summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer
diff options
context:
space:
mode:
authorKostya Serebryany <kcc@google.com>2016-02-13 17:56:51 +0000
committerKostya Serebryany <kcc@google.com>2016-02-13 17:56:51 +0000
commit8a5bef0fcfaad1bdab88c5b0206613ebcb075744 (patch)
treefe31b2599b7705418a3e072d6d1dd038308c9392 /llvm/lib/Fuzzer
parente9bf993cee2bd386bcf2b8a1ced27ebf46a6ad92 (diff)
downloadbcm5719-llvm-8a5bef0fcfaad1bdab88c5b0206613ebcb075744.tar.gz
bcm5719-llvm-8a5bef0fcfaad1bdab88c5b0206613ebcb075744.zip
[libFuzzer] remove std::vector operations from hot paths, NFC
llvm-svn: 260829
Diffstat (limited to 'llvm/lib/Fuzzer')
-rw-r--r--llvm/lib/Fuzzer/FuzzerDriver.cpp2
-rw-r--r--llvm/lib/Fuzzer/FuzzerInternal.h12
-rw-r--r--llvm/lib/Fuzzer/FuzzerLoop.cpp47
-rw-r--r--llvm/lib/Fuzzer/FuzzerMutate.cpp3
-rw-r--r--llvm/lib/Fuzzer/FuzzerUtil.cpp5
5 files changed, 38 insertions, 31 deletions
diff --git a/llvm/lib/Fuzzer/FuzzerDriver.cpp b/llvm/lib/Fuzzer/FuzzerDriver.cpp
index 92971b76bd0..2c32fed68c2 100644
--- a/llvm/lib/Fuzzer/FuzzerDriver.cpp
+++ b/llvm/lib/Fuzzer/FuzzerDriver.cpp
@@ -229,7 +229,7 @@ int RunOneTest(Fuzzer *F, const char *InputFilePath) {
Unit U = FileToVector(InputFilePath);
Unit PreciseSizedU(U);
assert(PreciseSizedU.size() == PreciseSizedU.capacity());
- F->ExecuteCallback(PreciseSizedU);
+ F->ExecuteCallback(PreciseSizedU.data(), PreciseSizedU.size());
return 0;
}
diff --git a/llvm/lib/Fuzzer/FuzzerInternal.h b/llvm/lib/Fuzzer/FuzzerInternal.h
index 466ef975fa2..8a3b936a1d7 100644
--- a/llvm/lib/Fuzzer/FuzzerInternal.h
+++ b/llvm/lib/Fuzzer/FuzzerInternal.h
@@ -93,7 +93,7 @@ void ComputeSHA1(const uint8_t *Data, size_t Len, uint8_t *Out);
// Changes U to contain only ASCII (isprint+isspace) characters.
// Returns true iff U has been changed.
-bool ToASCII(Unit &U);
+bool ToASCII(uint8_t *Data, size_t Size);
bool IsASCII(const Unit &U);
int NumberOfCpuCores();
@@ -251,6 +251,7 @@ private:
std::vector<Mutator> CurrentMutatorSequence;
std::vector<DictionaryEntry *> CurrentDictionaryEntrySequence;
const std::vector<Unit> *Corpus = nullptr;
+ std::vector<uint8_t> MutateInPlaceHere;
static Mutator Mutators[];
};
@@ -318,7 +319,7 @@ public:
static void StaticAlarmCallback();
- void ExecuteCallback(const Unit &U);
+ void ExecuteCallback(const uint8_t *Data, size_t Size);
// Merge Corpora[1:] into Corpora[0].
void Merge(const std::vector<std::string> &Corpora);
@@ -328,8 +329,9 @@ private:
void AlarmCallback();
void MutateAndTestOne();
void ReportNewCoverage(const Unit &U);
- bool RunOne(const Unit &U);
- void RunOneAndUpdateCorpus(Unit &U);
+ bool RunOne(const uint8_t *Data, size_t Size);
+ bool RunOne(const Unit &U) { return RunOne(U.data(), U.size()); }
+ void RunOneAndUpdateCorpus(uint8_t *Data, size_t Size);
void WriteToOutputCorpus(const Unit &U);
void WriteUnitToFileWithPrefix(const Unit &U, const char *Prefix);
void PrintStats(const char *Where, const char *End = "\n");
@@ -376,6 +378,8 @@ private:
return Res;
}
+ std::vector<uint8_t> MutateInPlaceHere;
+
std::piecewise_constant_distribution<double> CorpusDistribution;
UserCallback CB;
MutationDispatcher &MD;
diff --git a/llvm/lib/Fuzzer/FuzzerLoop.cpp b/llvm/lib/Fuzzer/FuzzerLoop.cpp
index ca9643892ba..78d5c61a6d4 100644
--- a/llvm/lib/Fuzzer/FuzzerLoop.cpp
+++ b/llvm/lib/Fuzzer/FuzzerLoop.cpp
@@ -208,7 +208,7 @@ void Fuzzer::ShuffleAndMinimize() {
size_t Last = std::min(First + Options.MaxLen, C.size());
U.insert(U.begin(), C.begin() + First, C.begin() + Last);
if (Options.OnlyASCII)
- ToASCII(U);
+ ToASCII(U.data(), U.size());
if (RunOne(U)) {
NewCorpus.push_back(U);
if (Options.Verbosity >= 2)
@@ -223,12 +223,12 @@ void Fuzzer::ShuffleAndMinimize() {
PrintStats("INITED");
}
-bool Fuzzer::RunOne(const Unit &U) {
+bool Fuzzer::RunOne(const uint8_t *Data, size_t Size) {
UnitStartTime = system_clock::now();
TotalNumberOfRuns++;
PrepareCoverageBeforeRun();
- ExecuteCallback(U);
+ ExecuteCallback(Data, Size);
bool Res = CheckCoverageAfterRun();
auto UnitStopTime = system_clock::now();
@@ -241,29 +241,29 @@ bool Fuzzer::RunOne(const Unit &U) {
TimeOfUnit >= Options.ReportSlowUnits) {
TimeOfLongestUnitInSeconds = TimeOfUnit;
Printf("Slowest unit: %zd s:\n", TimeOfLongestUnitInSeconds);
- WriteUnitToFileWithPrefix(U, "slow-unit-");
+ WriteUnitToFileWithPrefix({Data, Data + Size}, "slow-unit-");
}
return Res;
}
-void Fuzzer::RunOneAndUpdateCorpus(Unit &U) {
+void Fuzzer::RunOneAndUpdateCorpus(uint8_t *Data, size_t Size) {
if (TotalNumberOfRuns >= Options.MaxNumberOfRuns)
return;
if (Options.OnlyASCII)
- ToASCII(U);
- if (RunOne(U))
- ReportNewCoverage(U);
+ ToASCII(Data, Size);
+ if (RunOne(Data, Size))
+ ReportNewCoverage({Data, Data + Size});
}
-void Fuzzer::ExecuteCallback(const Unit &U) {
+void Fuzzer::ExecuteCallback(const uint8_t *Data, size_t Size) {
// We copy the contents of Unit into a separate heap buffer
// so that we reliably find buffer overflows in it.
- std::unique_ptr<uint8_t[]> Data(new uint8_t[U.size()]);
- memcpy(Data.get(), U.data(), U.size());
- AssignTaintLabels(Data.get(), U.size());
- CurrentUnitData = Data.get();
- CurrentUnitSize = U.size();
- int Res = CB(Data.get(), U.size());
+ std::unique_ptr<uint8_t[]> DataCopy(new uint8_t[Size]);
+ memcpy(DataCopy.get(), Data, Size);
+ AssignTaintLabels(DataCopy.get(), Size);
+ CurrentUnitData = DataCopy.get();
+ CurrentUnitSize = Size;
+ int Res = CB(DataCopy.get(), Size);
(void)Res;
assert(Res == 0);
CurrentUnitData = nullptr;
@@ -411,24 +411,25 @@ void Fuzzer::Merge(const std::vector<std::string> &Corpora) {
void Fuzzer::MutateAndTestOne() {
MD.StartMutationSequence();
- auto U = ChooseUnitToMutate();
+ auto &U = ChooseUnitToMutate();
+ MutateInPlaceHere.resize(Options.MaxLen);
+ memcpy(MutateInPlaceHere.data(), U.data(), U.size());
+ size_t Size = U.size();
for (int i = 0; i < Options.MutateDepth; i++) {
- size_t Size = U.size();
- U.resize(Options.MaxLen);
size_t NewSize = 0;
if (LLVMFuzzerCustomMutator)
- NewSize = LLVMFuzzerCustomMutator(U.data(), Size, U.size(),
- MD.GetRand().Rand());
+ NewSize = LLVMFuzzerCustomMutator(MutateInPlaceHere.data(), Size,
+ Options.MaxLen, MD.GetRand().Rand());
else
- NewSize = MD.Mutate(U.data(), Size, U.size());
+ NewSize = MD.Mutate(MutateInPlaceHere.data(), Size, Options.MaxLen);
assert(NewSize > 0 && "Mutator returned empty unit");
assert(NewSize <= (size_t)Options.MaxLen &&
"Mutator return overisized unit");
- U.resize(NewSize);
+ Size = NewSize;
if (i == 0)
StartTraceRecording();
- RunOneAndUpdateCorpus(U);
+ RunOneAndUpdateCorpus(MutateInPlaceHere.data(), Size);
StopTraceRecording();
}
}
diff --git a/llvm/lib/Fuzzer/FuzzerMutate.cpp b/llvm/lib/Fuzzer/FuzzerMutate.cpp
index 252955e13e3..bc10f1af49f 100644
--- a/llvm/lib/Fuzzer/FuzzerMutate.cpp
+++ b/llvm/lib/Fuzzer/FuzzerMutate.cpp
@@ -176,7 +176,8 @@ size_t MutationDispatcher::Mutate_CrossOver(uint8_t *Data, size_t Size,
size_t Idx = Rand(Corpus->size());
const Unit &Other = (*Corpus)[Idx];
if (Other.empty()) return 0;
- Unit U(MaxSize);
+ MutateInPlaceHere.resize(MaxSize);
+ auto &U = MutateInPlaceHere;
size_t NewSize =
CrossOver(Data, Size, Other.data(), Other.size(), U.data(), U.size());
assert(NewSize > 0 && "CrossOver returned empty unit");
diff --git a/llvm/lib/Fuzzer/FuzzerUtil.cpp b/llvm/lib/Fuzzer/FuzzerUtil.cpp
index 6484d3750d5..81462a456e1 100644
--- a/llvm/lib/Fuzzer/FuzzerUtil.cpp
+++ b/llvm/lib/Fuzzer/FuzzerUtil.cpp
@@ -93,9 +93,10 @@ int ExecuteCommand(const std::string &Command) {
return system(Command.c_str());
}
-bool ToASCII(Unit &U) {
+bool ToASCII(uint8_t *Data, size_t Size) {
bool Changed = false;
- for (auto &X : U) {
+ for (size_t i = 0; i < Size; i++) {
+ uint8_t &X = Data[i];
auto NewX = X;
NewX &= 127;
if (!isspace(NewX) && !isprint(NewX))
OpenPOWER on IntegriCloud