[libFuzzer] refactoring in preparation for -reduce_inputs; NFC intended

llvm-svn: 307857
author: Kostya Serebryany <kcc@google.com> 2017-07-12 22:20:04 +0000
committer: Kostya Serebryany <kcc@google.com> 2017-07-12 22:20:04 +0000
commit: 1e99d543d232100607418c061edfc249ae310d23 (patch)
tree: 286ed7be7f37225de61f1e2f6329fdd35f543c9a /llvm/lib/Fuzzer/FuzzerLoop.cpp
parent: cc24851da6b32631746e208789783a71b76457a6 (diff)
download: bcm5719-llvm-1e99d543d232100607418c061edfc249ae310d23.tar.gz
bcm5719-llvm-1e99d543d232100607418c061edfc249ae310d23.zip
1 files changed, 29 insertions, 27 deletions
diff --git a/llvm/lib/Fuzzer/FuzzerLoop.cpp b/llvm/lib/Fuzzer/FuzzerLoop.cpp
index fbf18357ede..88ec844ab44 100644
--- a/llvm/lib/Fuzzer/FuzzerLoop.cpp
+++ b/llvm/lib/Fuzzer/FuzzerLoop.cpp
@@ -348,11 +348,8 @@ void Fuzzer::RereadOutputCorpus(size_t MaxSize) {
     if (U.size() > MaxSize)
       U.resize(MaxSize);
     if (!Corpus.HasUnit(U)) {
-      if (size_t NumFeatures = RunOne(U)) {
-        CheckExitOnSrcPosOrItem();
-        Corpus.AddToCorpus(U, NumFeatures);
+      if (RunOne(U.data(), U.size()))
         Reloaded = true;
-      }
     }
   }
   if (Reloaded)
@@ -377,10 +374,7 @@ void Fuzzer::ShuffleAndMinimize(UnitVector *InitialCorpus) {
   ExecuteCallback(&dummy, 0);
 
   for (const auto &U : *InitialCorpus) {
-    if (size_t NumFeatures = RunOne(U)) {
-      CheckExitOnSrcPosOrItem();
-      Corpus.AddToCorpus(U, NumFeatures);
-    }
+    RunOne(U.data(), U.size());
     TryDetectingAMemoryLeak(U.data(), U.size(),
                             /*DuringInitialCorpusExecution*/ true);
   }
@@ -392,18 +386,7 @@ void Fuzzer::ShuffleAndMinimize(UnitVector *InitialCorpus) {
   }
 }
 
-size_t Fuzzer::RunOne(const uint8_t *Data, size_t Size) {
-  if (!Size) return 0;
-  TotalNumberOfRuns++;
-
-  ExecuteCallback(Data, Size);
-
-  size_t NumUpdatesBefore = Corpus.NumFeatureUpdates();
-  TPC.CollectFeatures([&](size_t Feature) {
-    Corpus.AddFeature(Feature, Size, Options.Shrink);
-  });
-  size_t NumUpdatesAfter = Corpus.NumFeatureUpdates();
-
+void Fuzzer::PrintPulseAndReportSlowInput(const uint8_t *Data, size_t Size) {
   auto TimeOfUnit =
       duration_cast<seconds>(UnitStopTime - UnitStartTime).count();
   if (!(TotalNumberOfRuns & (TotalNumberOfRuns - 1)) &&
@@ -415,7 +398,27 @@ size_t Fuzzer::RunOne(const uint8_t *Data, size_t Size) {
     Printf("Slowest unit: %zd s:\n", TimeOfLongestUnitInSeconds);
     WriteUnitToFileWithPrefix({Data, Data + Size}, "slow-unit-");
   }
-  return NumUpdatesAfter - NumUpdatesBefore;
+}
+
+bool Fuzzer::RunOne(const uint8_t *Data, size_t Size, bool MayDeleteFile) {
+  if (!Size) return false;
+
+  ExecuteCallback(Data, Size);
+
+  FeatureSetTmp.clear();
+  size_t NumUpdatesBefore = Corpus.NumFeatureUpdates();
+  TPC.CollectFeatures([&](size_t Feature) {
+    Corpus.AddFeature(Feature, Size, Options.Shrink);
+    if (Options.ReduceInputs)
+      FeatureSetTmp.push_back(Feature);
+  });
+  PrintPulseAndReportSlowInput(Data, Size);
+  size_t NumNewFeatures = Corpus.NumFeatureUpdates() - NumUpdatesBefore;
+  if (NumNewFeatures) {
+    CheckExitOnSrcPosOrItem();
+    Corpus.AddToCorpus({Data, Data + Size}, NumNewFeatures, MayDeleteFile);
+  }
+  return NumNewFeatures > 0;
 }
 
 size_t Fuzzer::GetCurrentUnitInFuzzingThead(const uint8_t **Data) const {
@@ -443,6 +446,7 @@ static bool LooseMemeq(const uint8_t *A, const uint8_t *B, size_t Size) {
 }
 
 void Fuzzer::ExecuteCallback(const uint8_t *Data, size_t Size) {
+  TotalNumberOfRuns++;
   assert(InFuzzingThread());
   if (SMR.IsClient())
     SMR.WriteByteArray(Data, Size);
@@ -595,12 +599,9 @@ void Fuzzer::MutateAndTestOne() {
     if (i == 0)
       StartTraceRecording();
     II.NumExecutedMutations++;
-    if (size_t NumFeatures = RunOne(CurrentUnitData, Size)) {
-      Corpus.AddToCorpus({CurrentUnitData, CurrentUnitData + Size}, NumFeatures,
-                         /*MayDeleteFile=*/true);
+    if (RunOne(CurrentUnitData, Size, /*MayDeleteFile=*/true))
       ReportNewCoverage(&II, {CurrentUnitData, CurrentUnitData + Size});
-      CheckExitOnSrcPosOrItem();
-    }
+
     StopTraceRecording();
     TryDetectingAMemoryLeak(CurrentUnitData, Size,
                             /*DuringInitialCorpusExecution*/ false);
@@ -638,7 +639,8 @@ void Fuzzer::MinimizeCrashLoop(const Unit &U) {
     for (int i = 0; i < Options.MutateDepth; i++) {
       size_t NewSize = MD.Mutate(CurrentUnitData, U.size(), MaxMutationLen);
       assert(NewSize > 0 && NewSize <= MaxMutationLen);
-      RunOne(CurrentUnitData, NewSize);
+      ExecuteCallback(CurrentUnitData, NewSize);
+      PrintPulseAndReportSlowInput(CurrentUnitData, NewSize);
       TryDetectingAMemoryLeak(CurrentUnitData, NewSize,
                               /*DuringInitialCorpusExecution*/ false);
     }
author	Kostya Serebryany <kcc@google.com>	2017-07-12 22:20:04 +0000
committer	Kostya Serebryany <kcc@google.com>	2017-07-12 22:20:04 +0000
commit	1e99d543d232100607418c061edfc249ae310d23 (patch)
tree	286ed7be7f37225de61f1e2f6329fdd35f543c9a /llvm/lib/Fuzzer/FuzzerLoop.cpp
parent	cc24851da6b32631746e208789783a71b76457a6 (diff)
download	bcm5719-llvm-1e99d543d232100607418c061edfc249ae310d23.tar.gz bcm5719-llvm-1e99d543d232100607418c061edfc249ae310d23.zip