Index: lib/fuzzer/FuzzerDefs.h =================================================================== --- lib/fuzzer/FuzzerDefs.h +++ lib/fuzzer/FuzzerDefs.h @@ -12,6 +12,7 @@ #ifndef LLVM_FUZZER_DEFS_H #define LLVM_FUZZER_DEFS_H +#include #include #include #include Index: lib/fuzzer/FuzzerMutate.h =================================================================== --- lib/fuzzer/FuzzerMutate.h +++ lib/fuzzer/FuzzerMutate.h @@ -19,6 +19,25 @@ namespace fuzzer { +typedef enum { + ManualDict, + PersAutoDict, + CMP, + ChangeAsciiInt, + ChangeBinInt, + ChangeBit, + ChangeByte, + CopyPart, + CrossOverData, + CustomCrossOver, + CustomMutation, + EraseBytes, + InsertByte, + InsertRepeatedBytes, + ShuffleBytes, + MaxNumberOfMutationTypes +} MutationType; + class MutationDispatcher { public: MutationDispatcher(Random &Rand, const FuzzingOptions &Options); @@ -157,7 +176,7 @@ {ChangeBit, "ChangeBitCount"}, {CopyPart, "CopyPartCount"}, {ChangeByte, "ChangeByteCount"}, - {CrossOver, "CrossOverCount"}, + {CrossOverData, "CrossOverCount"}, {CustomCrossOver, "CustomCrossOverCount"}, {CustomMutation, "CustomMutationCount"}, {EraseBytes, "EraseBytesCount"}, Index: lib/fuzzer/FuzzerMutate.cpp =================================================================== --- lib/fuzzer/FuzzerMutate.cpp +++ lib/fuzzer/FuzzerMutate.cpp @@ -41,7 +41,7 @@ {&MutationDispatcher::Mutate_ChangeASCIIInteger, ChangeAsciiInt}, {&MutationDispatcher::Mutate_ChangeBinaryInteger, ChangeBinInt}, {&MutationDispatcher::Mutate_CopyPart, CopyPart}, - {&MutationDispatcher::Mutate_CrossOver, CrossOver}, + {&MutationDispatcher::Mutate_CrossOver, CrossOverData}, {&MutationDispatcher::Mutate_AddWordFromManualDictionary, ManualDict}, {&MutationDispatcher::Mutate_AddWordFromPersistentAutoDictionary, @@ -69,7 +69,6 @@ size_t MutationDispatcher::Mutate_Custom(uint8_t *Data, size_t Size, size_t MaxSize) { - MStats->IncrementCount(CustomMutation, 0); return EF->LLVMFuzzerCustomMutator(Data, Size, MaxSize, Rand.Rand()); } @@ -89,7 +88,6 @@ return 0; assert(NewSize <= MaxSize && "CustomCrossOver returned overisized unit"); memcpy(Data, U.data(), NewSize); - MStats->IncrementCount(CustomCrossOver, 0); return NewSize; } @@ -101,7 +99,6 @@ size_t ShuffleStart = Rand(Size - ShuffleAmount); assert(ShuffleStart + ShuffleAmount <= Size); std::shuffle(Data + ShuffleStart, Data + ShuffleStart + ShuffleAmount, Rand); - MStats->IncrementCount(ShuffleBytes, 0); return Size; } @@ -114,7 +111,6 @@ // Erase Data[Idx:Idx+N]. memmove(Data + Idx, Data + Idx + N, Size - Idx - N); // Printf("Erase: %zd %zd => %zd; Idx %zd\n", N, Size, Size - N, Idx); - MStats->IncrementCount(EraseBytes, 0); return Size - N; } @@ -125,7 +121,6 @@ // Insert new value at Data[Idx]. memmove(Data + Idx + 1, Data + Idx, Size - Idx); Data[Idx] = RandCh(Rand); - MStats->IncrementCount(InsertByte, 0); return Size + 1; } @@ -144,7 +139,6 @@ uint8_t Byte = Rand.RandBool() ? Rand(256) : (Rand.RandBool() ? 0 : 255); for (size_t i = 0; i < N; i++) Data[Idx + i] = Byte; - MStats->IncrementCount(InsertRepeatedBytes, 0); return Size + N; } @@ -153,7 +147,6 @@ if (Size > MaxSize) return 0; size_t Idx = Rand(Size); Data[Idx] = RandCh(Rand); - MStats->IncrementCount(ChangeByte, 0); return Size; } @@ -162,14 +155,12 @@ if (Size > MaxSize) return 0; size_t Idx = Rand(Size); Data[Idx] ^= 1 << Rand(8); - MStats->IncrementCount(ChangeBit, 0); return Size; } size_t MutationDispatcher::Mutate_AddWordFromManualDictionary(uint8_t *Data, size_t Size, size_t MaxSize) { - MStats->IncrementCount(ManualDict, 0); return AddWordFromDictionary(ManualDictionary, Data, Size, MaxSize); } @@ -285,13 +276,11 @@ kCmpDictionaryEntriesDequeSize]; DERef = DE; CurrentDictionaryEntrySequence.push_back(&DERef); - MStats->IncrementCount(CMP, 0); return Size; } size_t MutationDispatcher::Mutate_AddWordFromPersistentAutoDictionary( uint8_t *Data, size_t Size, size_t MaxSize) { - MStats->IncrementCount(PersAutoDict, 0); return AddWordFromDictionary(PersistentAutoDictionary, Data, Size, MaxSize); } @@ -350,7 +339,6 @@ size_t MutationDispatcher::Mutate_CopyPart(uint8_t *Data, size_t Size, size_t MaxSize) { - MStats->IncrementCount(CopyPart, 0); if (Size > MaxSize || Size == 0) return 0; // If Size == MaxSize, `InsertPartOf(...)` will // fail so there's no point using it in this case. @@ -391,7 +379,6 @@ Data[Idx] = (Val % 10) + '0'; Val /= 10; } - MStats->IncrementCount(ChangeAsciiInt, 0); return Size; } @@ -423,7 +410,6 @@ size_t MutationDispatcher::Mutate_ChangeBinaryInteger(uint8_t *Data, size_t Size, size_t MaxSize) { - MStats->IncrementCount(ChangeBinInt, 0); if (Size > MaxSize) return 0; switch (Rand(4)) { case 3: return ChangeBinaryInteger(Data, Size, Rand); @@ -462,7 +448,6 @@ assert(NewSize > 0 && "CrossOver returned empty unit"); assert(NewSize <= MaxSize && "CrossOver returned overisized unit"); memcpy(Data, U.data(), NewSize); - MStats->IncrementCount(CrossOver, 0); return NewSize; } @@ -538,6 +523,7 @@ if (Options.OnlyASCII) ToASCII(Data, NewSize); CurrentMutatorSequence.push_back(M); + MStats->IncTotalMutationCount(M.Identifier); return NewSize; } } @@ -553,7 +539,7 @@ void MutationDispatcher::CountCurrentMutatorSequence() { for (auto M : CurrentMutatorSequence) // Increment using map look up and enum for index - MStats->IncrementCount(M.Identifier, 1); + MStats->IncUsefulMutationCount(M.Identifier); } } // namespace fuzzer Index: lib/fuzzer/FuzzerMutationStats.h =================================================================== --- lib/fuzzer/FuzzerMutationStats.h +++ lib/fuzzer/FuzzerMutationStats.h @@ -9,28 +9,10 @@ // fuzzer::MutationStats //===----------------------------------------------------------------------===// +#include "FuzzerMutate.h" namespace fuzzer { -enum MutationType { - ManualDict, - PersAutoDict, - CMP, - ChangeAsciiInt, - ChangeBinInt, - ChangeBit, - ChangeByte, - CopyPart, - CrossOver, - CustomCrossOver, - CustomMutation, - EraseBytes, - InsertByte, - InsertRepeatedBytes, - ShuffleBytes, - MaxNumberOfMutationTypes -}; - class MutationStats { public: ~MutationStats() {} Index: lib/fuzzer/FuzzerMutationStats.cpp =================================================================== --- lib/fuzzer/FuzzerMutationStats.cpp +++ lib/fuzzer/FuzzerMutationStats.cpp @@ -21,19 +21,17 @@ void MutationStats::PrintMutationCounts() { // Outputs the number of each mutation used - Printf("\nTotal Mutations ----------\n"); for (int i = 0; i < MaxNumberOfMutationTypes; i++) { - auto current = kMutationNames.find(i); + auto current = kMutationNames.find((MutationType) i); Printf("%s: %d\n", current->second.c_str(), TotalMutations.at(i)); } Printf("\nUseful Mutations ----------\n"); for (int i = 0; i < MaxNumberOfMutationTypes; i++) { - auto current = kMutationNames.find(i); + auto current = kMutationNames.find((MutationType) i); Printf("%s: %d\n", current->second.c_str(), UsefulMutations.at(i)); } - } // Updates the count of mutations (total/useful) depending on type. @@ -45,7 +43,7 @@ TotalMutations[MType]++; } -void MutationStats::IncTotalMutationCount(MutationType MType) { +void MutationStats::IncUsefulMutationCount(MutationType MType) { if ((MType < 0) || MType >= MaxNumberOfMutationTypes) return; else