Changeset View
Changeset View
Standalone View
Standalone View
compiler-rt/lib/fuzzer/FuzzerLoop.cpp
| Show First 20 Lines • Show All 469 Lines • ▼ Show 20 Lines | bool Fuzzer::RunOne(const uint8_t *Data, size_t Size, bool MayDeleteFile, | ||||
| ExecuteCallback(Data, Size); | ExecuteCallback(Data, Size); | ||||
| UniqFeatureSetTmp.clear(); | UniqFeatureSetTmp.clear(); | ||||
| size_t FoundUniqFeaturesOfII = 0; | size_t FoundUniqFeaturesOfII = 0; | ||||
| size_t NumUpdatesBefore = Corpus.NumFeatureUpdates(); | size_t NumUpdatesBefore = Corpus.NumFeatureUpdates(); | ||||
| TPC.CollectFeatures([&](size_t Feature) { | TPC.CollectFeatures([&](size_t Feature) { | ||||
| if (Corpus.AddFeature(Feature, Size, Options.Shrink)) | if (Corpus.AddFeature(Feature, Size, Options.Shrink)) | ||||
| UniqFeatureSetTmp.push_back(Feature); | UniqFeatureSetTmp.push_back(Feature); | ||||
| if (Options.Entropic) | |||||
| Corpus.UpdateFeatureFrequency(II, Feature); | |||||
| if (Options.ReduceInputs && II) | if (Options.ReduceInputs && II) | ||||
| if (std::binary_search(II->UniqFeatureSet.begin(), | if (std::binary_search(II->UniqFeatureSet.begin(), | ||||
| II->UniqFeatureSet.end(), Feature)) | II->UniqFeatureSet.end(), Feature)) | ||||
| FoundUniqFeaturesOfII++; | FoundUniqFeaturesOfII++; | ||||
| }); | }); | ||||
| if (FoundUniqFeatures) | if (FoundUniqFeatures) | ||||
| *FoundUniqFeatures = FoundUniqFeaturesOfII; | *FoundUniqFeatures = FoundUniqFeaturesOfII; | ||||
| PrintPulseAndReportSlowInput(Data, Size); | PrintPulseAndReportSlowInput(Data, Size); | ||||
| ▲ Show 20 Lines • Show All 111 Lines • ▼ Show 20 Lines | void Fuzzer::PrintStatusForNewUnit(const Unit &U, const char *Text) { | ||||
| PrintStats(Text, ""); | PrintStats(Text, ""); | ||||
| if (Options.Verbosity) { | if (Options.Verbosity) { | ||||
| Printf(" L: %zd/%zd ", U.size(), Corpus.MaxInputSize()); | Printf(" L: %zd/%zd ", U.size(), Corpus.MaxInputSize()); | ||||
| MD.PrintMutationSequence(); | MD.PrintMutationSequence(); | ||||
| Printf("\n"); | Printf("\n"); | ||||
| } | } | ||||
| } | } | ||||
| void Fuzzer::ReportNewCoverage(InputInfo *II, const Unit &U) { | void Fuzzer::ReportNewCoverage(InputInfo *II, const Unit &U) { | ||||
kcc: do you need this change? | |||||
Unrelated. This is just fixing a problem where LibFuzzer prints REDUCE more often than it should. marcel: Unrelated. This is just fixing a problem where LibFuzzer prints REDUCE more often than it… | |||||
I'd prefer to not mix unrelated changes in one diff -- makes the code review quadratic. kcc: I'd prefer to not mix unrelated changes in one diff -- makes the code review quadratic.
Please… | |||||
| II->NumSuccessfullMutations++; | II->NumSuccessfullMutations++; | ||||
| MD.RecordSuccessfulMutationSequence(); | MD.RecordSuccessfulMutationSequence(); | ||||
| PrintStatusForNewUnit(U, II->Reduced ? "REDUCE" : "NEW "); | PrintStatusForNewUnit(U, II->Reduced ? "REDUCE" : "NEW "); | ||||
| WriteToOutputCorpus(U); | WriteToOutputCorpus(U); | ||||
| NumberOfNewUnitsAdded++; | NumberOfNewUnitsAdded++; | ||||
| CheckExitOnSrcPosOrItem(); // Check only after the unit is saved to corpus. | CheckExitOnSrcPosOrItem(); // Check only after the unit is saved to corpus. | ||||
| LastCorpusUpdateRun = TotalNumberOfRuns; | LastCorpusUpdateRun = TotalNumberOfRuns; | ||||
| } | } | ||||
| ▲ Show 20 Lines • Show All 58 Lines • ▼ Show 20 Lines | void Fuzzer::MutateAndTestOne() { | ||||
| assert(MaxMutationLen > 0); | assert(MaxMutationLen > 0); | ||||
| size_t CurrentMaxMutationLen = | size_t CurrentMaxMutationLen = | ||||
| Min(MaxMutationLen, Max(U.size(), TmpMaxMutationLen)); | Min(MaxMutationLen, Max(U.size(), TmpMaxMutationLen)); | ||||
| assert(CurrentMaxMutationLen > 0); | assert(CurrentMaxMutationLen > 0); | ||||
| for (int i = 0; i < Options.MutateDepth; i++) { | for (int i = 0; i < Options.MutateDepth; i++) { | ||||
| if (TotalNumberOfRuns >= Options.MaxNumberOfRuns) | if (TotalNumberOfRuns >= Options.MaxNumberOfRuns) | ||||
Not Done ReplyInline Actionsfor consistency, please use the C++ interface for getting current time (as elsewhere in the code). kcc: for consistency, please use the C++ interface for getting current time (as elsewhere in the… | |||||
| break; | break; | ||||
| MaybeExitGracefully(); | MaybeExitGracefully(); | ||||
| size_t NewSize = 0; | size_t NewSize = 0; | ||||
| if (II.HasFocusFunction && !II.DataFlowTraceForFocusFunction.empty() && | if (II.HasFocusFunction && !II.DataFlowTraceForFocusFunction.empty() && | ||||
| Size <= CurrentMaxMutationLen) | Size <= CurrentMaxMutationLen) | ||||
| NewSize = MD.MutateWithMask(CurrentUnitData, Size, Size, | NewSize = MD.MutateWithMask(CurrentUnitData, Size, Size, | ||||
| II.DataFlowTraceForFocusFunction); | II.DataFlowTraceForFocusFunction); | ||||
| // If MutateWithMask either failed or wasn't called, call default Mutate. | // If MutateWithMask either failed or wasn't called, call default Mutate. | ||||
| if (!NewSize) | if (!NewSize) | ||||
| NewSize = MD.Mutate(CurrentUnitData, Size, CurrentMaxMutationLen); | NewSize = MD.Mutate(CurrentUnitData, Size, CurrentMaxMutationLen); | ||||
| assert(NewSize > 0 && "Mutator returned empty unit"); | assert(NewSize > 0 && "Mutator returned empty unit"); | ||||
| assert(NewSize <= CurrentMaxMutationLen && "Mutator return oversized unit"); | assert(NewSize <= CurrentMaxMutationLen && "Mutator return oversized unit"); | ||||
| Size = NewSize; | Size = NewSize; | ||||
| II.NumExecutedMutations++; | II.NumExecutedMutations++; | ||||
| Corpus.NumExecutedMutations++; | |||||
| bool FoundUniqFeatures = false; | bool FoundUniqFeatures = false; | ||||
| bool NewCov = RunOne(CurrentUnitData, Size, /*MayDeleteFile=*/true, &II, | bool NewCov = RunOne(CurrentUnitData, Size, /*MayDeleteFile=*/true, &II, | ||||
| &FoundUniqFeatures); | &FoundUniqFeatures); | ||||
| TryDetectingAMemoryLeak(CurrentUnitData, Size, | TryDetectingAMemoryLeak(CurrentUnitData, Size, | ||||
| /*DuringInitialCorpusExecution*/ false); | /*DuringInitialCorpusExecution*/ false); | ||||
| if (NewCov) { | if (NewCov) { | ||||
| ReportNewCoverage(&II, {CurrentUnitData, CurrentUnitData + Size}); | ReportNewCoverage(&II, {CurrentUnitData, CurrentUnitData + Size}); | ||||
| break; // We will mutate this input more in the next rounds. | break; // We will mutate this input more in the next rounds. | ||||
| } | } | ||||
| if (Options.ReduceDepth && !FoundUniqFeatures) | if (Options.ReduceDepth && !FoundUniqFeatures) | ||||
| break; | break; | ||||
| } | } | ||||
| II.NeedsUpdate = true; | |||||
does it always need update, even when new coverage wasn't observed? Dor1s: does it always need update, even when new coverage wasn't observed? | |||||
For II, the local feature frequencies have changed. So we schedule an update. However, it will only be updated when the distribution needs an update, and we do not set DistributionNeedsUpdate here. marcel: For II, the local feature frequencies have changed. So we schedule an update. However, it will… | |||||
| } | } | ||||
| void Fuzzer::PurgeAllocator() { | void Fuzzer::PurgeAllocator() { | ||||
| if (Options.PurgeAllocatorIntervalSec < 0 || !EF->__sanitizer_purge_allocator) | if (Options.PurgeAllocatorIntervalSec < 0 || !EF->__sanitizer_purge_allocator) | ||||
| return; | return; | ||||
| if (duration_cast<seconds>(system_clock::now() - | if (duration_cast<seconds>(system_clock::now() - | ||||
| LastAllocatorPurgeAttemptTime) | LastAllocatorPurgeAttemptTime) | ||||
| .count() < Options.PurgeAllocatorIntervalSec) | .count() < Options.PurgeAllocatorIntervalSec) | ||||
| ▲ Show 20 Lines • Show All 152 Lines • Show Last 20 Lines | |||||
do you need this change?