summaryrefslogtreecommitdiffstats
path: root/llvm/lib/Fuzzer/FuzzerLoop.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'llvm/lib/Fuzzer/FuzzerLoop.cpp')
-rw-r--r--llvm/lib/Fuzzer/FuzzerLoop.cpp40
1 files changed, 18 insertions, 22 deletions
diff --git a/llvm/lib/Fuzzer/FuzzerLoop.cpp b/llvm/lib/Fuzzer/FuzzerLoop.cpp
index ccc05c8b128..7d9f397e45e 100644
--- a/llvm/lib/Fuzzer/FuzzerLoop.cpp
+++ b/llvm/lib/Fuzzer/FuzzerLoop.cpp
@@ -68,10 +68,6 @@ void Fuzzer::SetDeathCallback() {
__sanitizer_set_death_callback(StaticDeathCallback);
}
-void Fuzzer::PrintUnitInASCII(const Unit &U, const char *PrintAfter) {
- PrintASCII(U, PrintAfter);
-}
-
void Fuzzer::StaticDeathCallback() {
assert(F);
F->DeathCallback();
@@ -79,11 +75,12 @@ void Fuzzer::StaticDeathCallback() {
void Fuzzer::DeathCallback() {
Printf("DEATH:\n");
- if (CurrentUnit.size() <= kMaxUnitSizeToPrint) {
- Print(CurrentUnit, "\n");
- PrintUnitInASCII(CurrentUnit, "\n");
+ if (CurrentUnitSize <= kMaxUnitSizeToPrint) {
+ PrintHexArray(CurrentUnitData, CurrentUnitSize, "\n");
+ PrintASCII(CurrentUnitData, CurrentUnitSize, "\n");
}
- WriteUnitToFileWithPrefix(CurrentUnit, "crash-");
+ WriteUnitToFileWithPrefix(
+ {CurrentUnitData, CurrentUnitData + CurrentUnitSize}, "crash-");
}
void Fuzzer::StaticAlarmCallback() {
@@ -102,11 +99,12 @@ void Fuzzer::AlarmCallback() {
Printf("ALARM: working on the last Unit for %zd seconds\n", Seconds);
Printf(" and the timeout value is %d (use -timeout=N to change)\n",
Options.UnitTimeoutSec);
- if (CurrentUnit.size() <= kMaxUnitSizeToPrint) {
- Print(CurrentUnit, "\n");
- PrintUnitInASCII(CurrentUnit, "\n");
+ if (CurrentUnitSize <= kMaxUnitSizeToPrint) {
+ PrintHexArray(CurrentUnitData, CurrentUnitSize, "\n");
+ PrintASCII(CurrentUnitData, CurrentUnitSize, "\n");
}
- WriteUnitToFileWithPrefix(CurrentUnit, "timeout-");
+ WriteUnitToFileWithPrefix(
+ {CurrentUnitData, CurrentUnitData + CurrentUnitSize}, "timeout-");
Printf("==%d== ERROR: libFuzzer: timeout after %d seconds\n", GetPid(),
Seconds);
if (__sanitizer_print_stack_trace)
@@ -163,9 +161,7 @@ void Fuzzer::RereadOutputCorpus() {
if (X.size() > (size_t)Options.MaxLen)
X.resize(Options.MaxLen);
if (UnitHashesAddedToCorpus.insert(Hash(X)).second) {
- CurrentUnit.clear();
- CurrentUnit.insert(CurrentUnit.begin(), X.begin(), X.end());
- if (RunOne(CurrentUnit)) {
+ if (RunOne(X)) {
Corpus.push_back(X);
PrintStats("RELOAD");
}
@@ -188,7 +184,7 @@ void Fuzzer::ShuffleAndMinimize() {
Corpus.begin(), Corpus.end(),
[](const Unit &A, const Unit &B) { return A.size() < B.size(); });
}
- Unit &U = CurrentUnit;
+ Unit U;
for (const auto &C : Corpus) {
for (size_t First = 0; First < 1; First++) {
U.clear();
@@ -247,9 +243,13 @@ void Fuzzer::ExecuteCallback(const Unit &U) {
std::unique_ptr<uint8_t[]> Data(new uint8_t[U.size()]);
memcpy(Data.get(), U.data(), U.size());
AssignTaintLabels(Data.get(), U.size());
+ CurrentUnitData = Data.get();
+ CurrentUnitSize = U.size();
int Res = USF.TargetFunction(Data.get(), U.size());
(void)Res;
assert(Res == 0);
+ CurrentUnitData = nullptr;
+ CurrentUnitSize = 0;
}
size_t Fuzzer::RecordBlockCoverage() {
@@ -387,10 +387,9 @@ void Fuzzer::Merge(const std::vector<std::string> &Corpora) {
}
void Fuzzer::MutateAndTestOne() {
- auto &U = CurrentUnit;
USF.StartMutationSequence();
- U = ChooseUnitToMutate();
+ auto U = ChooseUnitToMutate();
for (int i = 0; i < Options.MutateDepth; i++) {
size_t Size = U.size();
@@ -458,15 +457,12 @@ void Fuzzer::Drill() {
PrintStats("REINIT");
SavedOutputCorpusPath.swap(Options.OutputCorpus);
- for (auto &U : SavedCorpus) {
- CurrentUnit = U;
+ for (auto &U : SavedCorpus)
RunOne(U);
- }
PrintStats("MERGE ");
Options.PrintNEW = true;
size_t NumMerged = 0;
for (auto &U : Corpus) {
- CurrentUnit = U;
if (RunOne(U)) {
PrintStatusForNewUnit(U);
NumMerged++;
OpenPOWER on IntegriCloud