This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
compiler-rt/include/fuzzer/
-
include/
-
fuzzer/
6/8
FuzzedDataProvider.h

Differential D74359

[compiler-rt] FuzzedDataProvider: add ConsumeData method.
ClosedPublic

Authored by Dor1s on Feb 10 2020, 2:25 PM.

Download Raw Diff

Details

Reviewers

metzman

Commits

rG20a604d3f5bc: [compiler-rt] FuzzedDataProvider: add ConsumeData and method.

Diff Detail

Repository

rG LLVM Github Monorepo

Build Status

Buildable 46144
Build 48427: arc lint + arc unit

Event Timeline

Dor1s created this revision.Feb 10 2020, 2:25 PM

Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptFeb 10 2020, 2:25 PM

Herald added subscribers: llvm-commits, Restricted Project, dberris. · View Herald Transcript

Harbormaster completed remote builds in B46144: Diff 243675.Feb 10 2020, 2:25 PM

Jonathan @metzman please take a look when you get a chance. I'll add the tests later. Two comments:

ConsumeMemory was requested by the users a few times and I think makes sense
hash is my own idea and I'm not sure it's a good one. What's your opinion?

Thank you!

Mostly LGTM.
What's hash for? To seed an RNG?
I'm not 100% hashing the whole array is the right way to do things but it might be better than nothing.
I guess changing this is possible but not ideal since corpus elements won't map to the same behavior if we change it to say, the last byte or something similar.

compiler-rt/include/fuzzer/FuzzedDataProvider.h
252	I think saying "Not recommended in general" is a bit weird. What's wrong with it for the intended purpose? maybe say it's the `std::hash`. When I read "the hash" my first thought was "which? md5? sha1? etc."
255	I think we need to include `<functional>` to use `std::hash` right?
256	I would guess this will be a long way off.

This revision is now accepted and ready to land.Feb 10 2020, 4:23 PM

remove hash method, rename ConsumeMemory to ConsumeData, add test

Thanks for the review. I can't think of a good application for the hash. Anything I come up with is better to be done either without hashing or even without FDP.

Removed the hash
Added test
Renamed ConsumeMemory to ConsumeData, as the former sounds a bit ambiguous (like memory consumption is more about memory being allocated, while here it's just values being copied, i.e. data)

I'm gonna rebase and commit, since there isn't much to review compared to the PS#1 (just a test).

compiler-rt/include/fuzzer/FuzzedDataProvider.h
252	yeah, this is one more argument not to add such method, deleted
255	good catch, I've also forgot `<>` for the template parameter, but anyway it's deleted now.

Dor1s retitled this revision from [compiler-rt] FuzzedDataProvider: add ConsumeMemory and hash methods. to [compiler-rt] FuzzedDataProvider: add ConsumeData method..Feb 11 2020, 1:45 PM

Harbormaster completed remote builds in B46272: Diff 243989.Feb 11 2020, 1:46 PM

still LGTM

compiler-rt/include/fuzzer/FuzzedDataProvider.h
246	Might be better not to use the same name "Consume" as other methods since this method is used a bit differently than other methods which return their value.

Closed by commit rG20a604d3f5bc: [compiler-rt] FuzzedDataProvider: add ConsumeData and method. (authored by Dor1s). · Explain WhyFeb 11 2020, 1:55 PM

This revision was automatically updated to reflect the committed changes.

Dor1s marked 2 inline comments as done.

Dor1s marked an inline comment as done.Feb 11 2020, 1:55 PM

Dor1s added inline comments.

compiler-rt/include/fuzzer/FuzzedDataProvider.h
246	Hmm... I agree it's different, but what would be a good alternative? `Copy` or `Write` are also not very intuitive as the internal pointer gets advanced and the data is in fact being consumed. Also feels like we could just get rid of the `Consume` prefix for all the methods, but it's too late now :D

metzman added inline comments.Feb 11 2020, 2:08 PM

compiler-rt/include/fuzzer/FuzzedDataProvider.h
246	Don't have an alternative. Probably best to leave as is.

Revision Contents

Path

Size

compiler-rt/

include/

fuzzer/

FuzzedDataProvider.h

33 lines

Diff 243675

compiler-rt/include/fuzzer/FuzzedDataProvider.h

Show First 20 Lines • Show All 231 Lines • ▼ Show 20 Lines	if (max > zero && min < zero && max > min + std::numeric_limits<T>::max()) {
}		}
} else {		} else {
range = max - min;		range = max - min;
}		}

return result + range * ConsumeProbability<T>();		return result + range * ConsumeProbability<T>();
}		}

		// Writes \|num_bytes\| of input data to the given destination pointer. If there
		// is not enough data left, writes all remaining bytes. Return value is the
		// number of bytes written.
		// In general, it's better to avoid using this function, but it may be useful
		// in cases when it's necessary to fill a certain buffer or object with
		// fuzzing data.
		size_t ConsumeMemory(void *destination, size_t num_bytes) {
		metzmanUnsubmitted Not Done Reply Inline Actions Might be better not to use the same name "Consume" as other methods since this method is used a bit differently than other methods which return their value. metzman: Might be better not to use the same name "Consume" as other methods since this method is used a…
		Dor1sAuthorUnsubmitted Done Reply Inline Actions Hmm... I agree it's different, but what would be a good alternative? `Copy` or `Write` are also not very intuitive as the internal pointer gets advanced and the data is in fact being consumed. Also feels like we could just get rid of the `Consume` prefix for all the methods, but it's too late now :D Dor1s: Hmm... I agree it's different, but what would be a good alternative? `Copy` or `Write` are also…
		metzmanUnsubmitted Not Done Reply Inline Actions Don't have an alternative. Probably best to leave as is. metzman: Don't have an alternative. Probably best to leave as is.
		num_bytes = std::min(num_bytes, remaining_bytes_);
		CopyAndAdvance(destination, num_bytes);
		return num_bytes;
		}

		// Returns the hash of the remaining data. Not recommended in general, but is
		metzmanUnsubmitted Done Reply Inline Actions I think saying "Not recommended in general" is a bit weird. What's wrong with it for the intended purpose? maybe say it's the `std::hash`. When I read "the hash" my first thought was "which? md5? sha1? etc." metzman: I think saying "Not recommended in general" is a bit weird. What's wrong with it for the…
		Dor1sAuthorUnsubmitted Done Reply Inline Actions yeah, this is one more argument not to add such method, deleted Dor1s: yeah, this is one more argument not to add such method, deleted
		// useful when you need a pseudo-random value that changes significantly with
		// any change in the fuzzing data.
		size_t hash() {
		metzmanUnsubmitted Done Reply Inline Actions I think we need to include `<functional>` to use `std::hash` right? metzman: I think we need to include `<functional>` to use `std::hash` right?
		Dor1sAuthorUnsubmitted Done Reply Inline Actions good catch, I've also forgot `<>` for the template parameter, but anyway it's deleted now. Dor1s: good catch, I've also forgot `<>` for the template parameter, but anyway it's deleted now.
		// TODO(Dor1s): change to `string_view` once C++17 becomes mainstream.
		metzmanUnsubmitted Done Reply Inline Actions I would guess this will be a long way off. metzman: I would guess this will be a long way off.
		std::string str(data_ptr_, remaining_bytes_);
		return std::hash(decltype(str));
		}

// Reports the remaining bytes available for fuzzed input.		// Reports the remaining bytes available for fuzzed input.
size_t remaining_bytes() { return remaining_bytes_; }		size_t remaining_bytes() { return remaining_bytes_; }

private:		private:
FuzzedDataProvider(const FuzzedDataProvider &) = delete;		FuzzedDataProvider(const FuzzedDataProvider &) = delete;
FuzzedDataProvider &operator=(const FuzzedDataProvider &) = delete;		FuzzedDataProvider &operator=(const FuzzedDataProvider &) = delete;

		void CopyAndAdvance(void *destination, size_t num_bytes) {
		std::memcpy(destination, data_ptr_, num_bytes);
		Advance(num_bytes);
		}

void Advance(size_t num_bytes) {		void Advance(size_t num_bytes) {
if (num_bytes > remaining_bytes_)		if (num_bytes > remaining_bytes_)
abort();		abort();

data_ptr_ += num_bytes;		data_ptr_ += num_bytes;
remaining_bytes_ -= num_bytes;		remaining_bytes_ -= num_bytes;
}		}

template <typename T>		template <typename T>
std::vector<T> ConsumeBytes(size_t size, size_t num_bytes_to_consume) {		std::vector<T> ConsumeBytes(size_t size, size_t num_bytes) {
static_assert(sizeof(T) == sizeof(uint8_t), "Incompatible data type.");		static_assert(sizeof(T) == sizeof(uint8_t), "Incompatible data type.");

// The point of using the size-based constructor below is to increase the		// The point of using the size-based constructor below is to increase the
// odds of having a vector object with capacity being equal to the length.		// odds of having a vector object with capacity being equal to the length.
// That part is always implementation specific, but at least both libc++ and		// That part is always implementation specific, but at least both libc++ and
// libstdc++ allocate the requested number of bytes in that constructor,		// libstdc++ allocate the requested number of bytes in that constructor,
// which seems to be a natural choice for other implementations as well.		// which seems to be a natural choice for other implementations as well.
// To increase the odds even more, we also call \|shrink_to_fit\| below.		// To increase the odds even more, we also call \|shrink_to_fit\| below.
std::vector<T> result(size);		std::vector<T> result(size);
if (size == 0) {		if (size == 0) {
if (num_bytes_to_consume != 0)		if (num_bytes != 0)
abort();		abort();
return result;		return result;
}		}

std::memcpy(result.data(), data_ptr_, num_bytes_to_consume);		CopyAndAdvance(result.data(), num_bytes);
Advance(num_bytes_to_consume);

// Even though \|shrink_to_fit\| is also implementation specific, we expect it		// Even though \|shrink_to_fit\| is also implementation specific, we expect it
// to provide an additional assurance in case vector's constructor allocated		// to provide an additional assurance in case vector's constructor allocated
// a buffer which is larger than the actual amount of data we put inside it.		// a buffer which is larger than the actual amount of data we put inside it.
result.shrink_to_fit();		result.shrink_to_fit();
return result;		return result;
}		}

Show All 24 Lines