && *Epoch >= E) return; Index: lib/fuzzer/FuzzerInternal.h =================================================================== --- lib/fuzzer/FuzzerInternal.h +++ lib/fuzzer/FuzzerInternal.h @@ -69,9 +69,9 @@ InputInfo *II = nullptr); // Merge Corpora[1:] into Corpora[0]. - void Merge(const std::vector &Corpora); - void CrashResistantMerge(const std::vector &Args, - const std::vector &Corpora, + void Merge(const fuzzer::vector &Corpora); + void CrashResistantMerge(const fuzzer::vector &Args, + const fuzzer::vector &Corpora, const char *CoverageSummaryInputPathOrNull, const char *CoverageSummaryOutputPathOrNull); void CrashResistantMergeInternalStep(const std::string &ControlFilePath); @@ -139,7 +139,7 @@ size_t MaxMutationLen = 0; size_t TmpMaxMutationLen = 0; - std::vector UniqFeatureSetTmp; + fuzzer::vector UniqFeatureSetTmp; // Need to know our own thread. static thread_local bool IsMyThread; Index: lib/fuzzer/FuzzerLoop.cpp =================================================================== --- lib/fuzzer/FuzzerLoop.cpp +++ lib/fuzzer/FuzzerLoop.cpp @@ -350,7 +350,7 @@ void Fuzzer::RereadOutputCorpus(size_t MaxSize) { if (Options.OutputCorpus.empty() || !Options.ReloadIntervalSec) return; - std::vector AdditionalCorpus; + fuzzer::vector AdditionalCorpus; ReadDirToVectorOfUnits(Options.OutputCorpus.c_str(), &AdditionalCorpus, &EpochOfLastReadOfOutputCorpus, MaxSize, /*ExitOnError*/ false); Index: lib/fuzzer/FuzzerMerge.h =================================================================== --- lib/fuzzer/FuzzerMerge.h +++ lib/fuzzer/FuzzerMerge.h @@ -52,11 +52,11 @@ struct MergeFileInfo { std::string Name; size_t Size = 0; - std::vector Features; + fuzzer::vector Features; }; struct Merger { - std::vector Files; + fuzzer::vector Files; size_t NumFilesInFirstCorpus = 0; size_t FirstNotProcessedFile = 0; std::string LastFailure; @@ -67,8 +67,8 @@ void PrintSummary(std::ostream &OS); std::set ParseSummary(std::istream &IS); size_t Merge(const std::set &InitialFeatures, - std::vector *NewFiles); - size_t Merge(std::vector *NewFiles) { + fuzzer::vector *NewFiles); + size_t Merge(fuzzer::vector *NewFiles) { return Merge(std::set{}, NewFiles); } size_t ApproximateMemoryConsumption() const; Index: lib/fuzzer/FuzzerMerge.cpp =================================================================== --- lib/fuzzer/FuzzerMerge.cpp +++ lib/fuzzer/FuzzerMerge.cpp @@ -74,7 +74,7 @@ size_t ExpectedStartMarker = 0; const size_t kInvalidStartMarker = -1; size_t LastSeenStartMarker = kInvalidStartMarker; - std::vector TmpFeatures; + fuzzer::vector TmpFeatures; while (std::getline(IS, Line, '\n')) { std::istringstream ISS1(Line); std::string Marker; @@ -123,7 +123,7 @@ // Decides which files need to be merged (add thost to NewFiles). // Returns the number of new features added. size_t Merger::Merge(const std::set &InitialFeatures, - std::vector *NewFiles) { + fuzzer::vector *NewFiles) { NewFiles->clear(); assert(NumFilesInFirstCorpus <= Files.size()); std::set AllFeatures(InitialFeatures); @@ -138,7 +138,7 @@ // Remove all features that we already know from all other inputs. for (size_t i = NumFilesInFirstCorpus; i < Files.size(); i++) { auto &Cur = Files[i].Features; - std::vector Tmp; + fuzzer::vector Tmp; std::set_difference(Cur.begin(), Cur.end(), AllFeatures.begin(), AllFeatures.end(), std::inserter(Tmp, Tmp.begin())); Cur.swap(Tmp); @@ -252,15 +252,15 @@ } // Outer process. Does not call the target code and thus sohuld not fail. -void Fuzzer::CrashResistantMerge(const std::vector &Args, - const std::vector &Corpora, +void Fuzzer::CrashResistantMerge(const fuzzer::vector &Args, + const fuzzer::vector &Corpora, const char *CoverageSummaryInputPathOrNull, const char *CoverageSummaryOutputPathOrNull) { if (Corpora.size() <= 1) { Printf("Merge requires two or more corpus dirs\n"); return; } - std::vector AllFiles; + fuzzer::vector AllFiles; ListFilesInDirRecursive(Corpora[0], nullptr, &AllFiles, /*TopDir*/true); size_t NumFilesInFirstCorpus = AllFiles.size(); for (size_t i = 1; i < Corpora.size(); i++) @@ -318,7 +318,7 @@ std::ofstream SummaryOut(CoverageSummaryOutputPathOrNull); M.PrintSummary(SummaryOut); } - std::vector NewFiles; + fuzzer::vector NewFiles; std::set InitialFeatures; if (CoverageSummaryInputPathOrNull) { std::ifstream SummaryIn(CoverageSummaryInputPathOrNull); Index: lib/fuzzer/FuzzerMutate.h =================================================================== --- lib/fuzzer/FuzzerMutate.h +++ lib/fuzzer/FuzzerMutate.h @@ -96,7 +96,7 @@ size_t AddWordFromDictionary(Dictionary &D, uint8_t *Data, size_t Size, size_t MaxSize); size_t MutateImpl(uint8_t *Data, size_t Size, size_t MaxSize, - const std::vector &Mutators); + const fuzzer::vector &Mutators); size_t InsertPartOf(const uint8_t *From, size_t FromSize, uint8_t *To, size_t ToSize, size_t MaxToSize); @@ -128,21 +128,21 @@ // entries that led to successfull discoveries in the past mutations. Dictionary PersistentAutoDictionary; - std::vector CurrentMutatorSequence; - std::vector CurrentDictionaryEntrySequence; + fuzzer::vector CurrentMutatorSequence; + fuzzer::vector CurrentDictionaryEntrySequence; static const size_t kCmpDictionaryEntriesDequeSize = 16; DictionaryEntry CmpDictionaryEntriesDeque[kCmpDictionaryEntriesDequeSize]; size_t CmpDictionaryEntriesDequeIdx = 0; const InputCorpus *Corpus = nullptr; - std::vector MutateInPlaceHere; + fuzzer::vector MutateInPlaceHere; // CustomCrossOver needs its own buffer as a custom implementation may call // LLVMFuzzerMutate, which in turn may resize MutateInPlaceHere. - std::vector CustomCrossOverInPlaceHere; + fuzzer::vector CustomCrossOverInPlaceHere; - std::vector Mutators; - std::vector DefaultMutators; + fuzzer::vector Mutators; + fuzzer::vector DefaultMutators; }; } // namespace fuzzer Index: lib/fuzzer/FuzzerMutate.cpp =================================================================== --- lib/fuzzer/FuzzerMutate.cpp +++ lib/fuzzer/FuzzerMutate.cpp @@ -466,7 +466,7 @@ } void MutationDispatcher::PrintRecommendedDictionary() { - std::vector V; + fuzzer::vector V; for (auto &DE : PersistentAutoDictionary) if (!ManualDictionary.ContainsWord(DE.GetW())) V.push_back(DE); @@ -506,7 +506,7 @@ // Mutates Data in place, returns new size. size_t MutationDispatcher::MutateImpl(uint8_t *Data, size_t Size, size_t MaxSize, - const std::vector &Mutators) { + const fuzzer::vector &Mutators) { assert(MaxSize > 0); // Some mutations may fail (e.g. can't insert more bytes if Size == MaxSize), // in which case they will return 0. Index: lib/fuzzer/FuzzerTracePC.cpp =================================================================== --- lib/fuzzer/FuzzerTracePC.cpp +++ lib/fuzzer/FuzzerTracePC.cpp @@ -262,7 +262,7 @@ void TracePC::DumpCoverage() { if (EF->__sanitizer_dump_coverage) { - std::vector PCsCopy(GetNumPCs()); + fuzzer::vector PCsCopy(GetNumPCs()); for (size_t i = 0; i < GetNumPCs(); i++) PCsCopy[i] = PCs()[i] ? GetPreviousInstructionPc(PCs()[i]) : 0; EF->__sanitizer_dump_coverage(PCsCopy.data(), PCsCopy.size()); Index: lib/fuzzer/FuzzerUtil.h =================================================================== --- lib/fuzzer/FuzzerUtil.h +++ lib/fuzzer/FuzzerUtil.h @@ -57,10 +57,10 @@ const void *SearchMemory(const void *haystack, size_t haystacklen, const void *needle, size_t needlelen); -std::string CloneArgsWithoutX(const std::vector &Args, +std::string CloneArgsWithoutX(const fuzzer::vector &Args, const char *X1, const char *X2); -inline std::string CloneArgsWithoutX(const std::vector &Args, +inline std::string CloneArgsWithoutX(const fuzzer::vector &Args, const char *X) { return CloneArgsWithoutX(Args, X, X); } Index: lib/fuzzer/FuzzerUtil.cpp =================================================================== --- lib/fuzzer/FuzzerUtil.cpp +++ lib/fuzzer/FuzzerUtil.cpp @@ -124,7 +124,7 @@ return true; } -bool ParseDictionaryFile(const std::string &Text, std::vector *Units) { +bool ParseDictionaryFile(const std::string &Text, fuzzer::vector *Units) { if (Text.empty()) { Printf("ParseDictionaryFile: file does not exist or is empty\n"); return false; Index: lib/fuzzer/tests/FuzzerUnittest.cpp =================================================================== --- lib/fuzzer/tests/FuzzerUnittest.cpp +++ lib/fuzzer/tests/FuzzerUnittest.cpp @@ -526,7 +526,7 @@ } TEST(FuzzerDictionary, ParseDictionaryFile) { - std::vector Units; + fuzzer::vector Units; EXPECT_FALSE(ParseDictionaryFile("zzz\n", &Units)); EXPECT_FALSE(ParseDictionaryFile("", &Units)); EXPECT_TRUE(ParseDictionaryFile("\n", &Units)); @@ -538,11 +538,11 @@ EXPECT_TRUE(ParseDictionaryFile(" #zzzz\n", &Units)); EXPECT_EQ(Units.size(), 0U); EXPECT_TRUE(ParseDictionaryFile(" #zzzz\naaa=\"aa\"", &Units)); - EXPECT_EQ(Units, std::vector({Unit({'a', 'a'})})); + EXPECT_EQ(Units, fuzzer::vector({Unit({'a', 'a'})})); EXPECT_TRUE( ParseDictionaryFile(" #zzzz\naaa=\"aa\"\n\nabc=\"abc\"", &Units)); EXPECT_EQ(Units, - std::vector({Unit({'a', 'a'}), Unit({'a', 'b', 'c'})})); + fuzzer::vector({Unit({'a', 'a'}), Unit({'a', 'b', 'c'})})); } TEST(FuzzerUtil, Base64) { @@ -566,7 +566,7 @@ for (size_t i = 0; i < N; i++) C->AddToCorpus(Unit{ static_cast(i) }, 1, false, {}); - std::vector Hist(N); + fuzzer::vector Hist(N); for (size_t i = 0; i < N * TriesPerUnit; i++) { Hist[C->ChooseUnitIdxToMutate(Rand)]++; } @@ -596,21 +596,21 @@ } } -void EQ(const std::vector &A, const std::vector &B) { +void EQ(const fuzzer::vector &A, const fuzzer::vector &B) { EXPECT_EQ(A, B); } -void EQ(const std::vector &A, const std::vector &B) { +void EQ(const fuzzer::vector &A, const fuzzer::vector &B) { std::set a(A.begin(), A.end()); std::set b(B.begin(), B.end()); EXPECT_EQ(a, b); } static void Merge(const std::string &Input, - const std::vector Result, + const fuzzer::vector Result, size_t NumNewFeatures) { Merger M; - std::vector NewFiles; + fuzzer::vector NewFiles; EXPECT_TRUE(M.Parse(Input, true)); std::stringstream SS; M.PrintSummary(SS); @@ -658,7 +658,7 @@ EQ(M.Files[1].Features, {4, 5, 6}); - std::vector NewFiles; + fuzzer::vector NewFiles; EXPECT_TRUE(M.Parse("3\n2\nAA\nBB\nC\n" "STARTED 0 1000\nDONE 0 1 2 3\n" @@ -739,7 +739,7 @@ 0, 0, 0, 0, 0, 0, 0, 8, 9, 9, 9, 9, 9, 9, 9, 9, }; - typedef std::vector > Vec; + typedef fuzzer::vector > Vec; Vec Res, Expected; auto CB = [&](size_t FirstFeature, size_t Idx, uint8_t V) { Res.push_back({FirstFeature + Idx, V}); Index: test/fuzzer/VectorTest.cpp =================================================================== --- /dev/null +++ test/fuzzer/VectorTest.cpp @@ -0,0 +1,8 @@ +#include + +#include + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* buffer, size_t length) { + std::vector bb(100 * 10); + return 0; +} Index: test/fuzzer/VectorTest.test =================================================================== --- /dev/null +++ test/fuzzer/VectorTest.test @@ -0,0 +1,4 @@ +RUN: %cpp_compiler %S/VectorTest.cpp -o %t + +// Test that no spurious errors are thrown. +RUN: %t -runs=100